last executing test programs: 14m28.536016535s ago: executing program 32 (id=38): r0 = socket$kcm(0x21, 0x2, 0x2) mmap$IORING_OFF_SQ_RING(0x0, 0xc00000, 0x4000002, 0x14032, 0xffffffffffffffff, 0x0) syz_ublk_add_dev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)) setsockopt$sock_attach_bpf(r0, 0x110, 0x7, 0x0, 0x4) 12m16.105849168s ago: executing program 33 (id=2314): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8001, 0x5, @empty, 0x8}, 0x1c) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000000)=0x80020000, 0x4) listen(r1, 0x2) 12m11.340914305s ago: executing program 34 (id=2364): sched_setscheduler(0x0, 0x5, &(0x7f0000000200)) ioprio_set$uid(0x3, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r1, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4) 9m18.01656298s ago: executing program 2 (id=4712): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0xce22, 0x7f, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xffffffff}, 0x1c) listen(r0, 0x0) 9m17.940536942s ago: executing program 2 (id=4715): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f0000000100)={0x2, 0x100, 0x0, 0x1947, 0x0, 0x42}) 9m16.191073513s ago: executing program 2 (id=4745): r0 = syz_open_procfs(0x0, &(0x7f0000000b40)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) r1 = syz_clone(0x140000, 0x0, 0x4a, 0x0, 0x0, 0x0) syz_open_procfs(r1, &(0x7f0000000000)='auxv\x00') 9m16.124765539s ago: executing program 2 (id=4747): mkdirat(0xffffffffffffff9c, &(0x7f00000007c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x21d000, 0x0) pivot_root(&(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='.\x00') 9m16.028881591s ago: executing program 2 (id=4749): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000180)={{}, {}, [], {0x4, 0x1}, [{0x8, 0x3}], {0x10, 0x3}, {0x20, 0x7}}, 0x2c, 0x3) setreuid(0xffffffffffffffff, 0xee01) mkdirat(0xffffffffffffff9c, &(0x7f00000007c0)='./file0\x00', 0x0) chroot(&(0x7f0000000100)='./file0\x00') 9m15.720746785s ago: executing program 2 (id=4756): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x4, 0x3, 0x2}, 0x18, 0x0) landlock_restrict_self(r0, 0x5) r1 = open(&(0x7f0000000280)='.\x00', 0x80, 0xf1) fcntl$notify(r1, 0x402, 0x8000003d) fcntl$setown(r1, 0x8, 0xffffffffffffffff) 9m15.629766185s ago: executing program 35 (id=4756): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x4, 0x3, 0x2}, 0x18, 0x0) landlock_restrict_self(r0, 0x5) r1 = open(&(0x7f0000000280)='.\x00', 0x80, 0xf1) fcntl$notify(r1, 0x402, 0x8000003d) fcntl$setown(r1, 0x8, 0xffffffffffffffff) 8m52.336313941s ago: executing program 3 (id=5106): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110c230000) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6) poll(&(0x7f0000000040)=[{r1, 0x2}], 0x1, 0x80000000) close(0x3) 8m50.676566617s ago: executing program 3 (id=5113): openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x48c}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) 8m49.484661705s ago: executing program 3 (id=5116): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xd3f, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xc, 0xb}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x18, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS={0x5, 0x3, 0x1}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x7}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x20040054) 8m48.749713134s ago: executing program 3 (id=5120): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'veth1_virt_wifi\x00', 0x0}) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000800)={r1, r2, 0x25, 0x4, @val=@tcx}, 0x1c) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000680)={r3, r4, 0x4, r1}, 0x10) 8m48.011401209s ago: executing program 3 (id=5125): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x18, &(0x7f00000000c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x94) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340)=0xffffffffffffffff, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001840), 0x4) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40186f40, &(0x7f0000000440)=0x10) 8m46.808798867s ago: executing program 3 (id=5127): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) 8m30.982110153s ago: executing program 36 (id=5127): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) 7m59.553795462s ago: executing program 1 (id=5187): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000d80)={0x44, &(0x7f0000000ac0)={0x40, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x80015b1a, 0x0) 7m56.43673141s ago: executing program 1 (id=5191): sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x11, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20000000}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa, 0x0, 0xfffd, 0xfeefffff}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94) 7m53.919143701s ago: executing program 1 (id=5193): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @empty}, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000480)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @rand_addr=0x64010101}, 0x2, 0x1, 0x0, 0x1}}, 0x2e) getsockopt(r2, 0x111, 0x4, 0x0, &(0x7f0000000080)) 7m53.493142731s ago: executing program 1 (id=5195): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040)=0x40, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x56202329, @empty, 0x4000005}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003380)=[{{0x0, 0x0, &(0x7f00000031c0)=[{&(0x7f0000002140)="247cfe07e4a1a49dcad474d2e2ee17b1db603db24183749b30a6cd1428485050b741d412d36f9d51fa8f4af8aa186278e499a33905f1e0be3af365822a4e3b09caddc5a3e2f2ed9bc84874db944c0012e3b0a225a12600687f889a005a5bb0540c33c077ed5cdb4da9786296122c84ed0107ac18cb63713946f8a3d964ee3bd1bb84a3167a7a9236e1a5e68fe2fc727842881ebbacd49e250b42fff6a022fe5e801ca351ee5c590c4f773db428f36c7fa62f4262dc5e00b287fcd803cde51e36e05ceddbb948a829b106ba5b3f1cb1124a2b9627b5bc087b41cb2287e11326d0eaa05c83ac625e72add7b2ce51c5729e80ebe2a659a661091887fa69ee9c5a2dab4d396d02be4d470deaa2189924ee08d8d3907b2ff4d79148e37bb158a53b7d06599ced8860d744c6842b0028d10c338f4f5227f1527f4f651f5250d519d06c7b85c4a3f308b870452f260354554331fc26dec169b72e4a97eacfb2b4a8bf52940e34bcfc9bc1d977bb1bc5ad781d8413019e79fc4f232bfcfd53dbe2066d80e44a3c488933855d7fa40579ae66f13395cfcb2dea0301ecf304956c31411824ce65cc091d2acbb7067e08d7e4e25c857d16b1eb2ad42254e73785f96146fad289af151371517767e791366835e8b5344b70883ea93f77d524a70b5bf4156ecf135c37550572e11ba3d4fdfba24e938ffc9a7a65318d486d72e56ca80b1ddda1498699c1f526c946ada23a7489bc15615bc889a7ee6ba4ccb6e4f1774327e750ad1a7ecb20685c967fea5ce413f6b36ffc7dbf99bcd5209d6366d9bd71a119ce42", 0x241}], 0x1}}], 0x1, 0x4000801) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000020c0)={&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4096, 0x1000, 0x1, 0x0}, &(0x7f0000002100)=0x40) 7m52.153040053s ago: executing program 1 (id=5197): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffff9, 0x7fff, 0xe, "0062007d82000000000000002240f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCINQ(r2, 0x541b, 0x0) 7m51.320923311s ago: executing program 1 (id=5200): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4000, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 7m40.68835819s ago: executing program 8 (id=5217): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24044010) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 7m35.543424186s ago: executing program 37 (id=5200): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4000, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 7m33.376691409s ago: executing program 8 (id=5230): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000001640)=0x8, 0x4) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5) 7m30.585092735s ago: executing program 8 (id=5232): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 7m28.266344654s ago: executing program 8 (id=5236): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x7002}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000600)={'pim6reg1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) pread64(r0, &(0x7f0000002200)=""/87, 0x57, 0xfffd) 7m25.14318865s ago: executing program 8 (id=5240): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = epoll_create1(0x0) pselect6(0x40, &(0x7f00000001c0)={0x7f}, 0x0, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0xa0000001}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x2004}) 7m23.921409981s ago: executing program 8 (id=5242): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x5, &(0x7f0000000700)=ANY=[@ANYBLOB="180500000800000000000000000000008500000075000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="882f1242a03c3f98722780b605a7", 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 7m8.144787122s ago: executing program 38 (id=5242): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x5, &(0x7f0000000700)=ANY=[@ANYBLOB="180500000800000000000000000000008500000075000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="882f1242a03c3f98722780b605a7", 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 3m26.997116507s ago: executing program 7 (id=6146): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x2) sendto$unix(0xffffffffffffffff, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb", 0xd, 0x800, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xfffffffe, 0x8}}]}}]}, 0x48}}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff1, 0x4}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34}]}}]}, 0x68}}, 0x0) 3m26.947635072s ago: executing program 7 (id=6147): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000046682d562c31630100000000000000b52f0d6086e274aa97a91fa46cdcefe7534fda04ca542b4c4904446290f93bce3177127ebc0c24e7e718c0b1da96d9c9fa8e95238403007cb9806b9641253a7b99504c950fcba378fae7ec90b6da825996012194da80cc7621803fe840ccedca203b30524e6258edbfe64d0900cdf79924bfb82ad5cfe25853d4f3a2841f7d7e692bfb1387c1211d00d4cace5a0ae3fad859bc7cb33f20922abe3780b6d07d9dde639e27dc79daef403b188d618ab4928773db8fba724f8d8f46ff88fdf1e61dceef4ac7bb085eb915eb2f14927a5caef0f5224ef0e7219c3fe37b272f27e9aab8a31e258d6c14be1f1a31a8e68d00"/306], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0xa, 0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x98) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x0, 0xffff0000}, 0x48) 3m23.981386292s ago: executing program 7 (id=6169): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000500)={0x2, 0x0, @ioapic={0xfec00000, 0x1, 0x401, 0x7fffffff, 0x0, [{0x7, 0x10, 0xff, '\x00', 0x38}, {0x4, 0xfe, 0x7c, '\x00', 0x31}, {0x5, 0xb3, 0x1, '\x00', 0xd}, {0x5, 0x9, 0x10, '\x00', 0x6}, {0x5, 0x2d, 0x6, '\x00', 0x79}, {0x7, 0x80, 0x0, '\x00', 0x6}, {0x4, 0x8, 0x1, '\x00', 0x45}, {0x52, 0x9, 0x3, '\x00', 0x9}, {0x40, 0x2, 0x73, '\x00', 0xff}, {0x1, 0xb6, 0x89, '\x00', 0x80}, {0x6, 0x8, 0xa0, '\x00', 0x1}, {0x1, 0x1, 0x7, '\x00', 0x4}, {0x8, 0xc, 0x5, '\x00', 0x48}, {0xd, 0x10, 0x8c, '\x00', 0x4}, {0x0, 0xc0, 0x7, '\x00', 0x3}, {0x8, 0x2, 0x4b, '\x00', 0x5}, {0x7, 0x6, 0x8, '\x00', 0x5}, {0x9, 0x0, 0xfa, '\x00', 0x5}, {0x1, 0x3, 0x6, '\x00', 0x6}, {0xf8, 0x8, 0xa, '\x00', 0xf8}, {0x8, 0x1, 0xcc, '\x00', 0xf7}, {0x6, 0x6, 0xfe, '\x00', 0xa}, {0x5, 0x0, 0x3, '\x00', 0x7}, {0x16, 0x81, 0x4, '\x00', 0xff}]}}) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000300)={0x1, 0x0, [{0x40000070, 0x0, 0x400006}]}) 3m23.772649768s ago: executing program 7 (id=6172): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 3m23.715073342s ago: executing program 7 (id=6174): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000180)=0xfffffffa, 0x4) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000280)={0x1d, r3, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmmsg$inet(r1, &(0x7f00000005c0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="3abb87518784cda676", 0x9}], 0x1}}], 0x400015b, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r3, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 3m23.397684954s ago: executing program 7 (id=6176): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) getrlimit(0xd, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x103a42, 0x32) ftruncate(r0, 0x6000000) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, 0x0) socket$packet(0x11, 0x3, 0x300) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xb}, @hci_ev_le_remote_conn_param_req={{}, {0xc8, 0x2, 0x9, 0xd, 0x7}}}}, 0xe) 3m23.246094527s ago: executing program 39 (id=6176): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) getrlimit(0xd, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x103a42, 0x32) ftruncate(r0, 0x6000000) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, 0x0) socket$packet(0x11, 0x3, 0x300) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xb}, @hci_ev_le_remote_conn_param_req={{}, {0xc8, 0x2, 0x9, 0xd, 0x7}}}}, 0xe) 3m2.329643508s ago: executing program 4 (id=6310): r0 = io_uring_setup(0x937, &(0x7f00000002c0)={0x0, 0x32b6, 0x80, 0x0, 0x35d}) mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x91}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r1, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1}) close_range(r0, 0xffffffffffffffff, 0x0) 3m2.303281897s ago: executing program 4 (id=6311): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000140)={0x0, 0x2, 0x6}, &(0x7f0000000180)=0x8) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000340)={0x4, 0x0, [{0xb65, 0x0, 0x20000004}, {0xb55, 0x0, 0x3}, {0x3f6, 0x0, 0x6}, {0x4b564d01, 0x0, 0x200}]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xf3b8, 0x0, 0x8000001000, 0x400, 0x4002004c4, 0x1000, 0x0, 0x97, 0x10, 0x0, 0x3, 0x4], 0xeeee8000, 0x140640}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m2.141507638s ago: executing program 4 (id=6312): writev(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="fa1621878a844dc529467b417031b99a2dce6df9d8b3982500f77fdef9f44f3034af1c999767c59d2accd41bf886e0cffab8d2", 0x33}], 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@newnexthop={0x30, 0x68, 0x1, 0x3, 0x80000000, {}, [@NHA_GROUP={0x4}, @NHA_GATEWAY={0x14, 0x6, @in6_addr=@dev={0xfe, 0x80, '\x00', 0x17}}]}, 0x30}}, 0x40000) r0 = socket(0x11, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'ip6gretap0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec8, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="3b844100d5432f"], 0xdd12}], 0x1}, 0x20040890) 3m2.054475196s ago: executing program 4 (id=6313): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chroot(&(0x7f0000000a40)='./file0\x00') mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000000200)=ANY=[], 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r0, &(0x7f0000002600)=""/4113, 0x1011) 3m1.34751898s ago: executing program 4 (id=6315): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r0 = open(&(0x7f00000002c0)='.\x00', 0x80000, 0x128) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x1c4) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 3m1.170699974s ago: executing program 4 (id=6317): r0 = socket$kcm(0x10, 0x2, 0x0) accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x800) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2}, 0x18) connect$can_j1939(r1, &(0x7f0000000140)={0x1d, r2, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) setsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f00000001c0)=0x1, 0x4) sendmmsg(r1, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) sendmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001206", 0x2e}], 0x1}, 0x0) 2m45.698146122s ago: executing program 40 (id=6317): r0 = socket$kcm(0x10, 0x2, 0x0) accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x800) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2}, 0x18) connect$can_j1939(r1, &(0x7f0000000140)={0x1d, r2, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) setsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f00000001c0)=0x1, 0x4) sendmmsg(r1, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) sendmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001206", 0x2e}], 0x1}, 0x0) 7.561045189s ago: executing program 0 (id=7087): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) rseq(&(0x7f0000000100), 0x66, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000400)={0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(0xffffffffffffffff, 0x410, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) 6.572002838s ago: executing program 0 (id=7090): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(0xffffffffffffffff) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x4004550d, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, &(0x7f0000000100)=""/178, 0xb2) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(r0) syz_usb_connect(0x2, 0x36, &(0x7f0000000200)=ANY=[], 0x0) 5.755385525s ago: executing program 9 (id=7096): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc83a00fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe) 4.524819013s ago: executing program 6 (id=7100): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) r2 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x2e, 0x1, r5}}, 0x40) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.493960445s ago: executing program 9 (id=7101): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$TUNSETDEBUG(r0, 0x400454c9, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) r4 = shmat(r3, &(0x7f0000ff1000/0x3000)=nil, 0x400c) setreuid(0xee01, 0xee01) r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$binder(&(0x7f0000fed000/0x4000)=nil, 0x4000, 0x1, 0x11, r5, 0x0) mremap(&(0x7f0000ff4000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil) shmdt(r4) 4.390877811s ago: executing program 6 (id=7102): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x4}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000481000/0x1000)=nil) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) 4.013930597s ago: executing program 5 (id=7104): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) close(0xffffffffffffffff) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6364, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0x1, 0xb}, {0xffff, 0xfff2}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x4, 0x10, 0x6, 0x8, 0xfbee}, 0x1, 0x0, 0x3, 0x5, 0xe, 0x4, 0xd, 0x18, 0x5, 0x102, {0x6, 0x8, 0xfffffffc, 0x0, 0xffffffff, 0x5}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x240048e4}, 0x4890) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$kcm(0x11, 0x3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000140), 0x4) sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0xa888, r5, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="2703123f590214000600002fb96dbcf706e10500000086ddffff86ddee1611d4b8bf4a31accb", 0xfdef}], 0x1}, 0x0) 3.811861047s ago: executing program 5 (id=7105): openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x4000, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x5) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}, 0x200bac}, {{0x0, 0x0, &(0x7f0000000200), 0x24}, 0x4}], 0x2, 0x60, 0x0) 3.25567239s ago: executing program 6 (id=7106): syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x1, 0x7, 0x28, 0x68, 0x0, 0x2, 0x21, 0x0, @local, @rand_addr=0x64010102, {[@noop, @generic={0x7, 0x2}]}}, {{0x4e21, 0x4e21, 0x4, 0x1, 0x4, 0x0, 0x0, 0x3, 0x6, "3cae65", 0x3, "eb52f1"}}}}}}, 0x0) r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000009800000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000780)="d28a08d988a88d8bf2f08c8288a8", 0x0, 0xd5b4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000002bc0)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa000000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3163, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3}, &(0x7f0000000140), 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0xf, &(0x7f0000001740)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0xaf}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e21, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}, {0xa, 0x4e21, 0x70a, @remote, 0x5}, 0xffffffffffffffff, {[0x80000000, 0x84, 0xa00d, 0x8, 0x10000, 0x9, 0x9, 0x8]}}, 0x5c) syz_emit_ethernet(0x42, &(0x7f0000001180)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd606410a6000c0000fe880000000000000000000000000001fe8000000000000000000000000000aa0000000600000000223427d5"], 0x0) 3.244451639s ago: executing program 9 (id=7107): syz_open_dev$vim2m(0x0, 0x9f08, 0x2) syz_open_procfs(0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) pwritev2(r1, &(0x7f0000000980)=[{&(0x7f0000000500)="be", 0x20013}], 0x1, 0x5, 0xa, 0x14) 3.10440638s ago: executing program 0 (id=7108): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7ffe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1a29d}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffffbb4, 0x5, 0x5, 0x6e0, 0x5}, 0x6}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x884}, 0x40) close(r1) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f00000004c0)=@xdp={0x2c, 0x0, r3, 0x18}, 0x80, &(0x7f00000008c0)=[{&(0x7f00000001c0)="27030200dc0f14000e0005000024c1020000ff84125ce882cbf400930bf4533f00429c65112a093bbf60b85bcb06", 0x2e}], 0x1}, 0x4005) 2.513701482s ago: executing program 9 (id=7109): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301000009210000000122010009058103"], 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10004, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r4 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r4, 0xa) syz_usb_control_io$hid(r0, &(0x7f0000000540)={0x14, 0x0, 0x0, &(0x7f00000000c0), 0x0}, 0x0) 2.395325805s ago: executing program 0 (id=7110): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x0, 0x0, 0x0) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r1 = syz_create_resource$binfmt(&(0x7f0000000000)='./file0\x00') r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x41, 0x1ff) fcntl$setlease(r2, 0x400, 0x1) r3 = landlock_create_ruleset(&(0x7f0000000040)={0x4000, 0x3}, 0x18, 0x0) landlock_restrict_self(r3, 0x0) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000180)={0x80, 0x10002b, 0x4, 0x4}) 2.395179274s ago: executing program 6 (id=7117): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$igmp(0x2, 0x3, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$qrtr(0xffffffffffffffff, 0x0, 0x0) bind$xdp(0xffffffffffffffff, &(0x7f0000000340)={0x2d, 0x0, 0x0, 0x1e}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000a8f000/0x4000)=nil, 0x4000, 0x1000, 0x605ce3068f865364, &(0x7f0000157000/0x1000)=nil) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r2], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) 2.395034331s ago: executing program 5 (id=7111): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r1, &(0x7f0000002900)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000200)="5df2", 0x2}, {&(0x7f0000000300)="77b7", 0x2}], 0x2}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000180)="2bf0", 0x2}, {&(0x7f0000000140)="8843", 0x2}, {&(0x7f0000000480)="764594ba", 0x4}], 0x3}}, {{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000006c0)="85", 0x1}, {&(0x7f0000000780)="0e35", 0x2}, {&(0x7f0000000840)="e3bd", 0x2}, {&(0x7f0000000900)='\v', 0x1}, {&(0x7f0000000940)=']', 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000c40)="aa2d6ea7", 0x4}], 0x1}}, {{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000000d40)="ec71", 0x2}, {&(0x7f0000000240)="a65343", 0x3}, {&(0x7f0000000e40)='-g=', 0x3}, {&(0x7f0000002a80)='\n\"u', 0x3}, {&(0x7f0000000fc0)="ee0c1d4dfaca59a01d9997055f8c334db67d48cabb8808a613758d54333412c384b842619547bd5482b34e97272b53b13c06620fb120ed8871df31e5ba0a6f61e9e6", 0x42}, {&(0x7f00000010c0)="48c6f3d9", 0x4}, {&(0x7f0000001180)="2712", 0x2}], 0x7}}, {{0x0, 0x0, &(0x7f00000026c0)=[{&(0x7f0000001380)="b85f1c", 0x3}, {&(0x7f0000001440)="a51b", 0x2}, {&(0x7f0000001480)="f99d", 0x2}, {&(0x7f0000001540)="ca52045250c08aea22f2c93f4c8d726c7a66888d2731b0258064d9ea32fa709920f4030a858239458ea2d3b13da3d98682feb77389cb6c7fb552fab08fc866985a95e0380383eef017b9741a5379f27486634add919760ebd70ef47c8820cd54d5fd5ad4ef9b8e97547ae723daa5fde4efbbb6c589b51cc23b523ecdd5c20c4c02bcf916b89a7da0bc207054c44440d7df7c71cd1a06e38ac08b04674615de3f5683d0c79e07fae40894c5bdfd454468325d9abbd938e996489f930c3f967d216f358fb42b46640b9b157aa3e2d5ecb4622911b9f39a2ed2d1ba5345d8a378104bc09a2893f74bb9f055bf0b038413730e7589c52e917d47a7722ff237cfe2ba5af8560259aa68b199b57c577709745a5b33b68c4fb3fcb1f7872a0b75fa929022923f97102b0bd2ccfd009e04715557f31744df87c2467e8999cc9720d02895bf5498cdb603242650f653490f3080cd1dd4ee921d7511ce48255ff2321230d13c8c96aeb606371ea266ddabacef4237787f617736dc5fe1364fff5e8cfc52026f37a6124e114ff0972bd48359c931375286501a9e1be13572d2570efcb2d7b465cdeadea07a0e92a965a633cab9a33bfb2f818c5fc0cda4393ad02f1bd50c76286b94f30010217436f5308ca91f5d6cedd8abcd183a3506d5d56d62cf9dba6f40054e1a68ce5d215d361840fccb2547954eb4f6971a1c8f201812470c74c4021ff20511215d0f09805d5807db0e1b2fe0cf602d03ee5f792135d89d3b268daaa43758d4a5db2dc823fb48ee273ed0a958fb3e4f25abf59b699447cc525b7f4a32fd720497f741d2f608aadc0ebd6a49366f102d5e48816d91b84e2824b3594b1f21263e52a76034c11164ab80a57eaa37c519bedf672cb7827b5110a51d89622b7b89e7f97021ed8309003c026683d50126ab30ddba91044392db644bc0628ccd32bf539d8c0bf9eee7edab87ee265e17b0aa7b760066e6a19de22e54970e793955037028ed58221f215eabd518bafc32de311da91dd25dc774c3054fb66b6028e6ef636795dbf126452a32a6107599ebb1d269204b581eac619d5e55db0b7cca661653fe91fe2424e5d50f8c50ddf660b9addf490af357a81369979d59308b656f838c7467f9fa8f9bd8ba7328daf0d4b6f04c6ed3aefe83774121929f4f1c69f223d2467164e5f029a04a5066cf8ebfbcc3a195143fe94526fbe2acf177c5418c7269d8c7fa1b220e0fc532980db57fd5ae76f24f5857bcec1dd9a61335a13d775d29e9eb39f8b582195581fa757c7a6f5b11a93feeab8750a1200d2bfb422a99f4613302e1e1fa96dbea94cc8d7f61bcc4dcc9af5b531e4dda20bdb8c063eaae5e6182ad1e084c7e488e1e96ce87f89acc3a4c87cf8e711f7feba8281b2934d9f0802ff80d6a889bf81ccf80eebde679008e7e48cb4ec47e5426e47dc4da66d59073e42fde028352956718f81706ab4bf37514cc36385ff515f1e599c70562f4adaeef6b7f2a4dd89f13b6fbc51d64103c9cc6a96ecfd0fdfea8582d971bf523d0581accf40b349bb73eecb8e6e56a1de9bbec630184fd0371adbf1569ee80c5cde4ffa51dbf469d2dd6f0c7215894a2ba765837411b50fbab4aebbf43b2ecd7a953511f177b5304db441877bc8d9d7cc683d4de86a38cfd4e6cb10144a87aed74f208eb12e5b4322dafde787431b23ac753aab56f739949bf009dee18aca188fa178329e41d6583f95bc53c63f728036c3ec8ae65a1839d8eeeaca7f8fa038182c6aa6e755298715b82512bfd1c50df09ce3bc1fc51fd630044dd320dbcefa5cc9e1a8a41b935b229dc150adbdc8b115106744a157f9f6581e9ff2771505cafbc1b636cee5659bda1ea0a9f96fae4941256ccc1c8479f10deeeca215bee045373a431a19b9415fa2fa4b8cdc682cdc88cf1a473eaa16dd2fa0c19f734b14b8070e84ceb88256ad313fefd9d0bc9a82ea416eff3fdc5d3b034cb30215286c7172e2ede5232d0b729b51e73c6af1768dd231827ff1e9af294256ee467932580c14e0cf439c477cc2d479fd2808f04643d8f090647d4570baf14d9a1563db5bd24a49f1aa5d09282a90ef298aba397824ffeed67dc80a009825da06efbdda06e852d562902a61b239df310e82124736a5e922c06991afca3399269ad4c6e27b644413dd01ca2f6e7d94e94106ab26f78b482964e76dd600710d2e695d56dc68be972d4b4935261fee8f49f80ceae6aea28e908a232fb5f75d9a8491326c9cbd3d414414ed92c51e3972dae6fb8df426705e1f2edfdef6013692014217da72d585d3c712082756ef40339130530fde0fc3ff684b58324e71b7fc5f897c5a36ebd55dd93826e1d4a9e72c3ebc6f63eb69704b3f4d84c2102ceb5d10e4c0ae2a53a39363ee51c0b5236a9d31126cb4cfe436a7c3a70f5bec27a3dda07b43b6f10c932228eae24061af4388605a0c2aed158789bfcd75bc0218d2df4fab1db5d906e2ca3500c7f58d4a5e4c775172b887a1c34080235b0a633187209a5122cca9e60de509b17187ece2ed0e971e1217d21627d97ecf240903c3fa7d9eb82291753f773cc06bf329343e3016c9822f8cd96caf8283b831934d6fe8cd6a04779c9b1eb6def9476178593d1d15bfa75114319abdca350024b2b29b5e3db0ae07d75cee834a4fc7c2eb625123c46361efd59333eaa64b0bc350115d475ed393a76805a8fb85b59f1a3d97da5bc6acf982ebf8702cfaca9544bb5bc5a7d618d0d22e4430a0ba9e59673e136fdfe5989db128daf6ec72adab2d0bd792431b6ec095a7c987eb352c926f81b28958e3bd7a4c004173e6d491181ace9dacb2904b626f34976e986a7794f0a2c784a434c67c161f3c66e9245ca502a1a4b69cb53abddaa50093c6b41fd3bf92772606011db26a1312fdcefe857e2ec6f897e43a98bc71ed73b46061db291c3d212e64e99719725c09aa3f66033e240d39dc540a1da9300983b1bf74e523e29355773f29dbfc26bec330f7e99f52d901428cd643a0846e439f95dec1a746ca54113020377ec7593eced836bcbf2735a8fbe36e423db0b8cc3e41cb17e18430f97fffec8146d07e8e06b8379c1fd8bec034f574d057df661fa935c1711fb83819c9854882bd146ec654c48ecfd96e286d3f4a01e127b068340e50caa394a5d273eb17c5e44bb1d073a79d87538074c4adf36a75b86d39d472ec26d1b00cb809ff6884c8e15cbac64aae07b9d7a7fc5700dfa2e1c519872a3072dffa5d12be75b7d51f53cdc797629a89373b8a6b2f3f9bba2b03a68c61795b1fa61fe7e977be90664c204484a4d76f02fb4e103f50d52e56040da494b4df5b62fc747466db33b1579828cb6b9061c7bb57024f98402e45d4ec97d97afec8c094d126019b00dab5f42f8b7d51c2ac4059b77f5d80cb4fde281badbeff9158de6e4614f718b25069d72bfa27c46d3d8228ddd45ed013277e5968cd5695be6d09accd9720d38151080d521b3487a8e397aa56fff671446aeab527c2f920c4ebbbb4d81ece97ac599ace631e754317960b67f90715af5805e3d132769977e329e61ca3233ce2aab26c884f2122b1f025dcf319119c55516355b5105ae1c22ed91a8b4ec248211f3a6a70af988a52dabff5275f5298083fba4d5a282ab28e5d4f3c22747c681ccaa0e215131eb120c861bacf068ab0f004365c3d28ec6bb6e3e96ecdab55b5a52ff3aca2fa48d410aad40bb25c20c129698cd867e44d53893635625b720b222357d2a57bdafdb59bd511dbce63cfab7fc9c7d35dd86a2429c3b02004ba295a769d08710c8d0544d861fd6278adac18354ccf9a362b3617d10466c143e852b972c2b68cf59882a942cc7d204a94b72673ac929384e395cbb8e5ec833d891", 0xac1}, {&(0x7f0000002580)="93", 0x1}, {&(0x7f0000002600)="50a2", 0x2}], 0x6}}], 0x6, 0x4000000) setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) 1.937479203s ago: executing program 5 (id=7112): socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet(0x2, 0xa, 0xd) socket$nl_netfilter(0x10, 0x3, 0xc) socket$pptp(0x18, 0x1, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x2000) ioctl$TUNSETNOCSUM(r2, 0xff04, 0x0) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r4, 0x3e8, 0xe, 0x0, &(0x7f0000000000)="c1df07000000d30a298ee68886dd", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 1.744992889s ago: executing program 6 (id=7113): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x7, &(0x7f00000000c0)=0x100, 0x4) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) r1 = epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001}) epoll_wait(r4, &(0x7f0000000340)=[{}], 0x1, 0x1000) 1.385961494s ago: executing program 5 (id=7114): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = userfaultfd(0x1) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x91c6b000) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) readv(r1, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/114, 0x72}], 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000000000/0x800000)=nil, 0x800000}) 1.219146602s ago: executing program 9 (id=7115): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x200000000000004a, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mremap(&(0x7f0000041000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00004c3000/0x2000)=nil) r1 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r1, &(0x7f0000000140)={'full'}, 0xfffffdef) sendmsg$kcm(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000818) sendmmsg$inet(r1, &(0x7f0000003600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000001) setsockopt$sock_attach_bpf(r1, 0x1, 0x7, &(0x7f0000000340), 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) 980.524859ms ago: executing program 9 (id=7116): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_linger(r0, 0x1, 0xd, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x100000000, 0x8, 0x0, 0x3}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000", 0x36}], 0x1) recvmmsg(0xffffffffffffffff, &(0x7f0000007600)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x2000, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) 890.504525ms ago: executing program 0 (id=7118): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = userfaultfd(0x1) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x91c6b000) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) r2 = syz_open_procfs(0x0, &(0x7f0000001040)='net/nf_conntrack_expect\x00') syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), r2) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000000000/0x800000)=nil, 0x800000}) 754.379934ms ago: executing program 5 (id=7119): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x2004c0a0) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) open(0x0, 0x2a5c0, 0x113) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x40000000, 0x2000000}], 0xa0000) socket$unix(0x1, 0x1, 0x0) 570.466508ms ago: executing program 6 (id=7120): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x6}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0x4, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000840)='\'', 0x28}], 0x1}, 0x4) 0s ago: executing program 0 (id=7121): sendmsg$inet(0xffffffffffffffff, &(0x7f0000002980)={0x0, 0x0, &(0x7f00000028c0)=[{&(0x7f0000000300)="9332127926b42d2b8ea6d39a8df04ba91e16056e78", 0x15}], 0x1}, 0x4) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$describe(0x1d, r0, &(0x7f0000000300)=""/182, 0xb6) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0x801, 0xfffffffd, 0x8000000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x404a3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x5084) kernel console output (not intermixed with test programs): s no interface number 0 [ 691.708320][ T5739] usb 11-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 691.713397][ T5739] usb 11-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 691.720985][ T5739] usb 11-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 691.724692][ T5739] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 691.730834][ T5739] usb 11-1: config 0 descriptor?? [ 691.745724][ T5739] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.120/input/input54 [ 692.246931][ T9] usb 11-1: USB disconnect, device number 36 [ 693.607253][ T5592] net_ratelimit: 30 callbacks suppressed [ 693.607266][ T5592] bond2: (slave dummy0): failed to get link speed/duplex [ 693.648905][T21128] ref_ctr increment failed for inode: 0x6e5 offset: 0x7 ref_ctr_offset: 0x80002 of mm: 0xffff88804b8fd940 [ 693.726606][ T5592] bond2: (slave dummy0): failed to get link speed/duplex [ 693.849018][ T5592] bond2: (slave dummy0): failed to get link speed/duplex [ 693.868633][T21137] netlink: 'syz.9.5953': attribute type 1 has an invalid length. [ 693.889942][T21137] 8021q: adding VLAN 0 to HW filter on device bond4 [ 693.919658][T21137] macvlan2: entered promiscuous mode [ 693.922103][T21137] macvlan2: entered allmulticast mode [ 693.927124][T21137] bond4: entered promiscuous mode [ 693.930238][T21137] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 694.176945][T21146] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5956'. [ 694.403218][T21137] bond4: left promiscuous mode [ 694.488477][ T5833] bond2: (slave dummy0): failed to get link speed/duplex [ 694.629090][T21152] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 694.844552][T21156] netlink: 'syz.9.5959': attribute type 4 has an invalid length. [ 694.896969][T21157] netlink: 'syz.9.5959': attribute type 4 has an invalid length. [ 695.210699][T21155] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.333173][T21155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 695.349264][T21155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 696.128657][ T5817] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.134022][ T5817] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.139515][ T5817] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.146451][ T5817] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.092290][T21196] fuse: root generation should be zero [ 697.314091][T21206] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5978'. [ 697.426770][T21213] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5979'. [ 699.749218][T21292] overlayfs: failed to clone upperpath [ 700.095851][T21304] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 700.098479][T21304] overlayfs: failed to set xattr on upper [ 700.100372][T21304] overlayfs: ...falling back to redirect_dir=nofollow. [ 700.102573][T21304] overlayfs: ...falling back to index=off. [ 700.104629][T21304] overlayfs: ...falling back to uuid=null. [ 702.004128][T21317] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6003'. [ 702.091242][T21321] lo: entered promiscuous mode [ 702.092869][T21321] lo: entered allmulticast mode [ 702.098738][T21321] tunl0: entered promiscuous mode [ 702.100441][T21321] tunl0: entered allmulticast mode [ 702.103358][T21321] gre0: entered promiscuous mode [ 702.105050][T21321] gre0: entered allmulticast mode [ 702.114507][T21321] gretap0: entered promiscuous mode [ 702.117892][T21321] gretap0: entered allmulticast mode [ 702.123892][T21321] erspan0: entered promiscuous mode [ 702.132586][T21321] erspan0: entered allmulticast mode [ 702.137557][T21321] ip_vti0: entered promiscuous mode [ 702.142148][T21321] ip_vti0: entered allmulticast mode [ 702.150397][T21321] ip6_vti0: entered promiscuous mode [ 702.153846][T21321] ip6_vti0: entered allmulticast mode [ 702.157143][T21321] sit0: entered promiscuous mode [ 702.158858][T21321] sit0: entered allmulticast mode [ 702.165446][T21321] ip6tnl0: entered promiscuous mode [ 702.168543][T21321] ip6tnl0: entered allmulticast mode [ 702.171181][T21321] ip6gre0: entered promiscuous mode [ 702.173378][T21321] ip6gre0: entered allmulticast mode [ 702.177306][T21321] syz_tun: entered promiscuous mode [ 702.179323][T21321] syz_tun: entered allmulticast mode [ 702.181957][T21321] ip6gretap0: entered promiscuous mode [ 702.183727][T21321] ip6gretap0: entered allmulticast mode [ 702.188000][T21321] bridge0: entered promiscuous mode [ 702.189817][T21321] bridge0: entered allmulticast mode [ 702.192794][T21321] team0: entered promiscuous mode [ 702.194465][T21321] team_slave_0: entered promiscuous mode [ 702.197088][T21321] team_slave_1: entered promiscuous mode [ 702.199183][T21321] team0: entered allmulticast mode [ 702.201469][T21321] team_slave_0: entered allmulticast mode [ 702.204187][T21321] team_slave_1: entered allmulticast mode [ 702.207938][T21321] 8021q: adding VLAN 0 to HW filter on device team0 [ 702.219515][T21321] dummy0: entered promiscuous mode [ 702.221814][T21321] dummy0: entered allmulticast mode [ 702.224951][T21321] batman_adv: batadv0: Interface activated: dummy0 [ 702.228860][T21321] nlmon0: entered promiscuous mode [ 702.231146][T21321] nlmon0: entered allmulticast mode [ 702.234877][T21321] batadv0: entered promiscuous mode [ 702.238388][T21321] batadv0: entered allmulticast mode [ 702.242118][T21321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 702.245926][T21321] vxcan0: entered promiscuous mode [ 702.250079][T21321] vxcan0: entered allmulticast mode [ 702.253749][T21321] vxcan1: entered promiscuous mode [ 702.256142][T21321] vxcan1: entered allmulticast mode [ 702.259918][T21321] veth0: entered promiscuous mode [ 702.262066][T21321] veth0: entered allmulticast mode [ 702.266532][T21321] veth1: entered promiscuous mode [ 702.269956][T21321] veth1: entered allmulticast mode [ 702.307977][T21321] wg0: entered promiscuous mode [ 702.309851][T21321] wg0: entered allmulticast mode [ 702.312990][T21268] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.317980][T21268] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.321709][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.336513][ T5826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.379577][ T5826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.386234][T21321] wg1: entered promiscuous mode [ 702.388345][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.391819][T21268] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.393428][ T41] kauditd_printk_skb: 10 callbacks suppressed [ 702.393441][ T41] audit: type=1804 audit(1782485165.351:3812): pid=21333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.6009" name="file0" dev="tmpfs" ino=1125 res=1 errno=0 [ 702.395605][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.397178][T21321] wg1: entered allmulticast mode [ 702.412613][T21321] wg2: entered promiscuous mode [ 702.412810][T21245] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.414565][T21321] wg2: entered allmulticast mode [ 702.418921][ T40] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.423958][T21321] veth0_to_bridge: entered promiscuous mode [ 702.429700][T21321] veth0_to_bridge: entered allmulticast mode [ 702.890461][T21321] veth1_to_bridge: entered promiscuous mode [ 702.893049][T21321] veth1_to_bridge: entered allmulticast mode [ 702.899290][T21321] veth0_to_bond: entered promiscuous mode [ 702.901837][T21321] veth0_to_bond: entered allmulticast mode [ 702.904498][T21321] bond_slave_0: entered promiscuous mode [ 702.907001][T21321] bond_slave_0: entered allmulticast mode [ 702.909800][T21321] veth1_to_bond: entered promiscuous mode [ 702.911657][T21321] veth1_to_bond: entered allmulticast mode [ 702.915587][T21321] bond_slave_1: entered promiscuous mode [ 702.917633][T21321] bond_slave_1: entered allmulticast mode [ 702.920466][T21321] veth0_to_team: entered promiscuous mode [ 702.923166][T21321] veth0_to_team: entered allmulticast mode [ 702.926787][T21321] veth1_to_team: entered promiscuous mode [ 702.929620][T21321] veth1_to_team: entered allmulticast mode [ 702.933317][T21321] veth0_to_batadv: entered promiscuous mode [ 702.935775][T21321] veth0_to_batadv: entered allmulticast mode [ 702.939836][T21321] batadv_slave_0: entered promiscuous mode [ 702.942159][T21321] batadv_slave_0: entered allmulticast mode [ 702.945287][T21321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 702.948908][T21321] veth1_to_batadv: entered promiscuous mode [ 702.951400][T21321] veth1_to_batadv: entered allmulticast mode [ 702.954301][T21321] batadv_slave_1: entered promiscuous mode [ 702.957172][T21321] batadv_slave_1: entered allmulticast mode [ 702.960156][T21321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 702.963043][T21321] xfrm0: entered promiscuous mode [ 702.965237][T21321] xfrm0: entered allmulticast mode [ 702.967990][T21321] veth0_to_hsr: entered promiscuous mode [ 702.970366][T21321] veth0_to_hsr: entered allmulticast mode [ 702.973289][T21321] hsr_slave_0: entered allmulticast mode [ 702.975935][T21321] veth1_to_hsr: entered promiscuous mode [ 702.978609][T21321] veth1_to_hsr: entered allmulticast mode [ 702.982433][T21321] hsr_slave_1: entered allmulticast mode [ 702.989136][T21328] syz_tun: entered allmulticast mode [ 702.993479][ T102] bridge0: port 1(bridge_slave_0) entered blocking state [ 702.996172][ T102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 703.007938][ T102] bridge0: port 2(bridge_slave_1) entered blocking state [ 703.010671][ T102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 703.031206][T21324] syz_tun: left allmulticast mode [ 703.031330][T21353] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6016'. [ 703.036484][ T5592] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 703.045315][T21353] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6016'. [ 703.130667][T21357] netlink: 'syz.0.6018': attribute type 1 has an invalid length. [ 703.149836][T21357] 8021q: adding VLAN 0 to HW filter on device bond3 [ 703.180768][T21357] bond3: (slave syz_tun): Enslaving as a backup interface with an up link [ 703.291914][T21362] fuse: fd is not a fuse device [ 703.580518][T21377] fuse: Bad value for 'fd' [ 703.749926][T21349] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 703.752592][T21349] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 703.754775][T21349] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 703.760287][T21349] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 703.763647][T21349] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 703.802407][T21379] fuse: fd is not a fuse device [ 703.919434][T21388] netlink: 'syz.6.6030': attribute type 1 has an invalid length. [ 703.938608][T21385] kvm: kvm [21384]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0x60000000000 [ 703.961379][T21388] 8021q: adding VLAN 0 to HW filter on device bond3 [ 704.015878][T21385] kvm: kvm [21384]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0x60000000000 [ 704.070399][T21385] kvm: kvm [21384]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0x60000000000 [ 704.255109][T21388] vlan3: entered allmulticast mode [ 704.256788][T21388] bond0: entered allmulticast mode [ 704.264358][T21388] bond3: (slave vlan3): Enslaving as an active interface with a down link [ 704.701386][T21419] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6039'. [ 705.686488][ T5741] Bluetooth: hci3: command 0x0c1a tx timeout [ 705.775420][T20428] Bluetooth: hci4: command 0x0406 tx timeout [ 705.779522][ T5741] Bluetooth: hci1: command 0x0406 tx timeout [ 706.250539][T21453] netlink: 'syz.9.6052': attribute type 1 has an invalid length. [ 706.299917][T21453] 8021q: adding VLAN 0 to HW filter on device bond5 [ 706.400636][T21453] bond5: (slave geneve2): making interface the new active one [ 706.405832][T21453] bond5: (slave geneve2): Enslaving as an active interface with an up link [ 706.412632][ T5817] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.423773][ T5817] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.431869][ T5817] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.441343][ T5817] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.736973][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 707.429599][T21486] kvm: kvm [21485]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0x60000000000 [ 707.512069][T21486] kvm: kvm [21485]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0x60000000000 [ 707.589830][T21486] kvm: kvm [21485]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0x60000000000 [ 707.689549][T21268] net_ratelimit: 16 callbacks suppressed [ 707.689568][T21268] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 707.700634][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 707.704456][ T5826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 707.731335][ T5739] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 707.846506][ T5741] Bluetooth: hci1: command 0x0406 tx timeout [ 707.848948][T20428] Bluetooth: hci4: command 0x0406 tx timeout [ 707.940550][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 707.947776][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 708.976560][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 708.983339][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 709.138959][ T41] audit: type=1326 audit(1782485172.101:3813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21525 comm="syz.6.6075" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70befec code=0x0 [ 709.610335][ T102] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 709.677884][T19664] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 712.182250][T21560] tipc: Enabling of bearer rejected, failed to enable media [ 712.823161][T18328] net_ratelimit: 14 callbacks suppressed [ 712.823219][T18328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 713.139076][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 713.149969][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 713.846511][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 713.857055][ T1484] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 714.086502][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 714.166912][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 714.172123][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 714.906512][ T1484] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 715.206628][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 715.210038][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 715.300205][T21662] netlink: 96 bytes leftover after parsing attributes in process `syz.7.6122'. [ 715.459465][T21664] netlink: 'syz.7.6123': attribute type 1 has an invalid length. [ 715.528240][T21664] 8021q: adding VLAN 0 to HW filter on device bond4 [ 715.648380][T21664] bond4: (slave geneve2): making interface the new active one [ 715.653961][T21664] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 716.957117][T21694] netlink: 'syz.7.6132': attribute type 39 has an invalid length. [ 717.355562][T21697] overlayfs: failed to clone upperpath [ 717.887993][T21703] netlink: 'syz.0.6135': attribute type 1 has an invalid length. [ 717.909763][T21703] 8021q: adding VLAN 0 to HW filter on device bond4 [ 717.953783][T21703] bond4: (slave geneve2): making interface the new active one [ 717.958833][T21703] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 717.963008][ T5833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 717.985172][T18822] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 717.993619][T18822] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.001783][T18822] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.267398][ T1484] net_ratelimit: 7 callbacks suppressed [ 718.267466][ T1484] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 718.326863][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 718.331087][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 718.496800][T21717] kvm: apic: phys broadcast and lowest prio [ 718.959713][T21722] netlink: 24 bytes leftover after parsing attributes in process `syz.7.6143'. [ 719.053080][T21726] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6146'. [ 719.305029][T18328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 719.368955][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 719.387210][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 719.926590][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 720.433035][T21740] bridge0: port 2(bridge_slave_1) entered disabled state [ 720.435536][T21740] bridge0: port 1(bridge_slave_0) entered disabled state [ 720.459091][T21740] batman_adv: batadv0: Interface deactivated: dummy0 [ 720.554875][T21740] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 720.565017][T21740] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 720.934026][T21754] Invalid source name [ 720.935331][T21754] UBIFS error (pid: 21754): cannot open "./file0", error -22 [ 720.980933][T21758] fuse: fd is not a fuse device [ 721.011726][T21760] netlink: 64 bytes leftover after parsing attributes in process `syz.9.6162'. [ 722.237621][T21783] kvm: apic: phys broadcast and lowest prio [ 722.637338][T17749] bridge0: port 3(syz_tun) entered disabled state [ 722.669418][T17749] syz_tun (unregistering): left promiscuous mode [ 722.674528][T17749] bridge0: port 3(syz_tun) entered disabled state [ 722.737037][T21797] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 722.799775][T21798] erspan0: entered promiscuous mode [ 722.801975][T21798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6175'. [ 723.052559][ T5741] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 723.063045][ T5741] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 723.068676][ T5741] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 723.084205][ T5741] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 723.087893][ T5741] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 723.766037][T21841] x_tables: ip_tables: osf match: only valid for protocol 6 [ 723.774961][T21805] bridge0: port 1(bridge_slave_0) entered blocking state [ 723.777372][T21805] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.780036][T21805] bridge_slave_0: entered allmulticast mode [ 723.784979][T21805] bridge_slave_0: entered promiscuous mode [ 723.788436][T21843] fuse: fd is not a fuse device [ 723.790658][T21805] bridge0: port 2(bridge_slave_1) entered blocking state [ 723.793042][T21805] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.795732][T21805] bridge_slave_1: entered allmulticast mode [ 723.799566][T21805] bridge_slave_1: entered promiscuous mode [ 723.828099][T21805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 723.834013][T21805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 723.857331][T21805] team0: Port device team_slave_0 added [ 723.860470][T21805] team0: Port device team_slave_1 added [ 723.880629][T21805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 723.883147][T21805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 723.892077][T21805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 723.896662][T21805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 723.898916][T21805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 723.908985][T21805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 723.921015][T21845] netlink: 'syz.9.6186': attribute type 2 has an invalid length. [ 723.937776][T21805] hsr_slave_0: entered promiscuous mode [ 723.940412][T21805] hsr_slave_1: entered promiscuous mode [ 723.977428][T21845] : entered promiscuous mode [ 725.126477][ T5741] Bluetooth: hci2: command tx timeout [ 725.236156][T21805] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 725.250075][T21805] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 725.255215][T21805] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 725.258495][T21887] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6193'. [ 725.278462][T21805] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 725.282240][T21805] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 725.310729][T21805] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 725.315602][T21805] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 725.343298][T21805] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 725.505077][T21805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 725.517559][T21805] 8021q: adding VLAN 0 to HW filter on device team0 [ 725.525246][T21273] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.527437][T21273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 725.543858][T21273] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.546120][T21273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 726.285225][T21931] overlayfs: failed to clone upperpath [ 726.493442][T21944] netlink: 4595 bytes leftover after parsing attributes in process `syz.9.6201'. [ 726.504903][T21944] netlink: 4595 bytes leftover after parsing attributes in process `syz.9.6201'. [ 726.534467][T21946] fuse: fd is not a fuse device [ 726.591883][T21949] netlink: 'syz.9.6203': attribute type 1 has an invalid length. [ 726.618996][T21949] 8021q: adding VLAN 0 to HW filter on device bond6 [ 726.711033][T21955] netlink: 'syz.9.6203': attribute type 10 has an invalid length. [ 726.721205][T21955] netlink: 40 bytes leftover after parsing attributes in process `syz.9.6203'. [ 726.841779][T21949] bond2: (slave dummy0): Removing an active aggregator [ 726.900582][T21949] bond2: (slave dummy0): Releasing backup interface [ 726.951887][T21949] bond6: (slave dummy0): Enslaving as a backup interface with an up link [ 726.965431][T21955] dummy0: entered promiscuous mode [ 726.974910][T21955] bond6: (slave dummy0): Releasing backup interface [ 727.209962][ T5741] Bluetooth: hci2: command tx timeout [ 727.272542][T21805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 727.552223][T21805] veth0_vlan: entered promiscuous mode [ 727.562852][T21805] veth1_vlan: entered promiscuous mode [ 727.611597][T21805] veth0_macvtap: entered promiscuous mode [ 727.616096][T21805] veth1_macvtap: entered promiscuous mode [ 727.626074][T21805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 727.638217][T21805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 727.648631][ T5592] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.651877][ T5592] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.654987][ T5592] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.674385][ T5592] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.856805][T21273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 727.864926][T21273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 727.908775][T21273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 727.914907][T21273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 727.922679][T21805] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:106: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 728.039707][T21992] fuse: fd is not a fuse device [ 729.256679][ T5739] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 729.288089][ T5741] Bluetooth: hci2: command tx timeout [ 729.418094][ T5739] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 729.422472][ T5739] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 729.430876][ T5739] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 729.440707][ T5739] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 729.451816][ T5739] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.466123][T22021] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 729.478247][ T5739] hub 5-1:1.0: bad descriptor, ignoring hub [ 729.484542][ T5739] hub 5-1:1.0: probe with driver hub failed with error -5 [ 729.497341][ T5739] cdc_wdm 5-1:1.0: skipping garbage [ 729.502533][ T5739] cdc_wdm 5-1:1.0: skipping garbage [ 729.510095][ T5739] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 729.519804][ T5739] cdc_wdm 5-1:1.0: Unknown control protocol [ 729.762016][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 729.764810][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 729.768024][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 729.770918][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 729.773703][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 729.776463][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 729.779125][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 730.554895][ T5739] usb 5-1: USB disconnect, device number 4 [ 730.696442][ T5739] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 730.847857][ T5739] usb 5-1: config 0 has no interfaces? [ 730.852310][ T5739] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 730.855343][ T5739] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 730.859361][ T5739] usb 5-1: config 0 descriptor?? [ 731.078445][T22073] fuse: fd is not a fuse device [ 731.366899][ T5741] Bluetooth: hci2: command tx timeout [ 731.572997][ T41] audit: type=1800 audit(1782485194.531:3814): pid=22080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.6238" name="nullb0" dev="tmpfs" ino=1588 res=0 errno=0 [ 732.087764][ T5739] usb 5-1: USB disconnect, device number 5 [ 733.529340][T22098] bond5: entered allmulticast mode [ 733.576895][T22098] macvlan2: entered promiscuous mode [ 733.579230][T22098] macvlan2: entered allmulticast mode [ 733.582225][T22098] bond5: (slave macvlan2): Opening slave failed [ 733.863080][T22105] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6248'. [ 735.919719][ T41] audit: type=1804 audit(1782485198.881:3815): pid=22147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.6259" name="/newroot/961/file0" dev="tmpfs" ino=5084 res=1 errno=0 [ 737.816455][T22182] IPVS: length: 218 != 24 [ 738.193279][T22190] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6273'. [ 738.212923][T22190] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 738.732440][T22195] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6274'. [ 738.987404][T22204] netlink: 'syz.9.6278': attribute type 39 has an invalid length. [ 739.599221][ T41] audit: type=1326 audit(1782485202.561:3816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22217 comm="syz.9.6282" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6ffefec code=0x0 [ 740.516270][ T5739] usb 9-1: new high-speed USB device number 16 using dummy_hcd [ 740.676861][ T5739] usb 9-1: Using ep0 maxpacket: 32 [ 740.682032][ T5739] usb 9-1: config index 0 descriptor too short (expected 156, got 27) [ 740.685026][ T5739] usb 9-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 740.690251][ T5739] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 740.696768][ T5739] usb 9-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 740.703482][ T5739] usb 9-1: config 0 interface 0 has no altsetting 0 [ 740.707279][ T5739] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 740.711674][ T5739] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 740.716774][ T5739] usb 9-1: Product: syz [ 740.720534][ T5739] usb 9-1: Manufacturer: syz [ 740.726261][ T5739] usb 9-1: SerialNumber: syz [ 740.729589][ T5739] usb 9-1: config 0 descriptor?? [ 740.737349][ T5739] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 740.745873][ T5739] ldusb 9-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 740.940926][T22238] tipc: Started in network mode [ 740.943094][T22238] tipc: Node identity ac14140f, cluster identity 4711 [ 740.946569][T22238] tipc: New replicast peer: 255.255.255.255 [ 740.949248][T22238] tipc: Enabled bearer , priority 10 [ 741.251943][T22250] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6294'. [ 741.362788][T11569] usb 9-1: USB disconnect, device number 16 [ 741.365345][ C0] ldusb 9-1:0.0: usb_submit_urb failed (-19) [ 741.369223][T22226] ldusb 9-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 741.388409][T22251] ldusb 9-1:0.0: Couldn't submit HID_REQ_SET_REPORT -19 [ 741.395404][T11569] ldusb 9-1:0.0: LD USB Device #0 now disconnected [ 741.456920][T22256] fuse: fd is not a fuse device [ 741.550130][T22259] input: syz1 as /devices/virtual/input/input55 [ 741.690885][T22265] fuse: fd is not a fuse device [ 742.066289][ T5739] tipc: Node number set to 2886997007 [ 742.675775][T22283] bridge_slave_1: left allmulticast mode [ 742.679051][T22283] bridge_slave_1: left promiscuous mode [ 742.681822][T22283] bridge0: port 2(bridge_slave_1) entered disabled state [ 742.750876][T22283] bond0: (slave bond_slave_0): Releasing backup interface [ 742.774828][T22283] bond0: (slave bond_slave_1): Releasing backup interface [ 742.797502][T22283] team0: Port device team_slave_0 removed [ 742.814904][T22283] team0: Port device team_slave_1 removed [ 742.820147][T22283] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 742.828482][T22283] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 742.887023][T22284] team0: Mode changed to "loadbalance" [ 744.141219][T22301] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 744.671269][T22281] Set syz1 is full, maxelem 65536 reached [ 746.635065][T22347] bond3: (slave syz_tun): Removing an active aggregator [ 746.644160][T22347] bond3: (slave syz_tun): Releasing backup interface [ 746.698490][T22347] bridge_slave_0: left allmulticast mode [ 746.704988][T22347] bridge_slave_0: left promiscuous mode [ 746.711649][T22347] bridge0: port 1(bridge_slave_0) entered disabled state [ 746.719962][T22347] bridge_slave_1: left allmulticast mode [ 746.722060][T22347] bridge_slave_1: left promiscuous mode [ 746.723917][T22347] bridge0: port 2(bridge_slave_1) entered disabled state [ 746.738904][T22347] bond0: (slave bond_slave_0): Releasing backup interface [ 746.744523][T22347] bond0: (slave bond_slave_1): Releasing backup interface [ 746.751284][T22347] team0: Port device team_slave_0 removed [ 746.756630][T22347] team0: Port device team_slave_1 removed [ 746.759320][T22347] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 746.763083][T22347] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 746.782959][T22348] team0: Mode changed to "loadbalance" [ 747.063391][T22358] overlayfs: failed to clone upperpath [ 747.639241][T22374] infiniband syz0: set down [ 747.641852][T22374] infiniband syz0: added bond_slave_0 [ 747.654157][T22374] smbdirect: ib_dev[syz0]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000 [ 747.658818][T22374] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32 [ 747.663880][T22374] smbdirect: ib_dev[syz0]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005 [ 747.778505][T22374] RDS/IB: syz0: added [ 747.782079][T22374] smc: adding ib device syz0 with port count 1 [ 747.785310][T22374] smc: ib device syz0 port 1 has no pnetid [ 748.128353][T22381] netlink: 'syz.0.6341': attribute type 1 has an invalid length. [ 748.163560][T22381] 8021q: adding VLAN 0 to HW filter on device bond6 [ 748.246644][T22381] bond6: (slave veth9): Enslaving as an active interface with a down link [ 748.267851][T22383] erspan0: left promiscuous mode [ 748.334504][T22383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 748.341958][T22383] 8021q: adding VLAN 0 to HW filter on device team0 [ 748.359730][T22383] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 748.421455][T22383] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 748.426248][T22383] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 748.436573][T22383] veth1_vlan: left promiscuous mode [ 748.439730][T22383] veth0_vlan: left promiscuous mode [ 748.443533][T22383] veth0_vlan: entered promiscuous mode [ 748.450859][T22383] veth1_vlan: entered promiscuous mode [ 748.457488][T22383] veth1_macvtap: left promiscuous mode [ 748.460671][T22383] veth0_macvtap: left promiscuous mode [ 748.463735][T22383] veth0_macvtap: entered promiscuous mode [ 748.469415][T22383] veth1_macvtap: entered promiscuous mode [ 748.476936][T22383] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 748.480818][T22383] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 748.484680][T22383] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 748.497281][T22383] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 748.501739][T22383] mac80211_hwsim hwsim24 wlan1: left promiscuous mode [ 748.506371][T22383] 8021q: adding VLAN 0 to HW filter on device bond1 [ 748.515434][T22383] 8021q: adding VLAN 0 to HW filter on device bond2 [ 748.525113][T22383] bond5: left allmulticast mode [ 748.527593][T22383] 8021q: adding VLAN 0 to HW filter on device bond5 [ 748.548950][T22381] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 748.553841][T22381] bond6: (slave batadv1): making interface the new active one [ 748.562050][T22381] batadv1: entered promiscuous mode [ 748.564873][T22381] bond6: (slave batadv1): Enslaving as an active interface with an up link [ 748.701070][T18820] bond6: (slave veth9): link status definitely up, 10000 Mbps full duplex [ 748.904286][T18820] nci: nci_rx_work: unknown MT 0x1 [ 749.698694][T22408] fuse: fd is not a fuse device [ 749.732528][T22410] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6349'. [ 749.735996][T22410] netlink: 'syz.9.6349': attribute type 7 has an invalid length. [ 749.738678][T22410] netlink: 'syz.9.6349': attribute type 8 has an invalid length. [ 749.741554][T22410] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6349'. [ 749.751507][T22410] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6349'. [ 749.754648][T22410] netlink: 'syz.9.6349': attribute type 7 has an invalid length. [ 749.757568][T22410] netlink: 'syz.9.6349': attribute type 8 has an invalid length. [ 749.760929][T22410] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6349'. [ 749.864495][T22412] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6350'. [ 750.092805][T22418] netlink: 'syz.9.6353': attribute type 1 has an invalid length. [ 750.107919][T22418] 8021q: adding VLAN 0 to HW filter on device bond7 [ 750.143345][T22418] bond7: (slave veth13): Enslaving as an active interface with a down link [ 750.199856][T22418] 8021q: adding VLAN 0 to HW filter on device bond0 [ 750.202868][T22418] 8021q: adding VLAN 0 to HW filter on device team0 [ 750.206312][T22418] dummy0: left promiscuous mode [ 750.213198][T22418] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 750.250875][T22418] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 750.255121][T22418] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 750.259515][T22418] hsr0: left promiscuous mode [ 750.263291][T22418] veth1_vlan: left promiscuous mode [ 750.266936][T22418] veth0_vlan: left promiscuous mode [ 750.269633][T22418] veth0_vlan: entered promiscuous mode [ 750.272536][T22418] veth1_vlan: entered promiscuous mode [ 750.277832][T22418] veth1_macvtap: left promiscuous mode [ 750.281489][T22418] veth0_macvtap: left promiscuous mode [ 750.284559][T22418] veth0_macvtap: entered promiscuous mode [ 750.289191][T22418] veth1_macvtap: entered promiscuous mode [ 750.294400][T22418] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 750.297445][T22418] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 750.300256][T22418] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 750.303106][T22418] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 750.307436][T22418] bond1: left promiscuous mode [ 750.309324][T22418] gre1: left promiscuous mode [ 750.327324][T22418] 8021q: adding VLAN 0 to HW filter on device bond1 [ 750.331374][T22418] 8021q: adding VLAN 0 to HW filter on device bond2 [ 750.362134][T22418] 8021q: adding VLAN 0 to HW filter on device bond3 [ 750.362680][ T5592] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 750.370336][T22418] 8021q: adding VLAN 0 to HW filter on device bond4 [ 750.450899][T22423] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 750.454562][T22423] bond7: (slave batadv1): making interface the new active one [ 750.457941][T22423] batadv1: entered promiscuous mode [ 750.459997][T22423] bond7: (slave batadv1): Enslaving as an active interface with an up link [ 750.497879][T18820] bond2: (slave veth3): link status definitely up, 10000 Mbps full duplex [ 750.503881][T18820] bond2: active interface up! [ 750.510947][ T5817] bond7: (slave veth13): link status definitely up, 10000 Mbps full duplex [ 751.832111][T22393] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 751.847808][ T1437] ieee802154 phy0 wpan0: encryption failed: -22 [ 751.849869][ T1437] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.750992][T22450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6363'. [ 754.449597][T22479] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6372'. [ 754.712643][T22486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6376'. [ 754.716889][ T5739] hid_parser_main: 14 callbacks suppressed [ 754.716905][ T5739] hid-generic 0005:0010:10000.0035: unknown main item tag 0x0 [ 754.723448][ T5739] hid-generic 0005:0010:10000.0035: unknown main item tag 0x0 [ 754.727520][ T5739] hid-generic 0005:0010:10000.0035: unknown main item tag 0x0 [ 754.730686][ T5739] hid-generic 0005:0010:10000.0035: unknown main item tag 0x0 [ 754.733717][ T5739] hid-generic 0005:0010:10000.0035: unknown main item tag 0x0 [ 754.737418][ T5739] hid-generic 0005:0010:10000.0035: unknown main item tag 0x0 [ 754.740555][ T5739] hid-generic 0005:0010:10000.0035: unknown main item tag 0x0 [ 754.743864][ T5739] hid-generic 0005:0010:10000.0035: unknown main item tag 0x0 [ 754.748706][ T5739] hid-generic 0005:0010:10000.0035: unknown main item tag 0x0 [ 754.751961][ T5739] hid-generic 0005:0010:10000.0035: unknown main item tag 0x0 [ 754.768482][ T5739] hid-generic 0005:0010:10000.0035: hidraw1: BLUETOOTH HID v0.02 Device [syz1] on syz0 [ 754.848328][T22491] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6378'. [ 754.876471][T22491] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6378'. [ 754.880332][T22491] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6378'. [ 754.966444][ T40] usb 11-1: new full-speed USB device number 37 using dummy_hcd [ 755.120902][ T40] usb 11-1: unable to get BOS descriptor or descriptor too short [ 755.127179][ T40] usb 11-1: no configurations [ 755.128795][ T40] usb 11-1: can't read configurations, error -22 [ 757.842061][T22551] tipc: Failed to remove unknown binding: 66,0,0/2099199:1419178672/1419178673 [ 757.849580][T22551] tipc: Failed to remove unknown binding: 66,0,0/2099199:1419178672/1419178673 [ 758.074725][T22568] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 758.398245][T22572] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6405'. [ 758.932549][T18820] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 758.937818][T18820] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 758.940839][T18820] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 758.944215][T18820] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 759.177657][T22587] syzkaller0: entered promiscuous mode [ 759.179970][T22587] syzkaller0: entered allmulticast mode [ 760.700481][T20428] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 760.716815][T20428] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 760.738396][T20428] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 760.743820][T20428] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 760.750462][T20428] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 761.585219][ T40] usb 11-1: new full-speed USB device number 39 using dummy_hcd [ 761.754783][ T40] usb 11-1: config 0 has no interfaces? [ 761.759816][ T40] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 761.763647][ T40] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 761.767365][ T40] usb 11-1: Product: syz [ 761.769173][ T40] usb 11-1: Manufacturer: syz [ 761.771189][ T40] usb 11-1: SerialNumber: syz [ 761.790741][ T40] usb 11-1: config 0 descriptor?? [ 762.903891][T20428] Bluetooth: hci3: command tx timeout [ 763.735123][T18820] batadv1: left promiscuous mode [ 763.824925][ T5836] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 763.983060][ T5817] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.994998][ T5836] usb 5-1: Using ep0 maxpacket: 16 [ 764.002335][ T5836] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 764.008401][ T5836] usb 5-1: config 0 has no interface number 0 [ 764.010307][ T5836] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 764.014191][ T5836] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 764.019011][ T5836] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 764.022003][ T5836] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 764.024455][ T5836] usb 5-1: Product: syz [ 764.026261][ T5836] usb 5-1: SerialNumber: syz [ 764.029799][ T5836] usb 5-1: config 0 descriptor?? [ 764.035667][ T5836] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 764.038862][ T5836] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input56 [ 764.155349][ T5817] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 764.303260][ T5817] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 764.310074][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 764.310475][T16343] usb 5-1: USB disconnect, device number 6 [ 764.312200][ C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 764.329535][T16343] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 764.399425][ T40] usb 11-1: USB disconnect, device number 39 [ 764.523672][ T5817] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 764.555592][T22595] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.558442][T22595] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.560733][T22595] bridge_slave_0: entered allmulticast mode [ 764.563493][T22595] bridge_slave_0: entered promiscuous mode [ 764.567070][T22595] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.569571][T22595] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.572190][T22595] bridge_slave_1: entered allmulticast mode [ 764.576891][T22595] bridge_slave_1: entered promiscuous mode [ 764.606778][T22595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 764.622110][T22595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 764.651755][T22595] team0: Port device team_slave_0 added [ 764.655111][T22595] team0: Port device team_slave_1 added [ 764.668508][T22595] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 764.670653][T22595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 764.679001][T22595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 764.683591][T22595] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 764.686001][T22595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 764.694499][T22595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 764.762101][T22595] hsr_slave_0: entered promiscuous mode [ 764.764410][T22595] hsr_slave_1: entered promiscuous mode [ 764.767055][T22595] debugfs: 'hsr0' already exists in 'hsr' [ 764.768912][T22595] Cannot create hsr debugfs directory [ 764.841054][ T5817] bridge_slave_1: left allmulticast mode [ 764.842851][ T5817] bridge_slave_1: left promiscuous mode [ 764.844853][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.850317][ T5817] bridge_slave_0: left allmulticast mode [ 764.852153][ T5817] bridge_slave_0: left promiscuous mode [ 764.854025][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.965851][T20428] Bluetooth: hci3: command tx timeout [ 765.078456][ T5817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 765.113386][ T5817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 765.125738][T22630] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6422'. [ 765.129571][ T5817] bond0 (unregistering): Released all slaves [ 765.243417][T22630] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6422'. [ 765.257096][T22630] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6422'. [ 765.609700][ T5450] 8021q: adding VLAN 0 to HW filter on device eth2 [ 765.933551][ T5450] 8021q: adding VLAN 0 to HW filter on device eth4 [ 766.132439][ T5450] 8021q: adding VLAN 0 to HW filter on device eth3 [ 766.183368][ T5817] hsr_slave_0: left promiscuous mode [ 766.192080][ T5817] hsr_slave_1: left promiscuous mode [ 766.200902][ T5817] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 766.211621][ T5817] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 766.223071][ T5817] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 766.226962][ T5817] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 766.246353][ T5817] veth1_macvtap: left promiscuous mode [ 766.249298][ T5817] veth0_macvtap: left promiscuous mode [ 766.251831][ T5817] veth1_vlan: left promiscuous mode [ 766.261473][ T5817] veth0_vlan: left promiscuous mode [ 766.824963][ T5817] team0 (unregistering): Port device team_slave_1 removed [ 766.853498][ T5817] team0 (unregistering): Port device team_slave_0 removed [ 767.049422][T20428] Bluetooth: hci3: command tx timeout [ 767.458781][T22669] netlink: 24 bytes leftover after parsing attributes in process `syz.9.6428'. [ 767.714344][T22669] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6428'. [ 768.195079][T22595] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 768.215762][T22595] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 768.219869][T22595] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 768.226422][T22595] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 768.231237][T22595] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 768.239681][T22595] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 768.247992][T22595] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 768.255205][T22595] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 768.345266][T22595] 8021q: adding VLAN 0 to HW filter on device bond0 [ 768.377113][T22595] 8021q: adding VLAN 0 to HW filter on device team0 [ 768.396925][T21273] bridge0: port 1(bridge_slave_0) entered blocking state [ 768.399903][T21273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 768.410547][T21273] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.413521][T21273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 768.476916][T22678] netlink: 16186 bytes leftover after parsing attributes in process `syz.9.6430'. [ 769.091602][T22595] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 769.099360][ T5450] 8021q: adding VLAN 0 to HW filter on device eth5 [ 769.128953][T20428] Bluetooth: hci3: command tx timeout [ 769.456936][T22730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6436'. [ 769.568114][T22595] veth0_vlan: entered promiscuous mode [ 769.576649][T22595] veth1_vlan: entered promiscuous mode [ 769.606199][T22595] veth0_macvtap: entered promiscuous mode [ 769.612768][T22595] veth1_macvtap: entered promiscuous mode [ 769.639277][T22595] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 769.649214][T22595] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 769.659901][ T5817] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.666396][ T5817] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.673471][ T5817] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.102314][ T5817] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.374009][T21273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 770.404649][T21273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 770.425219][T21273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 770.428054][T21273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 771.012944][T22774] netlink: 144 bytes leftover after parsing attributes in process `syz.0.6444'. [ 771.680882][T22790] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6450'. [ 772.252027][T22793] netlink: 'syz.9.6451': attribute type 11 has an invalid length. [ 772.423541][T22798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 772.427600][T22798] 8021q: adding VLAN 0 to HW filter on device team0 [ 772.433858][T22798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 772.546573][T22798] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 772.550809][T22798] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 772.562235][T22798] veth1_vlan: left promiscuous mode [ 772.569709][T22798] veth0_vlan: left promiscuous mode [ 772.573289][T22798] veth0_vlan: entered promiscuous mode [ 772.576934][T22798] veth1_vlan: entered promiscuous mode [ 772.583738][T22798] veth1_macvtap: left promiscuous mode [ 772.588612][T22798] veth0_macvtap: left promiscuous mode [ 772.591762][T22798] veth0_macvtap: entered promiscuous mode [ 772.597797][T22798] veth1_macvtap: entered promiscuous mode [ 772.653268][T22798] 8021q: adding VLAN 0 to HW filter on device bond1 [ 772.659496][T22798] 8021q: adding VLAN 0 to HW filter on device bond2 [ 772.709816][T22798] 8021q: adding VLAN 0 to HW filter on device bond3 [ 772.722952][T22798] 8021q: adding VLAN 0 to HW filter on device bond4 [ 772.729043][T22798] 8021q: adding VLAN 0 to HW filter on device bond5 [ 772.756093][T22798] 8021q: adding VLAN 0 to HW filter on device bond6 [ 772.763139][T22798] 8021q: adding VLAN 0 to HW filter on device bond7 [ 772.770129][T22798] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 772.774285][T22798] 8021q: adding VLAN 0 to HW filter on device eth0 [ 772.787821][T22798] 8021q: adding VLAN 0 to HW filter on device eth1 [ 772.796364][T22798] 8021q: adding VLAN 0 to HW filter on device eth2 [ 772.811752][T22798] 8021q: adding VLAN 0 to HW filter on device eth3 [ 772.992014][ T5833] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.037124][T22811] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 773.300295][T22827] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6459'. [ 773.417240][ T5833] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.474610][ T5833] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 774.251450][ T5833] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 775.335301][ T5833] batadv1: left promiscuous mode [ 776.160717][T22874] netlink: 'syz.5.6468': attribute type 4 has an invalid length. [ 776.254881][T22878] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6469'. [ 776.257815][T22878] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6469'. [ 776.904253][ T40] usb 11-1: new low-speed USB device number 40 using dummy_hcd [ 777.055996][ T40] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 777.062628][ T40] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 777.075080][ T40] usb 11-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 777.082909][ T40] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 777.099267][ T40] usb 11-1: config 0 descriptor?? [ 777.527685][ T40] aquacomputer_d5next 0003:0C70:F0B6.0036: hidraw1: USB HID v0.00 Device [HID 0c70:f0b6] on usb-dummy_hcd.6-1/input0 [ 778.485605][T22922] fuse: fd is not a fuse device [ 778.824506][ T40] usb 11-1: reset low-speed USB device number 40 using dummy_hcd [ 779.794847][T22949] netlink: 'syz.6.6491': attribute type 2 has an invalid length. [ 779.797862][T22949] netlink: 'syz.6.6491': attribute type 2 has an invalid length. [ 780.485537][ T5739] usb 11-1: USB disconnect, device number 40 [ 780.716258][T22969] kernel profiling enabled (shift: 9) [ 780.908234][T22976] fuse: fd is not a fuse device [ 781.685824][T22988] netlink: 'syz.6.6503': attribute type 1 has an invalid length. [ 781.698890][T22988] 8021q: adding VLAN 0 to HW filter on device bond4 [ 781.988424][T22988] veth0_to_bond: left promiscuous mode [ 781.990875][T22988] veth0_to_bond: left allmulticast mode [ 781.997077][T22988] bond4: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 782.076919][T22992] macvlan3: entered promiscuous mode [ 782.079155][T22992] macvlan3: entered allmulticast mode [ 782.081906][T22992] bond4: entered promiscuous mode [ 782.084658][T22992] veth0_to_bond: entered promiscuous mode [ 782.087262][T22992] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 782.090600][T22992] bond4: left promiscuous mode [ 782.092388][T22992] veth0_to_bond: left promiscuous mode [ 782.255089][T22997] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6506'. [ 782.370815][T22997] netlink: 36 bytes leftover after parsing attributes in process `syz.6.6506'. [ 782.486143][T20428] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 782.486233][ T5741] Bluetooth: hci2: command 0x1003 tx timeout [ 782.651443][T23005] ip6gretap0: left promiscuous mode [ 782.653680][T23005] ip6gretap0: left allmulticast mode [ 782.657487][T23005] netlink: 136 bytes leftover after parsing attributes in process `syz.6.6509'. [ 782.853943][ T5739] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 783.014706][ T5739] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 783.017697][ T5739] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 783.020180][ T5739] usb 5-1: Product: syz [ 783.021515][ T5739] usb 5-1: Manufacturer: syz [ 783.023044][ T5739] usb 5-1: SerialNumber: syz [ 783.340994][T23023] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6514'. [ 783.347751][T23023] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6514'. [ 783.608723][ T5739] rtl8150 5-1:1.0: couldn't reset the device [ 783.610820][ T5739] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5 [ 783.616106][ T5739] usb 5-1: USB disconnect, device number 7 [ 783.884016][T23030] uprobe: syz.9.6517:23030 failed to unregister, leaking uprobe [ 783.889501][T23030] uprobe: syz.9.6517:23030 failed to unregister, leaking uprobe [ 784.186448][T23038] kvm: pic: non byte write [ 784.197504][T23041] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6520'. [ 785.571427][T23054] fuse: fd is not a fuse device [ 785.601244][T23056] netlink: 64 bytes leftover after parsing attributes in process `syz.6.6526'. [ 785.626012][T23056] syzkaller1: entered promiscuous mode [ 785.628342][T23056] syzkaller1: entered allmulticast mode [ 786.771464][T23076] netlink: 'syz.9.6534': attribute type 1 has an invalid length. [ 786.790608][T23076] bond8: entered promiscuous mode [ 786.792776][T23076] 8021q: adding VLAN 0 to HW filter on device bond8 [ 786.917967][T23076] bond8: (slave bridge4): making interface the new active one [ 786.921234][T23076] bridge4: entered promiscuous mode [ 786.934782][T23076] bridge4: left promiscuous mode [ 787.317456][T23079] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6535'. [ 787.324143][T23079] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6535'. [ 787.326995][T23079] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6535'. [ 787.330112][T23079] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6535'. [ 787.333275][T23079] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6535'. [ 787.337027][T23079] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6535'. [ 787.339904][T23079] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6535'. [ 787.702071][T23088] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000 [ 787.835159][ T41] audit: type=1804 audit(1782485250.804:3817): pid=23086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.6538" name="/newroot/271/file0" dev="tmpfs" ino=1422 res=1 errno=0 [ 787.840677][T23086] ref_ctr increment failed for inode: 0x58e offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff8880296c2640 [ 787.868560][T23082] uprobe: syz.0.6538:23082 failed to unregister, leaking uprobe [ 788.273321][T23111] 8021q: adding VLAN 0 to HW filter on device bond7 [ 788.434152][ T41] audit: type=1326 audit(1782485251.404:3818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23116 comm="syz.6.6548" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70befec code=0x7fc00000 [ 789.151794][T23111] bond7: (slave ip6gretap1): making interface the new active one [ 789.161385][T23111] bond7: (slave ip6gretap1): Enslaving as an active interface with an up link [ 791.324245][ T41] audit: type=1326 audit(1782485254.294:3819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23116 comm="syz.6.6548" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70befec code=0x7fc00000 [ 793.808499][T23224] binder: 23223:23224 ioctl c0306201 80000040 returned -14 [ 794.374117][T23237] syz.0.6578: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 794.381778][T23237] CPU: 0 UID: 0 PID: 23237 Comm: syz.0.6578 Tainted: G L syzkaller #0 PREEMPT(full) [ 794.381800][T23237] Tainted: [L]=SOFTLOCKUP [ 794.381804][T23237] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 794.381812][T23237] Call Trace: [ 794.381817][T23237] [ 794.381821][T23237] dump_stack_lvl+0x100/0x190 [ 794.381856][T23237] warn_alloc.cold+0x94/0xa8 [ 794.381870][T23237] ? __pfx_warn_alloc+0x10/0x10 [ 794.381885][T23237] ? kasan_save_stack+0x3f/0x50 [ 794.381901][T23237] ? __kmalloc_cache_noprof+0x2e5/0x6c0 [ 794.381913][T23237] ? xskq_create+0x52/0x1d0 [ 794.381932][T23237] ? xsk_setsockopt+0x743/0xab0 [ 794.381943][T23237] ? do_sock_setsockopt+0xf3/0x1d0 [ 794.381957][T23237] ? __sys_setsockopt+0x119/0x190 [ 794.381974][T23237] ? __ia32_sys_setsockopt+0xbc/0x160 [ 794.381991][T23237] ? __do_fast_syscall_32+0xe7/0x970 [ 794.382008][T23237] ? do_fast_syscall_32+0x32/0x70 [ 794.382030][T23237] ? xskq_create+0xfb/0x1d0 [ 794.382049][T23237] __vmalloc_node_range_noprof+0x136c/0x1630 [ 794.382081][T23237] ? xskq_create+0xfb/0x1d0 [ 794.382104][T23237] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 794.382132][T23237] ? kasan_save_track+0x14/0x30 [ 794.382149][T23237] ? __kasan_kmalloc+0xaa/0xb0 [ 794.382164][T23237] ? __kmalloc_cache_noprof+0x2e5/0x6c0 [ 794.382176][T23237] ? xskq_create+0xfb/0x1d0 [ 794.382188][T23237] vmalloc_user_noprof+0x9e/0xe0 [ 794.382206][T23237] ? xskq_create+0xfb/0x1d0 [ 794.382219][T23237] xskq_create+0xfb/0x1d0 [ 794.382232][T23237] xsk_setsockopt+0x743/0xab0 [ 794.382244][T23237] ? __pfx_aa_sk_perm+0x10/0x10 [ 794.382262][T23237] ? __pfx_xsk_setsockopt+0x10/0x10 [ 794.382274][T23237] ? find_held_lock+0x2b/0x80 [ 794.382291][T23237] ? aa_sock_opt_perm+0xfe/0x1b0 [ 794.382309][T23237] ? __pfx_xsk_setsockopt+0x10/0x10 [ 794.382323][T23237] do_sock_setsockopt+0xf3/0x1d0 [ 794.382339][T23237] __sys_setsockopt+0x119/0x190 [ 794.382360][T23237] __ia32_sys_setsockopt+0xbc/0x160 [ 794.382377][T23237] ? __do_fast_syscall_32+0x98/0x970 [ 794.382393][T23237] ? lockdep_hardirqs_on+0x78/0x100 [ 794.382408][T23237] __do_fast_syscall_32+0xe7/0x970 [ 794.382431][T23237] do_fast_syscall_32+0x32/0x70 [ 794.382447][T23237] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 794.382463][T23237] RIP: 0023:0xf7f55fec [ 794.382479][T23237] Code: Unable to access opcode bytes at 0xf7f55fc2. [ 794.382484][T23237] RSP: 002b:00000000f541650c EFLAGS: 00000292 ORIG_RAX: 000000000000016e [ 794.382495][T23237] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b [ 794.382502][T23237] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004 [ 794.382508][T23237] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 794.382515][T23237] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 794.382522][T23237] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 794.382538][T23237] [ 794.382543][T23237] Mem-Info: [ 794.512598][T23237] active_anon:11509 inactive_anon:3115 isolated_anon:0 [ 794.512598][T23237] active_file:3061 inactive_file:21618 isolated_file:0 [ 794.512598][T23237] unevictable:1768 dirty:349 writeback:0 [ 794.512598][T23237] slab_reclaimable:6982 slab_unreclaimable:77126 [ 794.512598][T23237] mapped:27068 shmem:11623 pagetables:1717 [ 794.512598][T23237] sec_pagetables:316 bounce:0 [ 794.512598][T23237] kernel_misc_reclaimable:0 [ 794.512598][T23237] free:29793 free_pcp:10730 free_cma:0 [ 794.525427][T23239] batman_adv: batadv0: Adding interface: gretap2 [ 794.528743][T23237] Node 0 active_anon:48kB inactive_anon:116kB active_file:4kB inactive_file:600kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:28kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8704kB pagetables:1232kB sec_pagetables:1108kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 794.532084][T23239] batman_adv: batadv0: The MTU of interface gretap2 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 794.543754][T23237] Node 1 active_anon:45988kB inactive_anon:12344kB active_file:12240kB inactive_file:85872kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:108244kB dirty:1392kB writeback:0kB shmem:42956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8808kB pagetables:5536kB sec_pagetables:156kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 794.555999][T23239] batman_adv: batadv0: Interface activated: gretap2 [ 794.577335][T23237] Node 0 DMA free:2132kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:28kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 794.590044][T23237] lowmem_reserve[]: 0 283 283 283 283 [ 794.592431][T23237] Node 0 DMA32 free:28996kB boost:29380kB min:42440kB low:45704kB high:48968kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:116kB active_file:4kB inactive_file:600kB unevictable:3536kB writepending:4kB zspages:1184kB present:1032196kB managed:290788kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:0kB free_cma:0kB [ 794.606030][T23237] lowmem_reserve[]: 0 0 0 0 0 [ 794.608152][T23237] Node 1 DMA32 free:88556kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:45088kB inactive_anon:12344kB active_file:12240kB inactive_file:85872kB unevictable:3536kB writepending:1392kB zspages:4860kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:44460kB local_pcp:14512kB free_cma:0kB [ 794.623042][T23237] lowmem_reserve[]: 0 0 0 0 0 [ 794.625569][T23237] Node 0 DMA: 39*4kB (UM) 5*8kB (UM) 3*16kB (M) 5*32kB (UM) 1*64kB (M) 1*128kB (M) 0*256kB 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 2132kB [ 794.648666][T23237] Node 0 DMA32: 999*4kB (UME) 351*8kB (UME) 127*16kB (UME) 228*32kB (UME) 63*64kB (UM) 33*128kB (UM) 14*256kB (UM) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 28996kB [ 794.662094][T23237] Node 1 DMA32: 294*4kB (ME) 129*8kB (ME) 148*16kB (UME) 148*32kB (UME) 71*64kB (UME) 16*128kB (UME) 19*256kB (UME) 21*512kB (UE) 20*1024kB (UME) 12*2048kB (UME) 3*4096kB (UM) = 88864kB [ 794.669605][T23237] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 794.673826][T23237] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 794.677769][T23237] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 794.681876][T23237] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 794.687001][T23237] 36806 total pagecache pages [ 794.689071][T23237] 506 pages in swap cache [ 794.690985][T23237] Free swap = 74656kB [ 794.692927][T23237] Total swap = 124996kB [ 794.695354][T23237] 524155 pages RAM [ 794.696974][T23237] 0 pages HighMem/MovableOnly [ 794.699116][T23237] 210565 pages reserved [ 794.700870][T23237] 0 pages cma reserved [ 795.600775][T23259] netlink: 'syz.9.6584': attribute type 1 has an invalid length. [ 795.637321][T23259] 8021q: adding VLAN 0 to HW filter on device bond9 [ 795.806331][T23262] netlink: 'syz.9.6584': attribute type 10 has an invalid length. [ 795.815261][T23262] netlink: 40 bytes leftover after parsing attributes in process `syz.9.6584'. [ 797.172916][T23267] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6586'. [ 797.425994][T23273] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6589'. [ 797.497002][T23259] bond9: (slave veth15): Enslaving as an active interface with a down link [ 797.532184][T23275] netlink: 'syz.6.6589': attribute type 10 has an invalid length. [ 797.536266][T23275] netlink: 40 bytes leftover after parsing attributes in process `syz.6.6589'. [ 797.551917][T23261] bond9: (slave dummy0): making interface the new active one [ 797.566535][T23261] bond9: (slave dummy0): Enslaving as an active interface with an up link [ 797.570039][T23262] dummy0: entered promiscuous mode [ 797.577801][T23262] bond9: (slave dummy0): Releasing active interface [ 797.860127][T23274] dummy0: left promiscuous mode [ 797.874401][T23274] dummy0: left allmulticast mode [ 797.881618][T23274] batman_adv: batadv0: Removing interface: dummy0 [ 797.908414][T23274] bridge3: port 1(dummy0) entered blocking state [ 797.917183][T23274] bridge3: port 1(dummy0) entered disabled state [ 797.929150][T23274] dummy0: entered allmulticast mode [ 797.935082][T23274] dummy0: entered promiscuous mode [ 797.966687][T23275] bridge3: port 1(dummy0) entered blocking state [ 797.972393][T23275] bridge3: port 1(dummy0) entered forwarding state [ 797.984186][T23275] dummy0: left allmulticast mode [ 797.992733][T23275] bridge3: port 1(dummy0) entered disabled state [ 801.090908][T23314] tipc: Started in network mode [ 801.095836][T23314] tipc: Node identity 7f000001, cluster identity 4711 [ 801.103737][T23314] tipc: Enabled bearer , priority 10 [ 801.154699][T23326] mac80211_hwsim hwsim15 syzkaller0: entered promiscuous mode [ 801.162987][T23326] mac80211_hwsim hwsim15 syzkaller0: entered allmulticast mode [ 801.183978][T23326] tipc: Enabled bearer , priority 0 [ 803.138065][ T5889] tipc: Node number set to 2130706433 [ 803.389764][T23374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6618'. [ 803.405262][T23374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6618'. [ 803.421075][T23374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6618'. [ 803.433277][T23374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6618'. [ 805.267768][ T10] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 805.352252][T23411] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6631'. [ 805.443178][ T10] usb 10-1: Using ep0 maxpacket: 8 [ 805.448938][ T10] usb 10-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 805.457456][ T10] usb 10-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 805.466392][ T10] usb 10-1: config 0 interface 0 has no altsetting 0 [ 805.473893][ T10] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 805.483277][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 805.496529][ T10] usb 10-1: config 0 descriptor?? [ 806.015298][ T10] hid_parser_main: 21 callbacks suppressed [ 806.015320][ T10] mcp2221 0003:04D8:00DD.0037: unknown main item tag 0x0 [ 806.021207][ T10] mcp2221 0003:04D8:00DD.0037: unknown main item tag 0x0 [ 806.027988][ T10] mcp2221 0003:04D8:00DD.0037: unknown main item tag 0x0 [ 806.032122][ T10] mcp2221 0003:04D8:00DD.0037: unknown main item tag 0x0 [ 806.035453][ T10] mcp2221 0003:04D8:00DD.0037: unknown main item tag 0x0 [ 806.039200][ T10] mcp2221 0003:04D8:00DD.0037: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 806.176289][ T5889] usb 10-1: USB disconnect, device number 2 [ 808.286101][T23440] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6639'. [ 809.426508][T23443] netlink: 'syz.0.6642': attribute type 11 has an invalid length. [ 810.185094][T23456] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap3 [ 810.193126][T23456] batman_adv: batadv0: Adding interface: gretap3 [ 810.195812][T23456] batman_adv: batadv0: The MTU of interface gretap3 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 810.206519][T23456] batman_adv: batadv0: Interface activated: gretap3 [ 810.618232][T23462] random: crng reseeded on system resumption [ 810.792471][T23462] Restarting kernel threads ... [ 810.808330][T23462] Done restarting kernel threads. [ 811.103340][T23477] netlink: 24 bytes leftover after parsing attributes in process `syz.9.6652'. [ 811.231247][T23479] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6655'. [ 811.477928][T23488] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6655'. [ 813.297730][ T1437] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.302301][ T1437] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.258471][T23505] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6665'. [ 814.542560][T23505] 8021q: adding VLAN 0 to HW filter on device bond9 [ 814.760518][T23505] bond9 (unregistering): Released all slaves [ 822.998650][T23598] netlink: 'syz.0.6698': attribute type 11 has an invalid length. [ 823.189803][T23603] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 823.849874][T23606] bridge0: port 2(bridge_slave_1) entered disabled state [ 823.853101][T23606] bridge0: port 1(bridge_slave_0) entered disabled state [ 823.944048][T23606] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 823.953162][T23606] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 824.075559][ T5833] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 824.078642][ T5833] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 824.084926][ T5833] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 824.088544][ T5833] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 824.264175][T23619] netlink: 24 bytes leftover after parsing attributes in process `syz.9.6704'. [ 824.575821][T23621] ªªªªªª: renamed from vlan0 [ 824.909545][ T41] audit: type=1804 audit(1782485287.876:3820): pid=23629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.6707" name="bus" dev="ramfs" ino=108554 res=1 errno=0 [ 824.927505][ T41] audit: type=1804 audit(1782485287.876:3821): pid=23629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.6707" name="bus" dev="ramfs" ino=108554 res=1 errno=0 [ 825.532417][T23637] netlink: 'syz.0.6711': attribute type 11 has an invalid length. [ 825.573697][T23637] 8021q: adding VLAN 0 to HW filter on device bond7 [ 825.578450][T23637] 8021q: adding VLAN 0 to HW filter on device bond8 [ 825.584774][ T5836] dummy0: entered promiscuous mode [ 826.955685][T23668] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 826.962868][T23668] netlink: 'syz.6.6719': attribute type 10 has an invalid length. [ 826.966062][T23668] lo: left promiscuous mode [ 826.968896][T23668] tunl0: left promiscuous mode [ 826.974252][T23668] gre0: left promiscuous mode [ 826.978852][T23668] gretap0: left promiscuous mode [ 826.982660][T23668] erspan0: left promiscuous mode [ 826.985245][T23668] ip_vti0: left promiscuous mode [ 826.987563][T23668] ip6_vti0: left promiscuous mode [ 826.990073][T23668] sit0: left promiscuous mode [ 826.994618][T23668] ip6tnl0: left promiscuous mode [ 826.996938][T23668] ip6gre0: left promiscuous mode [ 826.999230][T23668] syz_tun: left promiscuous mode [ 827.003574][T23668] bridge0: left promiscuous mode [ 827.005854][T23668] team0: left promiscuous mode [ 827.008143][T23668] 8021q: adding VLAN 0 to HW filter on device team0 [ 827.010735][T23668] dummy0: left promiscuous mode [ 827.015443][T23668] nlmon0: left promiscuous mode [ 827.018198][T23668] batadv0: left promiscuous mode [ 827.021088][T23668] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 827.025668][T23668] vxcan0: left promiscuous mode [ 827.027909][T23668] vxcan1: left promiscuous mode [ 827.030157][T23668] veth0: left promiscuous mode [ 827.036757][T23668] veth1: left promiscuous mode [ 827.043958][T23668] wg0: left promiscuous mode [ 827.047388][T23668] wg1: left promiscuous mode [ 827.051227][T23668] wg2: left promiscuous mode [ 827.055107][T23668] veth0_to_bridge: left promiscuous mode [ 827.058257][T23668] veth1_to_bridge: left promiscuous mode [ 827.062910][T23668] bond_slave_0: left promiscuous mode [ 827.066744][T23668] veth1_to_bond: left promiscuous mode [ 827.069269][T23668] bond_slave_1: left promiscuous mode [ 827.071883][T23668] veth0_to_team: left promiscuous mode [ 827.074280][T23668] team_slave_0: left promiscuous mode [ 827.076653][T23668] veth1_to_team: left promiscuous mode [ 827.079061][T23668] team_slave_1: left promiscuous mode [ 827.082622][T23668] veth0_to_batadv: left promiscuous mode [ 827.086192][T23668] batadv_slave_0: left promiscuous mode [ 827.089417][T23668] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 827.093357][T23668] veth1_to_batadv: left promiscuous mode [ 827.096736][T23668] batadv_slave_1: left promiscuous mode [ 827.099866][T23668] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 827.103521][T23668] xfrm0: left promiscuous mode [ 827.106394][T23668] veth0_to_hsr: left promiscuous mode [ 827.109329][T23668] veth1_to_hsr: left promiscuous mode [ 827.113050][T23668] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 827.116397][T23668] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 827.131821][T23668] veth1_vlan: left promiscuous mode [ 827.140832][T23668] veth0_vlan: left promiscuous mode [ 827.144382][T23668] veth0_vlan: entered promiscuous mode [ 827.150902][T23668] veth1_vlan: entered promiscuous mode [ 827.164399][T23668] veth1_macvtap: left promiscuous mode [ 827.173502][T23668] veth0_macvtap: left promiscuous mode [ 827.182746][T23668] veth0_macvtap: entered promiscuous mode [ 827.188828][T23668] veth1_macvtap: entered promiscuous mode [ 827.206774][T23668] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 827.229725][ T10] batman_adv: batadv0: Interface activated: vlan2 [ 827.237537][T21259] bridge0: port 1(bridge_slave_0) entered blocking state [ 827.239762][T21259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 827.251504][ T5888] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 827.259837][T21259] bridge0: port 2(bridge_slave_1) entered blocking state [ 827.262462][T21259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 827.433579][T18820] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.439757][T18820] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.443983][T11340] syz0: Port: 1 Link ACTIVE [ 827.454390][T18820] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.460299][T18820] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.842396][T23676] gretap1: entered promiscuous mode [ 827.845810][T23676] batman_adv: batadv0: Adding interface: gretap1 [ 827.848524][T23676] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1532. [ 827.860056][T23676] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 827.922721][ T13] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 828.241815][ T9] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 828.827133][T23691] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 828.836877][T23691] Error validating options; rc = [-22] [ 828.963921][ T13] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 828.970080][ T13] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 829.214144][ T9] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 829.654879][T23716] usb 1-1: USB disconnect, device number 3 [ 829.660716][T23718] fuse: fd is not a fuse device [ 830.085862][ T41] audit: type=1326 audit(1782485293.056:3822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23729 comm="syz.6.6739" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70befec code=0x7ffc0000 [ 830.099314][ T41] audit: type=1326 audit(1782485293.056:3823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23729 comm="syz.6.6739" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70bf017 code=0x7ffc0000 [ 830.116392][ T41] audit: type=1326 audit(1782485293.056:3824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23729 comm="syz.6.6739" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70befec code=0x7ffc0000 [ 830.127363][ T41] audit: type=1326 audit(1782485293.056:3825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23729 comm="syz.6.6739" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70bf017 code=0x7ffc0000 [ 830.138720][ T41] audit: type=1326 audit(1782485293.056:3826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23729 comm="syz.6.6739" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70befec code=0x7ffc0000 [ 830.150884][ T41] audit: type=1326 audit(1782485293.056:3827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23729 comm="syz.6.6739" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70bf017 code=0x7ffc0000 [ 830.176329][ T41] audit: type=1326 audit(1782485293.056:3828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23729 comm="syz.6.6739" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70befec code=0x7ffc0000 [ 830.186457][ T41] audit: type=1326 audit(1782485293.056:3829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23729 comm="syz.6.6739" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70bf017 code=0x7ffc0000 [ 830.194974][ T41] audit: type=1326 audit(1782485293.056:3830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23729 comm="syz.6.6739" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70befec code=0x7ffc0000 [ 830.202447][ T41] audit: type=1326 audit(1782485293.056:3831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23729 comm="syz.6.6739" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70bf017 code=0x7ffc0000 [ 833.131491][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 833.262115][T23752] bond5: (slave ip6gretap1): making interface the new active one [ 833.265143][T23752] bond5: (slave ip6gretap1): Enslaving as an active interface with an up link [ 833.687854][T23763] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 834.643223][T23773] bond9: (slave geneve3): Enslaving as an active interface with an up link [ 834.647971][ T5817] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 834.653815][ T5817] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 834.657342][ T5817] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 834.729800][T23773] bond9 (unregistering): (slave geneve3): Releasing backup interface [ 834.744642][T23773] bond9 (unregistering): Released all slaves [ 834.767428][ T5817] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 834.771932][ T5817] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 834.775551][ T5817] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 836.327425][T23803] netlink: 'syz.0.6760': attribute type 10 has an invalid length. [ 836.357642][T23803] 8021q: adding VLAN 0 to HW filter on device team0 [ 836.366100][T23803] bond0: (slave team0): Enslaving as an active interface with an up link [ 839.097271][T23831] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6768'. [ 842.080822][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 842.827973][T23887] netlink: 'syz.5.6777': attribute type 13 has an invalid length. [ 842.891272][T11340] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 842.904184][T23887] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6777'. [ 843.041978][T11340] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 843.045385][T11340] usb 5-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 843.049454][T11340] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 843.057040][T11340] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 843.062302][T11340] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 843.065768][T11340] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 843.070383][T11340] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 843.073544][T11340] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 843.076076][T11340] usb 5-1: Product: syz [ 843.077464][T11340] usb 5-1: Manufacturer: syz [ 843.085212][T23883] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 843.088626][T11340] cdc_wdm 5-1:1.0: skipping garbage [ 843.090685][T11340] cdc_wdm 5-1:1.0: skipping garbage [ 843.096738][T11340] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 843.098657][T11340] cdc_wdm 5-1:1.0: Unknown control protocol [ 843.310480][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 843.313518][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 843.316466][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 843.319009][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 843.321595][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 843.324108][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 843.326561][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 843.329093][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 843.331609][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 843.334127][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 843.336664][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 843.339357][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 843.341987][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 843.344486][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 843.347093][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 843.349716][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 843.352448][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 843.355179][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 843.357921][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 843.360560][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 843.513937][T18328] usb 5-1: USB disconnect, device number 8 [ 843.513942][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 843.724030][ T41] kauditd_printk_skb: 13360 callbacks suppressed [ 843.724048][ T41] audit: type=1326 audit(1782485306.687:17192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23903 comm="syz.9.6782" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6ffefec code=0x0 [ 843.876832][ T41] audit: type=1326 audit(1782485306.827:17193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23906 comm="syz.6.6784" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70befec code=0x0 [ 844.054728][T23916] netlink: 'syz.0.6785': attribute type 4 has an invalid length. [ 844.078571][T23916] netlink: 'syz.0.6785': attribute type 4 has an invalid length. [ 844.660185][T23921] fuse: fd is not a fuse device [ 844.767093][T23925] fuse: fd is not a fuse device [ 846.528741][T23949] lo: Caught tx_queue_len zero misconfig [ 846.641574][T23955] netlink: 'syz.5.6798': attribute type 12 has an invalid length. [ 846.950823][T23958] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 847.063437][T23958] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 847.197560][T23958] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 847.381165][T23958] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 847.528261][ T5592] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 847.738063][ T5592] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 847.806306][ T5592] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 847.853241][ T5592] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 848.469206][T23970] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 848.599993][T23970] kvm: pic: level sensitive irq not supported [ 848.608948][T23970] kvm: pic: non byte read [ 848.624225][T23970] kvm: pic: level sensitive irq not supported [ 848.627024][T23970] kvm: pic: non byte read [ 848.645657][T23970] kvm: pic: level sensitive irq not supported [ 848.645999][T23970] kvm: pic: non byte read [ 848.673044][T23970] kvm: pic: level sensitive irq not supported [ 848.673363][T23970] kvm: pic: non byte read [ 848.687526][T23970] kvm: pic: level sensitive irq not supported [ 848.690204][T23970] kvm: pic: non byte read [ 848.715204][T23970] kvm: pic: level sensitive irq not supported [ 848.718532][T23970] kvm: pic: non byte read [ 848.786761][T23970] kvm: pic: level sensitive irq not supported [ 848.787142][T23970] kvm: pic: non byte read [ 849.390604][ T41] audit: type=1804 audit(1782485312.347:17194): pid=23981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.6806" name="/newroot/90/file0" dev="fuse" ino=1 res=1 errno=0 [ 850.909606][ T41] audit: type=1804 audit(1782485313.867:17195): pid=23994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.6809" name="/newroot/1119/file0" dev="fuse" ino=1 res=1 errno=0 [ 851.607091][T24000] netlink: 'syz.5.6812': attribute type 1 has an invalid length. [ 851.643141][T23999] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 851.647447][T23999] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.694014][T24000] 8021q: adding VLAN 0 to HW filter on device bond1 [ 851.697291][T24003] bond1: entered promiscuous mode [ 851.729622][T24000] bond1: (slave dummy0): making interface the new active one [ 851.734963][T24000] dummy0: entered promiscuous mode [ 851.742538][T24000] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 851.824336][T24000] bond1 (unregistering): (slave dummy0): Releasing active interface [ 851.828355][T24000] dummy0: left promiscuous mode [ 851.852023][T24000] bond1 (unregistering): Released all slaves [ 852.007291][T23999] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 852.027745][T23999] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 852.271268][T23999] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 852.282831][T23999] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 852.386726][T23999] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 852.390212][T23999] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 852.520260][T18820] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 852.523884][T18820] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 852.529290][T18820] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 852.532499][T18820] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 852.548437][T24018] netlink: 20 bytes leftover after parsing attributes in process `syz.6.6816'. [ 852.551148][T18820] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 852.554193][T18820] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 852.564160][T24018] ip6gre1: entered promiscuous mode [ 852.565894][T24018] ip6gre1: entered allmulticast mode [ 852.594936][ T5592] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 852.600266][ T5592] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 852.603121][T24018] netlink: 'syz.6.6816': attribute type 6 has an invalid length. [ 852.605493][T24018] netlink: 72 bytes leftover after parsing attributes in process `syz.6.6816'. [ 852.836910][T24028] tipc: Enabling of bearer rejected, failed to enable media [ 853.105123][T24043] netlink: 'syz.5.6823': attribute type 1 has an invalid length. [ 853.137001][T24043] bond1: entered promiscuous mode [ 853.142106][T24043] 8021q: adding VLAN 0 to HW filter on device bond1 [ 853.194168][T24043] bond1: (slave bridge1): making interface the new active one [ 853.199753][T24043] bridge1: entered promiscuous mode [ 853.208830][T24043] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 853.264326][T24043] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 853.271923][T24043] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 854.241480][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 856.113541][T24071] fuse: fd is not a fuse device [ 857.340306][T18328] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 857.507896][T18328] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 857.563092][T18328] usb 5-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=6a.b1 [ 857.587763][T18328] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 857.601753][T18328] usb 5-1: Product: syz [ 857.605790][T18328] usb 5-1: Manufacturer: syz [ 857.609494][T18328] usb 5-1: SerialNumber: syz [ 857.670305][T18328] usb 5-1: config 0 descriptor?? [ 857.701107][T18328] cytherm 5-1:0.0: Cypress thermometer device now attached [ 857.996639][T24078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 858.003300][T24078] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 858.061319][T18328] usb 5-1: USB disconnect, device number 9 [ 858.096871][T18328] cytherm 5-1:0.0: Cypress thermometer now disconnected [ 858.285838][T24085] netlink: 'syz.6.6835': attribute type 1 has an invalid length. [ 858.322517][T24085] bond6: entered promiscuous mode [ 858.334699][T24085] 8021q: adding VLAN 0 to HW filter on device bond6 [ 858.354715][T24088] bond6: (slave bridge4): making interface the new active one [ 858.359320][T24088] bridge4: entered promiscuous mode [ 858.365492][T24088] bond6: (slave bridge4): Enslaving as an active interface with an up link [ 858.454864][T24085] bridge0: Device is already in use. [ 858.867712][T24093] syzkaller0: entered promiscuous mode [ 858.870500][ T41] audit: type=1326 audit(1782485321.838:17196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24090 comm="syz.6.6837" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70befec code=0x0 [ 858.872570][T24093] syzkaller0: entered allmulticast mode [ 859.107806][T24062] syz.5.6828 (24062) used greatest stack depth: 18696 bytes left [ 859.187719][T24099] overlayfs: failed to clone upperpath [ 859.474589][T20428] Bluetooth: hci4: unexpected event for opcode 0x080c [ 859.564885][T24109] netlink: 'syz.0.6843': attribute type 1 has an invalid length. [ 859.754419][T24109] 8021q: adding VLAN 0 to HW filter on device bond9 [ 859.848593][T24111] 8021q: adding VLAN 0 to HW filter on device bond9 [ 859.861797][T24111] bond9: (slave gre1): The slave device specified does not support setting the MAC address [ 859.868776][T24111] bond9: (slave gre1): Error -95 calling set_mac_address [ 860.044345][T24112] gretap4: entered promiscuous mode [ 860.064456][T24112] bond9: (slave gretap4): making interface the new active one [ 860.090717][T24112] bond9: (slave gretap4): Enslaving as an active interface with an up link [ 860.517924][T24121] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6847'. [ 860.595290][T24121] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6847'. [ 860.616362][T24121] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6847'. [ 860.627011][T24121] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6847'. [ 860.639539][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 862.148369][T24155] netlink: 140 bytes leftover after parsing attributes in process `syz.6.6855'. [ 862.155622][T24155] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6855'. [ 865.553271][T24179] 9p: Bad value for 'rfdno' [ 866.073577][T24192] netlink: 9 bytes leftover after parsing attributes in process `syz.0.6865'. [ 866.080625][T24192] gretap0: entered promiscuous mode [ 866.167343][T24197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6867'. [ 866.184878][T24197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6867'. [ 866.204698][T24197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6867'. [ 866.220884][T24197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6867'. [ 866.430548][T24200] netlink: 'syz.0.6868': attribute type 10 has an invalid length. [ 866.823802][T24219] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 866.833058][ T40] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 866.949361][ T40] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 870.315486][T24248] syzkaller0: entered promiscuous mode [ 870.321333][T24248] syzkaller0: entered allmulticast mode [ 870.630537][T24261] netlink: 24 bytes leftover after parsing attributes in process `syz.9.6887'. [ 871.008634][T24279] tipc: Enabled bearer , priority 0 [ 871.016993][T24276] syzkaller0: entered promiscuous mode [ 871.020850][T24276] syzkaller0: entered allmulticast mode [ 871.051438][T24262] tipc: Resetting bearer [ 871.093899][T24262] tipc: Disabling bearer [ 872.476606][T24315] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6899'. [ 872.551340][T24319] netlink: 'syz.0.6900': attribute type 1 has an invalid length. [ 872.772509][T24319] bond10: entered promiscuous mode [ 872.774330][T24319] bond10: entered allmulticast mode [ 872.776252][T24319] 8021q: adding VLAN 0 to HW filter on device bond10 [ 872.783305][T24322] erspan1: entered allmulticast mode [ 872.787568][T24322] bond10: (slave erspan1): making interface the new active one [ 872.791656][T24322] erspan1: entered promiscuous mode [ 872.799714][T24322] bond10: (slave erspan1): Enslaving as an active interface with an up link [ 872.808719][T24323] gretap1: left promiscuous mode [ 872.850550][T24323] bond1: left promiscuous mode [ 872.865031][T24323] bridge1: left promiscuous mode [ 874.023767][T24343] netlink: 'syz.9.6910': attribute type 1 has an invalid length. [ 874.055475][T24343] 8021q: adding VLAN 0 to HW filter on device bond10 [ 874.100371][T24343] bond10: (slave veth0_to_bond): making interface the new active one [ 874.107555][T24343] bond10: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 874.124181][T24343] bond10: entered promiscuous mode [ 874.125936][T24343] veth0_to_bond: entered promiscuous mode [ 874.130073][T24343] bond10: entered allmulticast mode [ 874.132012][T24343] veth0_to_bond: entered allmulticast mode [ 874.180782][T24343] macvlan2: entered promiscuous mode [ 874.182670][T24343] macvlan2: entered allmulticast mode [ 874.185247][T24343] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 874.193793][T24343] bond10: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of veth0_to_bond [ 874.737641][ T1437] ieee802154 phy0 wpan0: encryption failed: -22 [ 874.740401][ T1437] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.490248][T24364] netlink: 'syz.5.6915': attribute type 1 has an invalid length. [ 875.544668][T24361] syz.0.6914 (24361): drop_caches: 2 [ 875.625886][T24364] 8021q: adding VLAN 0 to HW filter on device bond3 [ 875.638507][T24364] bond2: (slave bond3): making interface the new active one [ 875.653315][T24364] bond2: (slave bond3): Enslaving as an active interface with an up link [ 875.690977][T24367] bond2: (slave gretap2): Enslaving as a backup interface with an up link [ 876.019656][ T41] audit: type=1326 audit(1782485338.989:17197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24376 comm="syz.5.6919" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6ffefec code=0x0 [ 876.085354][T24379] netlink: 'syz.5.6919': attribute type 10 has an invalid length. [ 876.099447][T24379] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 876.113077][T24379] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 876.194141][T24379] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 876.227561][T24379] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 876.263871][T24379] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 876.297458][T24379] bond0 (unregistering): Released all slaves [ 876.644969][T24393] netlink: 'syz.9.6924': attribute type 1 has an invalid length. [ 876.693520][T24393] bond11: (slave geneve3): making interface the new active one [ 876.699208][T24393] bond11: (slave geneve3): Enslaving as an active interface with an up link [ 876.707151][ T5817] netdevsim netdevsim9 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 876.717358][ T5817] netdevsim netdevsim9 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 876.722406][T24393] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6924'. [ 876.732040][ T5817] netdevsim netdevsim9 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 876.755857][T24393] 8021q: adding VLAN 0 to HW filter on device bond11 [ 876.762767][ T5817] netdevsim netdevsim9 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 876.944666][T24402] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:37: iget: checksum invalid [ 876.964217][T24403] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:37: iget: checksum invalid [ 877.056968][T24405] bond0: entered promiscuous mode [ 877.060192][T24405] batadv0: entered promiscuous mode [ 877.073883][T24405] netlink: 'syz.9.6928': attribute type 10 has an invalid length. [ 877.085880][T24405] syz_tun: entered promiscuous mode [ 879.604220][T24428] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6936'. [ 881.384552][T24452] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:5: iget: checksum invalid [ 881.391831][T24453] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:46: iget: checksum invalid [ 882.034159][T24471] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6949'. [ 882.039806][T24471] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6949'. [ 882.044838][T24471] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6949'. [ 882.051183][T24471] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6949'. [ 882.065755][T24471] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6949'. [ 882.321292][T24478] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:46: iget: checksum invalid [ 882.335596][T24480] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:46: iget: checksum invalid [ 882.345983][T24481] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:46: iget: checksum invalid [ 882.361837][T24483] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:46: iget: checksum invalid [ 882.380680][T24486] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:63: iget: checksum invalid [ 882.598975][T24488] netlink: 'syz.9.6952': attribute type 1 has an invalid length. [ 882.632314][T24488] 8021q: adding VLAN 0 to HW filter on device bond12 [ 883.015223][T24488] bond12: (slave geneve4): making interface the new active one [ 883.023286][T24488] bond12: (slave geneve4): Enslaving as an active interface with an up link [ 883.205823][T24493] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6955'. [ 883.292058][ T65] block nbd3: Receive control failed (result -1) [ 883.627672][T24502] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 885.802338][T24514] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6961'. [ 885.807384][T24514] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6961'. [ 885.811938][T24514] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6961'. [ 885.816476][T24514] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6961'. [ 885.821666][T24514] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6961'. [ 886.566166][T24527] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:3: iget: checksum invalid [ 886.578762][T24528] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:46: iget: checksum invalid [ 886.621057][T24530] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:3: iget: checksum invalid [ 888.109406][ T40] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 888.269216][ T40] usb 5-1: Using ep0 maxpacket: 32 [ 888.279435][ T40] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 888.285373][ T40] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 888.297307][ T40] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 888.320263][ T40] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 888.329530][T24545] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6972'. [ 888.329964][ T40] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 888.348005][ T40] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 888.351411][ T40] usb 5-1: Product: syz [ 888.353210][ T40] usb 5-1: Manufacturer: syz [ 888.355259][ T40] usb 5-1: SerialNumber: syz [ 888.385463][ C3] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 888.489274][ T40] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/input/input57 [ 888.572861][T24545] team0: Port device team_slave_0 removed [ 888.608090][ T40] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 888.611658][ T40] (id 0x00) [ 888.615864][T24546] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:0: iget: checksum invalid [ 888.623375][ T40] rc_core: Couldn't load IR keymap rc-imon-pad [ 888.626142][ T40] Registered IR keymap rc-empty [ 888.628488][ T40] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 888.632831][ T40] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 888.814585][T24551] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:0: iget: checksum invalid [ 888.831274][ T40] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0 [ 888.836493][T24553] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:0: iget: checksum invalid [ 888.843325][ T40] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0/input58 [ 888.855088][ T40] imon 5-1:155.0: iMON device (15c2:ffdc, intf0) on usb<5:10> initialized [ 889.001861][T24431] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 889.009977][T24431] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 889.013460][T24431] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 889.076423][T24427] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 889.081294][T24427] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 889.086158][T24427] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 889.175370][T24431] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 889.321708][T24560] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6977'. [ 889.589259][T24548] orangefs_mount: mount request failed with -4 [ 889.791408][T24568] netlink: 'syz.5.6978': attribute type 1 has an invalid length. [ 889.837770][T24568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 890.124370][T24568] bond0: (slave dummy0): making interface the new active one [ 890.132472][T24568] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 890.284315][T24576] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6980'. [ 890.289628][T24576] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6980'. [ 890.295223][T24576] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6980'. [ 890.595784][ T5889] usb 5-1: USB disconnect, device number 10 [ 890.597505][T24571] imon:send_packet: packet tx failed (-71) [ 890.637994][T24571] imon:vfd_write: send packet #5 failed [ 890.688174][ T40] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 890.837828][ T40] usb 10-1: Using ep0 maxpacket: 32 [ 890.842131][ T40] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 890.846689][ T40] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 3 [ 890.857866][ T40] usb 10-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice= 0.40 [ 890.861835][ T40] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 890.865271][ T40] usb 10-1: Product: syz [ 890.867110][ T40] usb 10-1: Manufacturer: syz [ 890.870211][ T40] usb 10-1: SerialNumber: syz [ 890.887510][ T40] usb 10-1: config 0 descriptor?? [ 891.274721][T24590] syzkaller0: entered promiscuous mode [ 891.285341][T24590] syzkaller0: entered allmulticast mode [ 891.819738][ T40] usb 10-1: USB disconnect, device number 3 [ 893.098438][T24621] mac80211_hwsim hwsim15 syzkaller0: left promiscuous mode [ 893.101315][T24621] mac80211_hwsim hwsim15 syzkaller0: left allmulticast mode [ 894.897730][T11340] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 895.067557][T11340] usb 5-1: Using ep0 maxpacket: 32 [ 895.071137][T11340] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 895.074754][T11340] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 3 [ 895.082136][T11340] usb 5-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice= 0.40 [ 895.085048][T11340] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 895.088045][T11340] usb 5-1: Product: syz [ 895.089436][T11340] usb 5-1: Manufacturer: syz [ 895.091496][T11340] usb 5-1: SerialNumber: syz [ 895.095815][T11340] usb 5-1: config 0 descriptor?? [ 895.649217][T11340] usb 5-1: USB disconnect, device number 11 [ 895.668052][T24660] EXT4-fs error: 8 callbacks suppressed [ 895.668064][T24660] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:3: iget: checksum invalid [ 895.688069][T24661] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:5: iget: checksum invalid [ 896.049467][T24669] mac80211_hwsim hwsim15 syzkaller0: entered promiscuous mode [ 896.051906][T24669] mac80211_hwsim hwsim15 syzkaller0: entered allmulticast mode [ 896.276271][T24673] tipc: Enabling of bearer rejected, failed to enable media [ 896.288974][T24675] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:37: iget: checksum invalid [ 896.293836][T24676] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:37: iget: checksum invalid [ 897.079363][T24687] netlink: 'syz.6.7016': attribute type 1 has an invalid length. [ 897.117598][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 897.119251][T24687] 8021q: adding VLAN 0 to HW filter on device bond7 [ 897.241926][T24689] bond7: (slave dummy0): making interface the new active one [ 897.250445][T24689] bond7: (slave dummy0): Enslaving as an active interface with an up link [ 897.366484][T24687] : renamed from dummy0 (while UP) [ 897.642357][T24701] netlink: 'syz.0.7015': attribute type 1 has an invalid length. [ 897.827454][T11340] usb 11-1: new high-speed USB device number 41 using dummy_hcd [ 897.989797][T11340] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 897.996489][T11340] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 897.999734][T11340] usb 11-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 898.002604][T11340] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 898.006177][T11340] usb 11-1: config 0 descriptor?? [ 898.043279][T24431] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 898.054267][T24431] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 898.068642][T24431] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 898.072060][T24701] 8021q: adding VLAN 0 to HW filter on device bond11 [ 898.957067][T11340] usbhid 11-1:0.0: can't add hid device: -71 [ 898.959084][T11340] usbhid 11-1:0.0: probe with driver usbhid failed with error -71 [ 898.966075][T11340] usb 11-1: USB disconnect, device number 41 [ 900.427156][T24730] batadv_slave_0: Caught tx_queue_len zero misconfig [ 900.469359][T24731] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:29: iget: checksum invalid [ 900.621693][T24735] netlink: 'syz.0.7034': attribute type 1 has an invalid length. [ 900.648539][T24735] 8021q: adding VLAN 0 to HW filter on device bond12 [ 900.682202][T24735] : renamed from dummy0 [ 901.271384][T20428] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 901.366502][T24747] netlink: 'syz.6.7027': attribute type 1 has an invalid length. [ 901.473203][T24747] 8021q: adding VLAN 0 to HW filter on device bond8 [ 901.696128][T24758] __nla_validate_parse: 2 callbacks suppressed [ 901.696223][T24758] netlink: 64 bytes leftover after parsing attributes in process `syz.6.7031'. [ 901.705431][T24758] netlink: 64 bytes leftover after parsing attributes in process `syz.6.7031'. [ 902.159590][T24766] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7036'. [ 902.668079][T24773] netlink: 'syz.5.7038': attribute type 3 has an invalid length. [ 902.949321][T24782] netlink: 'syz.5.7039': attribute type 1 has an invalid length. [ 902.976364][T24782] 8021q: adding VLAN 0 to HW filter on device bond4 [ 903.080085][T24782] bond0: (slave dummy0): Releasing active interface [ 903.156298][T24782] bond4: (slave dummy0): making interface the new active one [ 903.171013][T24782] bond4: (slave dummy0): Enslaving as an active interface with an up link [ 903.174261][T24784] : renamed from dummy0 (while UP) [ 903.416929][T24796] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:27: iget: checksum invalid [ 903.425654][T24797] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:27: iget: checksum invalid [ 903.459069][T24790] virt_wifi0: entered promiscuous mode [ 903.464684][T24790] macsec1: entered promiscuous mode [ 903.522259][T24792] syzkaller0: entered promiscuous mode [ 903.523974][T24792] syzkaller0: entered allmulticast mode [ 903.592475][T24799] fuse: fd is not a fuse device [ 903.930306][ T41] audit: type=1804 audit(1782485366.900:17198): pid=24806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.7046" name="/newroot/394/file0" dev="tmpfs" ino=2073 res=1 errno=0 [ 903.931695][T24806] ref_ctr going negative. vaddr: 0x80ffd002, curr val: -2360, delta: 1 [ 903.941797][T24806] ref_ctr increment failed for inode: 0x819 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888029800000 [ 903.975397][T24806] ref_ctr going negative. vaddr: 0x80ffd002, curr val: -2360, delta: -1 [ 903.978937][T24806] ref_ctr decrement failed for inode: 0x819 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888029800000 [ 903.983089][T24806] uprobe: syz.0.7046:24806 failed to unregister, leaking uprobe [ 904.243376][T24813] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:27: iget: checksum invalid [ 904.253284][T24814] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:27: iget: checksum invalid [ 908.296362][T24828] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:22: iget: checksum invalid [ 908.305224][T24831] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:22: iget: checksum invalid [ 908.378707][T24835] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:26: iget: checksum invalid [ 908.383846][T24836] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:26: iget: checksum invalid [ 908.640483][T24846] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:22: iget: checksum invalid [ 908.664538][T24847] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:22: iget: checksum invalid [ 908.788562][T24851] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:22: iget: checksum invalid [ 908.793317][T24852] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:26: iget: checksum invalid [ 908.828494][T24850] syzkaller0: entered promiscuous mode [ 908.833190][T24850] syzkaller0: entered allmulticast mode [ 909.543176][T24860] syzkaller0: entered promiscuous mode [ 909.545462][T24860] syzkaller0: entered allmulticast mode [ 911.259553][T24876] syz.9.7061 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 912.852997][T24885] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:22: iget: checksum invalid [ 912.894481][T24887] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:22: iget: checksum invalid [ 912.931298][T24888] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:22: iget: checksum invalid [ 912.950140][T24889] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:23: iget: checksum invalid [ 913.735220][T24868] syzkaller0: entered promiscuous mode [ 913.738169][T24868] syzkaller0: entered allmulticast mode [ 913.802518][T24892] 9pnet_virtio: no channels available for device syz [ 913.809118][T24892] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7064'. [ 913.812545][T24892] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7064'. [ 915.718475][T24923] syzkaller0: entered promiscuous mode [ 915.726964][T24923] syzkaller0: entered allmulticast mode [ 915.744121][T24926] tipc: Enabled bearer , priority 0 [ 915.748477][T24926] syzkaller0: entered promiscuous mode [ 915.750189][T24926] syzkaller0: entered allmulticast mode [ 915.752945][ T5833] syzkaller0: tun_net_xmit 70 [ 915.761879][T24926] tipc: Resetting bearer [ 915.764669][T24926] syzkaller0: tun_net_xmit 90 [ 915.782979][T24925] tipc: Resetting bearer [ 915.805803][T24925] tipc: Disabling bearer [ 915.935922][T24929] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 915.943512][T24929] VFS: Can't find a romfs filesystem on dev nullb0. [ 915.943512][T24929] [ 919.876246][T11340] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 920.036204][T11340] usb 5-1: Using ep0 maxpacket: 32 [ 920.046392][T11340] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 920.059096][T11340] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 920.063546][T11340] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 920.068726][T11340] usb 5-1: Product: syz [ 920.070370][T11340] usb 5-1: Manufacturer: syz [ 920.074832][T11340] usb 5-1: SerialNumber: syz [ 920.084420][T11340] usb 5-1: config 0 descriptor?? [ 920.087746][T24986] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 920.098457][T11340] hub 5-1:0.0: bad descriptor, ignoring hub [ 920.101120][T11340] hub 5-1:0.0: probe with driver hub failed with error -5 [ 920.123368][T24987] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 920.133448][T24987] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 920.137397][T24987] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 920.207420][T24996] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:23: iget: checksum invalid [ 920.215267][T24999] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:23: iget: checksum invalid [ 920.224912][T25002] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:23: iget: checksum invalid [ 920.227895][T25000] netlink: 'syz.5.7095': attribute type 1 has an invalid length. [ 920.232071][T25003] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:23: iget: checksum invalid [ 920.254251][T25000] bond5: entered promiscuous mode [ 920.255964][T25000] 8021q: adding VLAN 0 to HW filter on device bond5 [ 920.278666][T25000] ipvlan2: entered allmulticast mode [ 920.280367][T25000] bond5: entered allmulticast mode [ 920.294300][T25000] bond5: (slave bridge3): making interface the new active one [ 920.296744][T25000] bridge3: entered promiscuous mode [ 920.300735][T25000] bridge3: entered allmulticast mode [ 920.303398][T25000] bond5: (slave bridge3): Enslaving as an active interface with an up link [ 920.492422][T25011] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:26: iget: checksum invalid [ 920.534756][T25012] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:26: iget: checksum invalid [ 920.717765][T25014] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7097'. [ 920.824211][T25015] vlan0: entered allmulticast mode [ 920.831010][T25015] bridge4: entered allmulticast mode [ 920.856495][T25014] bridge4: port 1(erspan0) entered blocking state [ 920.859490][T25014] bridge4: port 1(erspan0) entered disabled state [ 920.862461][T25014] erspan0: entered allmulticast mode [ 920.869507][T25014] erspan0: entered promiscuous mode [ 921.182279][T21245] raw-gadget.0 gadget.0: failed to queue suspend event [ 921.266210][T24986] raw-gadget.0 gadget.0: failed to queue resume event [ 921.269825][T25022] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7099'. [ 921.279131][T25008] raw-gadget.0 gadget.0: failed to queue suspend event [ 921.286227][T25008] raw-gadget.0 gadget.0: failed to queue disconnect event [ 921.349831][T25022] vxlan0: entered promiscuous mode [ 921.369302][T11407] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 921.382413][T11407] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 921.391108][T11407] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 921.394111][T11407] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 921.933228][ T40] usb 5-1: USB disconnect, device number 12 [ 922.076245][ T40] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 922.228588][ T40] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64 [ 922.235808][ T40] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 922.240375][ T40] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 922.244059][ T40] usb 5-1: Product: syz [ 922.247294][ T40] usb 5-1: Manufacturer: syz [ 922.252394][ T40] usb 5-1: SerialNumber: syz [ 922.260138][ T40] usb 5-1: config 0 descriptor?? [ 922.267244][T25008] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 922.273458][ T40] hub 5-1:0.0: bad descriptor, ignoring hub [ 922.280471][ T40] hub 5-1:0.0: probe with driver hub failed with error -5 [ 922.298025][T25023] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1135: comm udevd: iget: checksum invalid [ 922.586375][T13543] usb 5-1: USB disconnect, device number 13 [ 923.173089][T25049] syzkaller0: entered promiscuous mode [ 923.174848][T25049] syzkaller0: entered allmulticast mode [ 925.343460][T25079] EXT4-fs error: 2 callbacks suppressed [ 925.343472][T25079] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:22: iget: checksum invalid [ 926.012456][T25092] EXT4-fs error (device sda1): ext4_lookup:1785: inode #1259: comm kworker/u33:23: iget: checksum invalid [ 926.687031][ T5592] [ 926.688123][ T5592] ============================================ [ 926.690666][ T5592] WARNING: possible recursive locking detected [ 926.693202][ T5592] syzkaller #0 Tainted: G L [ 926.695892][ T5592] -------------------------------------------- [ 926.698421][ T5592] kworker/u32:2/5592 is trying to acquire lock: [ 926.700989][ T5592] ffff888060f7e558 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x3b5/0xc70 [ 926.704889][ T5592] [ 926.704889][ T5592] but task is already holding lock: [ 926.707924][ T5592] ffff8880130d4158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x3b5/0xc70 [ 926.711918][ T5592] [ 926.711918][ T5592] other info that might help us debug this: [ 926.715132][ T5592] Possible unsafe locking scenario: [ 926.715132][ T5592] [ 926.718194][ T5592] CPU0 [ 926.719603][ T5592] ---- [ 926.721013][ T5592] lock(&qdisc_xmit_lock_key#4); [ 926.723117][ T5592] lock(&qdisc_xmit_lock_key#4); [ 926.725227][ T5592] [ 926.725227][ T5592] *** DEADLOCK *** [ 926.725227][ T5592] [ 926.728530][ T5592] May be due to missing lock nesting notation [ 926.728530][ T5592] [ 926.731897][ T5592] 11 locks held by kworker/u32:2/5592: [ 926.734155][ T5592] #0: ffff88806cb16140 ((wq_completion)bond10){+.+.}-{0:0}, at: process_one_work+0x12b1/0x1940 [ 926.738134][ T5592] #1: ffffc90003e57d08 ((work_completion)(&(&bond->alb_work)->work)){+.+.}-{0:0}, at: process_one_work+0x988/0x1940 [ 926.743158][ T5592] #2: ffffffff8e7e5ec0 (rcu_read_lock){....}-{1:3}, at: bond_alb_monitor+0xec/0x16f0 [ 926.747067][ T5592] #3: ffffffff8e7e5e60 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x296/0x4940 [ 926.751102][ T5592] #4: ffff88804ecea228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#5){+...}-{3:3}, at: __dev_queue_xmit+0x24e2/0x4940 [ 926.756259][ T5592] #5: ffff8880130d4158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x3b5/0xc70 [ 926.760449][ T5592] #6: ffffffff8e7e5ec0 (rcu_read_lock){....}-{1:3}, at: ip_output+0xb3/0xc10 [ 926.764117][ T5592] #7: ffffffff8e7e5ec0 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x356/0x2400 [ 926.768120][ T5592] #8: ffffffff8e7e5ec0 (rcu_read_lock){....}-{1:3}, at: arp_xmit+0x26/0x2e0 [ 926.771730][ T5592] #9: ffffffff8e7e5e60 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x296/0x4940 [ 926.775827][ T5592] #10: ffff8880482d6228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#5){+...}-{3:3}, at: __dev_queue_xmit+0x24e2/0x4940 [ 926.780929][ T5592] [ 926.780929][ T5592] stack backtrace: [ 926.783368][ T5592] CPU: 3 UID: 0 PID: 5592 Comm: kworker/u32:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 926.783394][ T5592] Tainted: [L]=SOFTLOCKUP [ 926.783401][ T5592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 926.783413][ T5592] Workqueue: bond10 bond_alb_monitor [ 926.783435][ T5592] Call Trace: [ 926.783442][ T5592] [ 926.783449][ T5592] dump_stack_lvl+0x100/0x190 [ 926.783472][ T5592] print_deadlock_bug.cold+0xbd/0xca [ 926.783498][ T5592] __lock_acquire+0x1256/0x1a40 [ 926.783528][ T5592] lock_acquire+0x1b9/0x370 [ 926.783576][ T5592] ? sch_direct_xmit+0x3b5/0xc70 [ 926.783601][ T5592] _raw_spin_lock+0x2e/0x40 [ 926.783620][ T5592] ? sch_direct_xmit+0x3b5/0xc70 [ 926.783637][ T5592] sch_direct_xmit+0x3b5/0xc70 [ 926.783655][ T5592] ? lock_acquire+0x1b9/0x370 [ 926.783680][ T5592] ? __pfx_sch_direct_xmit+0x10/0x10 [ 926.783697][ T5592] ? do_raw_spin_lock+0x180/0x260 [ 926.783720][ T5592] __dev_queue_xmit+0x278a/0x4940 [ 926.783746][ T5592] ? __pfx_arpt_do_table+0x10/0x10 [ 926.783766][ T5592] ? __pfx___dev_queue_xmit+0x10/0x10 [ 926.783787][ T5592] ? lock_acquire+0x180/0x370 [ 926.783812][ T5592] ? find_held_lock+0x2b/0x80 [ 926.783830][ T5592] ? nf_hook.constprop.0+0x2f0/0x760 [ 926.783857][ T5592] ? nf_hook.constprop.0+0x2f0/0x760 [ 926.783884][ T5592] ? nf_hook.constprop.0+0x2fa/0x760 [ 926.783911][ T5592] ? __pfx_arp_xmit_finish+0x10/0x10 [ 926.783943][ T5592] arp_xmit+0x106/0x2e0 [ 926.783967][ T5592] arp_send_dst+0x200/0x280 [ 926.783994][ T5592] arp_solicit+0x672/0x1070 [ 926.784022][ T5592] ? trace_kmem_cache_alloc+0xdd/0x100 [ 926.784047][ T5592] ? __kasan_slab_alloc+0x89/0x90 [ 926.784072][ T5592] ? __pfx_arp_solicit+0x10/0x10 [ 926.784098][ T5592] ? neigh_probe+0x72/0x110 [ 926.784125][ T5592] ? __pfx_arp_solicit+0x10/0x10 [ 926.784157][ T5592] neigh_probe+0xce/0x110 [ 926.784184][ T5592] __neigh_event_send+0xabe/0x13d0 [ 926.784208][ T5592] neigh_resolve_output+0x550/0x8f0 [ 926.784230][ T5592] ? __pfx____neigh_create+0x10/0x10 [ 926.784253][ T5592] ip_finish_output2+0x851/0x2400 [ 926.784281][ T5592] ? __pfx_ip_finish_output2+0x10/0x10 [ 926.784305][ T5592] ? __pfx_ip_dst_mtu_maybe_forward+0x10/0x10 [ 926.784328][ T5592] ? nf_nat_ipv4_out+0xb2/0x510 [ 926.784348][ T5592] ? find_held_lock+0x2b/0x80 [ 926.784372][ T5592] __ip_finish_output.part.0+0x444/0x6f0 [ 926.784396][ T5592] ip_output+0x39b/0xc10 [ 926.784420][ T5592] ? __pfx_ip_output+0x10/0x10 [ 926.784443][ T5592] ? __pfx_get_random_u32+0x10/0x10 [ 926.784468][ T5592] ? __pfx_ip_finish_output+0x10/0x10 [ 926.784493][ T5592] ? __pfx_ip_output+0x10/0x10 [ 926.784517][ T5592] ip_local_out+0x193/0x1f0 [ 926.784542][ T5592] iptunnel_xmit+0x722/0xd20 [ 926.784571][ T5592] ip_tunnel_xmit+0x1b91/0x3210 [ 926.784600][ T5592] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 926.784622][ T5592] ? mark_held_locks+0x40/0x70 [ 926.784648][ T5592] ? kasan_quarantine_put+0x4f/0x240 [ 926.784669][ T5592] ? lockdep_hardirqs_on+0x78/0x100 [ 926.784698][ T5592] __gre_xmit+0x820/0xb20 [ 926.784719][ T5592] ? __pfx___gre_xmit+0x10/0x10 [ 926.784740][ T5592] ? __pfx_pskb_expand_head+0x10/0x10 [ 926.784757][ T5592] ? netif_skb_features+0x9cf/0x13f0 [ 926.784782][ T5592] erspan_xmit+0x55a/0x1ec0 [ 926.784804][ T5592] ? stack_depot_save_flags+0x27/0x9d0 [ 926.784826][ T5592] ? __pfx_erspan_xmit+0x10/0x10 [ 926.784851][ T5592] dev_hard_start_xmit+0x121/0x760 [ 926.784878][ T5592] sch_direct_xmit+0x1b2/0xc70 [ 926.784898][ T5592] ? lock_acquire+0x1b9/0x370 [ 926.784923][ T5592] ? __pfx_sch_direct_xmit+0x10/0x10 [ 926.784942][ T5592] ? do_raw_spin_lock+0x180/0x260 [ 926.784965][ T5592] __dev_queue_xmit+0x278a/0x4940 [ 926.784993][ T5592] ? trace_kmem_cache_alloc+0xdd/0x100 [ 926.785016][ T5592] ? __pfx___dev_queue_xmit+0x10/0x10 [ 926.785039][ T5592] ? kmem_cache_alloc_node_noprof+0x2e6/0x6b0 [ 926.785064][ T5592] ? kmalloc_reserve+0xf9/0x350 [ 926.785085][ T5592] ? __asan_memset+0x23/0x50 [ 926.785104][ T5592] ? __alloc_skb+0x4e9/0x710 [ 926.785133][ T5592] ? __netdev_alloc_skb+0x10d/0x960 [ 926.785167][ T5592] alb_send_lp_vid+0x31e/0x540 [ 926.785187][ T5592] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 926.785208][ T5592] ? __pfx_alb_send_lp_vid+0x10/0x10 [ 926.785229][ T5592] ? __lock_acquire+0x49f/0x1a40 [ 926.785256][ T5592] ? find_held_lock+0x2b/0x80 [ 926.785278][ T5592] alb_send_learning_packets+0xe0/0x2f0 [ 926.785298][ T5592] ? __pfx_alb_send_learning_packets+0x10/0x10 [ 926.785323][ T5592] bond_alb_monitor+0x997/0x16f0 [ 926.785347][ T5592] ? __pfx_bond_alb_monitor+0x10/0x10 [ 926.785367][ T5592] ? rcu_is_watching+0x12/0xc0 [ 926.785391][ T5592] process_one_work+0xa23/0x1940 [ 926.785422][ T5592] ? __pfx_process_one_work+0x10/0x10 [ 926.785451][ T5592] ? __pfx_bond_alb_monitor+0x10/0x10 [ 926.785470][ T5592] worker_thread+0x5ef/0xe50 [ 926.785500][ T5592] ? kthread+0x13a/0x450 [ 926.785522][ T5592] ? __pfx_worker_thread+0x10/0x10 [ 926.785546][ T5592] kthread+0x370/0x450 [ 926.785569][ T5592] ? __pfx_kthread+0x10/0x10 [ 926.785592][ T5592] ret_from_fork+0x72b/0xd50 [ 926.785615][ T5592] ? __pfx_ret_from_fork+0x10/0x10 [ 926.785637][ T5592] ? __switch_to+0x800/0x10f0 [ 926.785654][ T5592] ? __pfx_kthread+0x10/0x10 [ 926.785679][ T5592] ret_from_fork_asm+0x1a/0x30 [ 926.785710][ T5592] [ 927.488109][T25095] batman_adv: batadv0: Interface deactivated: gretap2 [ 927.509000][T25095] batman_adv: batadv0: Interface deactivated: gretap3 [ 927.565942][T18822] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 927.569323][T18822] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 927.572633][T18822] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 927.576185][T18822] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 927.579729][T18822] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 927.582480][T18822] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 927.585186][T18822] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 927.588349][T18822] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 936.157143][ T1437] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.159397][ T1437] ieee802154 phy1 wpan1: encryption failed: -22