last executing test programs: 11m13.547001097s ago: executing program 2 (id=16): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'virt_wifi0\x00'}, 0x18) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000140)=0x6ddf2614, 0x1) recvmmsg(r1, &(0x7f00000039c0)=[{{0x0, 0x0, &(0x7f0000000300)}, 0x10001}], 0x1, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x1f00) sendmmsg$sock(r3, &(0x7f0000003bc0), 0x4000000000002ca, 0x4040014) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0xc040}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r4) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x30}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) close(0xffffffffffffffff) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r7 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ptype\x00') fsconfig$FSCONFIG_SET_FLAG(r7, 0x0, 0x0, 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x400880, 0x0) 11m10.378674015s ago: executing program 2 (id=21): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x4ca31, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) r1 = accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x80000) connect$unix(r1, &(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) read$msr(r0, &(0x7f000001b180)=""/102384, 0x18ff0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x3ffffffffffff9, 0x4940) readv(r3, &(0x7f0000002140), 0x0) shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) pipe2$9p(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84080) write$P9_RVERSION(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r6 = dup(r3) r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000480), 0x624001, 0x0) mkdirat(r7, &(0x7f0000000400)='./file0\x00', 0x100) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x4000, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',caChe=mMap,k']) truncate(&(0x7f0000000240)='./file0\x00', 0x206b12) open(&(0x7f0000000340)='./file1\x00', 0x84001, 0x69) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x9) 11m6.453500292s ago: executing program 2 (id=23): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019640)=""/102400, 0x19000) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x20000, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32, @ANYBLOB="0000000000000010000000000000000000000000a48a9766718051f86fc508c4f3925283de9563c3a585b72b26896974a6b1549843361a8def7fc66234dae89476dac541f89710e1aa2de29c3ee0d214547f6a05c88c11856d75a3d942603776965d5c2b41c4751e80263ab943ef88903b07d4ba665fde7a212b7a432203eeb4864250ba30dae34e3805824374761a7c13f64a56f47d942dcafb22fca81ffa1dc173f4c891295f8ecf1296701177405b1b4d52cafc12401bfd5d6d2d55b7075afd18526de8ff56d2842cf76e85cdda7826d03078d5a731", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000002480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$inet6(0x10, 0x2, 0x6) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x16}]}, 0x10) sendto$inet6(r5, &(0x7f00000002c0)="1c0000001200050f0c1000000049b23e9b200a0008000ac0000000", 0x1b, 0x0, 0x0, 0x0) ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000040)) r6 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev={0xfe, 0x80, '\x00', 0x37}, 0x0, 0x0, 0x0, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r6, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x0, 0x0, 0x0, 0x4007}}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r8, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT=r6], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) r9 = syz_open_procfs(0x0, 0x0) preadv(r9, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup/syz1\x00', 0x1ff) add_key(&(0x7f0000000480)='dns_resolver\x00', 0x0, &(0x7f0000000200)="48b12300", 0x4, 0xffffffffffffffff) 11m4.364274003s ago: executing program 2 (id=28): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) connect$x25(r2, &(0x7f0000000040)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3, 0x2}}, 0x12) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r3, 0x4) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x20002, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd2(0x8001, 0x1) r9 = eventfd(0x6) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000100)={0x0, 0x0, 0x0, r9}) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000000)={0x25a, 0x0, 0x0, r8}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10m59.422422956s ago: executing program 2 (id=34): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe0500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r4, 0x40049366, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r7, 0x4004ae8b, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file1\x00', 0x4c4c0, 0x0) truncate(&(0x7f0000000280)='./file1\x00', 0x1) r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r8, 0xc0205647, &(0x7f0000000240)=0x1) dup2(r8, r8) 10m56.979078516s ago: executing program 2 (id=38): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000044c0), 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000000008000000000000012000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3b}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r6) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r8, 0xba87317d461c07c9, 0xfffffffd, 0x4000}, 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x0) r9 = socket(0xa, 0x3, 0x3a) r10 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0) setsockopt$MRT6_ADD_MIF(r9, 0x29, 0xca, &(0x7f0000000000)={0x4}, 0xc) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f00000001c0)={0x1, 0x0, 0x5, 0x0, 0xffffff8f}, 0xc) setsockopt$MRT6_ADD_MFC_PROXY(r9, 0x29, 0xd2, &(0x7f0000000140)={{0xa, 0x4e24, 0x10f0, @loopback}, {0xa, 0x4e20, 0x1ac, @mcast2, 0x661}, 0x0, {[0x5, 0x4f, 0x7f, 0x58, 0x8, 0x7, 0x0, 0xe2f5]}}, 0x5c) poll(&(0x7f0000000040)=[{r0, 0x4}], 0x1, 0x9) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000000080)=0xfff) r11 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r11, &(0x7f0000000040)={0x2, 0xe21, @remote}, 0x10) 10m41.509362923s ago: executing program 32 (id=38): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000044c0), 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000000008000000000000012000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3b}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r6) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r8, 0xba87317d461c07c9, 0xfffffffd, 0x4000}, 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x0) r9 = socket(0xa, 0x3, 0x3a) r10 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0) setsockopt$MRT6_ADD_MIF(r9, 0x29, 0xca, &(0x7f0000000000)={0x4}, 0xc) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f00000001c0)={0x1, 0x0, 0x5, 0x0, 0xffffff8f}, 0xc) setsockopt$MRT6_ADD_MFC_PROXY(r9, 0x29, 0xd2, &(0x7f0000000140)={{0xa, 0x4e24, 0x10f0, @loopback}, {0xa, 0x4e20, 0x1ac, @mcast2, 0x661}, 0x0, {[0x5, 0x4f, 0x7f, 0x58, 0x8, 0x7, 0x0, 0xe2f5]}}, 0x5c) poll(&(0x7f0000000040)=[{r0, 0x4}], 0x1, 0x9) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000000080)=0xfff) r11 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r11, &(0x7f0000000040)={0x2, 0xe21, @remote}, 0x10) 5m3.488620629s ago: executing program 1 (id=1385): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x40, 0x2c, 0x601, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r1, {0xffe0}, {}, {0x5, 0x1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}]}}]}, 0x40}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4m39.449516764s ago: executing program 1 (id=1385): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x40, 0x2c, 0x601, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r1, {0xffe0}, {}, {0x5, 0x1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}]}}]}, 0x40}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3m48.940150754s ago: executing program 1 (id=1385): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x40, 0x2c, 0x601, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r1, {0xffe0}, {}, {0x5, 0x1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}]}}]}, 0x40}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3m34.031533202s ago: executing program 0 (id=1775): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff7ffa}]}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=0x0], 0x48) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xff, 0x1f}]}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, 0x2}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m33.489169473s ago: executing program 0 (id=1776): socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0xb, 0xfffffffffffffff8}, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000440), 0x10) listen(r1, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) accept4$unix(r1, 0x0, 0x0, 0x0) 3m32.632434038s ago: executing program 0 (id=1779): io_uring_setup(0x30d8, 0x0) connect$qrtr(0xffffffffffffffff, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7079, 0x0, 0x4, 0x288}, &(0x7f0000000340), 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x25dfdbfd, {0x2, 0x1f, 0x0, 0xcb, r4}, [@IFA_ADDRESS={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x1c}}, @IFA_LOCAL={0x8, 0x2, @broadcast}, @IFA_RT_PRIORITY={0x8, 0x9, 0x6}, @IFA_RT_PRIORITY={0x8, 0x9, 0x10000009}, @IFA_ADDRESS={0x8, 0x1, @loopback}, @IFA_RT_PRIORITY={0x8, 0x9, 0x103}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) 3m31.668294951s ago: executing program 0 (id=1781): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300), 0x2008000, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180)) 3m30.456392012s ago: executing program 0 (id=1784): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_cipso(0x0, r3) sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYRES16=r4], 0x50}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="650a00000000000061116400000000001800000000000000000000000000000095000000000000007c6fe1689aba46407fa1decfe8a9"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 3m28.36446684s ago: executing program 0 (id=1792): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) socket(0x1e, 0x4, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() socket(0x3, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) socket(0x10, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x3) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0xfffe, 0x0, @local}}, 0x0, 0x0, 0x2, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8) r6 = openat$smackfs_syslog(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$smackfs_label(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="2d28082e2900b7594394143acd190b5de9a4080f34a0e9b1ae014c1066e3c71b5353d6aa7202570f4d750940ab8c2acb55efa55bc499720832b8a3245774578abfa5e3a6709c9c96d3b00a8eab43925ff952a227fd294bb0f1428f96ffe43aa86e2f72d97829fc6cc5570b3d11dcd7fbcc74f83a1b74f8597867b154539f335cda9417bba823fc78c24ce75c24f954ba4f19a5119c9a8e08fd8253f559a2b8a973056aa44807d82737"], 0x6) socket$netlink(0x10, 0x3, 0x8000000004) 3m27.337232438s ago: executing program 33 (id=1792): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) socket(0x1e, 0x4, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() socket(0x3, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) socket(0x10, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x3) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0xfffe, 0x0, @local}}, 0x0, 0x0, 0x2, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8) r6 = openat$smackfs_syslog(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$smackfs_label(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="2d28082e2900b7594394143acd190b5de9a4080f34a0e9b1ae014c1066e3c71b5353d6aa7202570f4d750940ab8c2acb55efa55bc499720832b8a3245774578abfa5e3a6709c9c96d3b00a8eab43925ff952a227fd294bb0f1428f96ffe43aa86e2f72d97829fc6cc5570b3d11dcd7fbcc74f83a1b74f8597867b154539f335cda9417bba823fc78c24ce75c24f954ba4f19a5119c9a8e08fd8253f559a2b8a973056aa44807d82737"], 0x6) socket$netlink(0x10, 0x3, 0x8000000004) 3m16.329125535s ago: executing program 1 (id=1385): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x40, 0x2c, 0x601, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r1, {0xffe0}, {}, {0x5, 0x1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}]}}]}, 0x40}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2m49.348221183s ago: executing program 3 (id=1878): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb34902, 0x1000006, 0x28011, r1, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f00000000c0)={0x4000, 0x80600}) socket(0x1d, 0x3, 0x1) syz_open_dev$media(0x0, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000018120000", @ANYRES32, @ANYBLOB], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x4) close(r3) socket$kcm(0x10, 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000380)='/sys/power/pm_wakeup_irq', 0x0, 0x0) timerfd_create(0x6, 0x0) 2m46.817925339s ago: executing program 3 (id=1882): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) r1 = eventfd2(0x0, 0x0) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000100)={0x0, r1}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001500)=ANY=[], 0x1c}}, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4096}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 2m45.376419482s ago: executing program 3 (id=1884): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) membarrier(0x4, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000580)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x6, 0xc2, 0x0, 0x0, 0x10, {[@mss={0x1e, 0x4, 0x2101}]}}}}}}}}, 0x0) 2m45.050231285s ago: executing program 3 (id=1886): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) r4 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) mq_notify(r4, &(0x7f00000003c0)={0x0, 0xc, 0x1, @thr={0x0, 0x0}}) 2m43.859686145s ago: executing program 3 (id=1888): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x48400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x84000000}, 0xc, &(0x7f0000000240)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x14008000}, 0x1a52a53203556666) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x3004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x10001]}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffc, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, 0x3], 0x0, 0x100600}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m42.795944174s ago: executing program 3 (id=1890): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=mmap']) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r3 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) ftruncate(r4, 0x2000009) sendfile(r3, r4, 0x0, 0x7ffff000) lstat(&(0x7f00000002c0)='./file0\x00', 0x0) syz_genetlink_get_family_id$nl80211(0x0, r4) 2m27.600646737s ago: executing program 34 (id=1890): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=mmap']) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r3 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) ftruncate(r4, 0x2000009) sendfile(r3, r4, 0x0, 0x7ffff000) lstat(&(0x7f00000002c0)='./file0\x00', 0x0) syz_genetlink_get_family_id$nl80211(0x0, r4) 2m25.585841468s ago: executing program 1 (id=1385): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x40, 0x2c, 0x601, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r1, {0xffe0}, {}, {0x5, 0x1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}]}}]}, 0x40}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1m43.375266109s ago: executing program 1 (id=1385): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x40, 0x2c, 0x601, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r1, {0xffe0}, {}, {0x5, 0x1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}]}}]}, 0x40}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 25.894830804s ago: executing program 5 (id=2122): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read(0xffffffffffffffff, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000bcc000/0x4000)=nil, 0x4000}}) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x769}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ppoll(&(0x7f0000000180)=[{r3, 0x4047, 0x700}], 0x1, 0x0, 0x0, 0x0) close(r3) syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x6559, 0x13580, 0x3}, &(0x7f0000000040), &(0x7f0000000140)) 22.924535876s ago: executing program 5 (id=2125): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc", 0xe) r3 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000b00)) syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0) mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, 0x0) 21.764192412s ago: executing program 5 (id=2127): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) 18.994902782s ago: executing program 5 (id=2129): r0 = syz_clone(0x11000400, &(0x7f0000000440), 0x0, &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100)) prlimit64(r0, 0xe, &(0x7f0000000300)={0xa, 0x800000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="034886dd090032000300300000006000000001002f0081e949b9"], 0xfdef) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) pipe(0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) socketpair(0x25, 0x1, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$sysctl(r2, &(0x7f0000000000)='4\x00', 0x2) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r3, &(0x7f0000000000), 0xd) 17.448904688s ago: executing program 5 (id=2133): openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='blkio.bfq.sectors\x00', 0x275a, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet_tcp(0x2, 0x1, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x6, 0x8, 0x8, 0x41, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r4}, 0x38) 15.901249311s ago: executing program 5 (id=2136): r0 = syz_open_dev$vim2m(0x0, 0x1, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0xc0205647, &(0x7f0000000000)=0x2) r1 = syz_open_procfs(0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) mount(0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) chdir(0x0) listen(0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) getsockname$inet6(0xffffffffffffffff, 0x0, 0x0) 13.725653658s ago: executing program 6 (id=2141): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x18b801, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000300)) close(0xffffffffffffffff) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000040)={0xa}) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={0x3c, r4, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x3c}}, 0x0) 12.797089667s ago: executing program 7 (id=2142): socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x1e, 0x4, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() socket(0x3, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r3, 0x0, 0x0) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) socket(0x10, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x3) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0xfffe, 0x0, @local}}, 0x0, 0x0, 0x2, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8) r6 = openat$smackfs_syslog(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$smackfs_label(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="2d28082e2900b7594394143acd190b5de9a4080f34a0e9b1ae014c1066e3c71b5353d6aa7202570f4d750940ab8c2acb55efa55bc499720832b8a3245774578abfa5e3a6709c9c96d3b00a8eab43925ff952a227fd294bb0f1428f96ffe43aa86e2f72d97829fc6cc5570b3d11dcd7fbcc74f83a1b74f8597867b154539f335cda9417bba823fc78c24ce75c24f954ba4f19a5119c9a8e08fd8253f559a2b8a973056aa44807d82737"], 0x6) socket$netlink(0x10, 0x3, 0x8000000004) 11.688199997s ago: executing program 6 (id=2143): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4, 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x10000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') syz_open_dev$loop(0x0, 0xffffffff, 0x80000) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/power/pm_async', 0x101581, 0x100) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000280)={0x68, 0x66, 0x5, "87036ec9419e9b9b353654c5293ac5ec7544a95c5c08b8916971f21e6b7ee03522ec3260f38881ee8e7f10979b408d2ca055375a6f9fd15e7fdfe23c5958b08eeee046389bda54009eae4f97d21689b5281fb006eef8d1ee76549437e841e44c87596d333dd17d0b"}) write$tcp_mem(r1, &(0x7f0000000540)={0xffffffff7fffffff, 0x20, 0x0, 0x20, 0x4}, 0x48) memfd_create(&(0x7f0000000540)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x06\x00\x00\x00\x97A\xc2\xd8\xf0Uq!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\x16\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xf1k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9k\x83\xfc\xa4\xad4\x03\xa2X\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xdfY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96?\x00\x00\x00\x00\x00\x00\x00\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcb\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93>m\xd7q\'\xdf\xfajo\xd8n\xa7\xecJi\xde\xdf\x7f\xe3\xc4*Z 4\xe8S$\xa1H=\xdf\x05\xf3\xe3T\xd1\xdd\xc6f\xa4\xb4\x96\\\xa0\xf9\x0f\x17\x11{\xb6\x9d\xd21\xc1\x90Vj\x13r\x00\x00\xde\x03\xab\xff\x8as0\xc6E\xca\"\xd9*\x9a\x15\xb95r\x8f\xaaj\x82\xd6\xd2%\xed\xa2WQ\xec2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xccX\xfdRB\xffU\xe9\xfa\x1f\xf6\xce\b\xde@\x061\xc6z\xe4\xe0\xc9?\xa7\x94>\x9c\xd1\xa5o\x04\xaaim\xae\xfe\xc7f\xa3\x96\xd7\xb4c)r{\r#\xddI&\n\xf2\xec\xd4\xff\x9f\x136zZ-2\x80\xfbH+\x9b8\xf3\xed\xdf\xa2my\xb28c[\xc3\xfe\xb5M\x84\x97\xa5\'s\xe9\xdc=)I\xabLt2\x9c\v\xd9S', 0x6) set_mempolicy(0x4005, &(0x7f0000000080)=0x7, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 9.630704357s ago: executing program 6 (id=2145): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r4, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x23, 0x1, 0x0}, &(0x7f00000002c0)=0x40) 9.091954659s ago: executing program 7 (id=2146): r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r1, &(0x7f0000019080)=""/102356, 0x18fd4, 0x100c2a) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, 0x0, 0x0) listen(r2, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0x0, @local, @loopback, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20}}}}}}}, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x15, 0xf0200) ioctl$EVIOCSABS2F(r3, 0x401845ef, &(0x7f0000000040)={0x9, 0xfffffffc, 0x7, 0x101, 0x3f8, 0x75}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x2c, 0x2, 0x3, 0x5, 0x0, 0x0, {0xb, 0x0, 0x8}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x8}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x26}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40884}, 0x20000000) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000080)=0x8, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x0, 0x11, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$VIDIOC_ENUMSTD(0xffffffffffffffff, 0xc0405619, 0x0) 8.150537692s ago: executing program 6 (id=2147): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x4, 0x0) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r3, 0x1) connect$bt_rfcomm(r3, 0x0, 0x0) syz_emit_ethernet(0x604, &(0x7f00000001c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x5ce, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, [{0x5, 0xe, "7db4000005d4a3b4364be7baa2d73b4ac24ab977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe909218459bcbeaf63697aef1702b895af582b2e3b5cd435f497d415f29c5d941df10c1ca58197441e0e9b3400d980110420fa979a3"}, {0x0, 0x7, "1598a4a8a719ffe0621615f6d04dcae3360546cf06f2665bae2296931fd1d71c1f7e8f222b9ddc4e0bfb5e5c9a484353b785e79b4d81"}, {0x0, 0x4, "d429145c793e823829b4376332b2c98aee2dae3e1cb11adb2b381eb30650ac6c45f9"}, {0x0, 0x9d, "130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b8e16186a2e51e277f8c78df609ca44a83914e8f7a8b053210573941b560ff8b114326678c6851c74596300b1c2a1ddc0af5b4cb5f15fa61e42214341368152275070973f3063f35fded9eeb535a0837783921dc2b705e0a0ceacca1882ff23813bc9199a9be39559c9f82a7452ce6113780cd7d26f532b72603afbfe994f5baf7257c9a33b9ac1ecd0b69da263daa9ac7e6a8d4400341926ed1f0c0e9086009c7945c0b255716f5b0dac45a9af480dc1f17beba2a2cddeafed29ecc91ce704895e28d0c46e639591c667a7f34500ea98ef557801dccf733fa61f3cf6740e40418745a42a738440ba9fc2ec415ba0fbf34800e6987b902302d552cf869eb350a9a862cd946f8285b03f03067dc9bae653dc701d97c7e6f7c1f0767624ac9e48b041c51697968b1e1733921270e569ac0b1ac7c25d00936ad05f14d67d3225d6a8cecd9fb63205ab14131e2e742977860e4a38ec056cda185aa357a059d0180056816a7902bdc0951253005099039bd945a6a4e525123cd4fcb8c5b335626464707fc21e92039b9190020eb9ef84c61cddede466a4c3ea2572927153997c33433ce9de0a7d2ed0b5fb0dce9cc6630bd0635a66be0cb490689169618184e896233d49b8f0e0717ae5d557333d54887ed8d983ee01091326af86e76583131104c66753efd58c32e499be23a05249b98e505c4c0237e2e70506fed29a33169d02b74ba5cbefad267e1107f4468e1144ece9656d35b88e405405fbb1438510f0395752c61e57e760de178a58a8da65040946656220817732fa0cd36189027287597cc5ebe709ca9d9a507babd39f1e56a37657326c7ffb654ce5e2773e92e99783e3152562a21a574f521022314da92315c13a6a696122b211e29a85e81ba7a8fb4dee770d1cacaa2fb02d5fb97676d6402513cccc770ff1a9b9d3b1454ff071d6ed6c4e84249607b64a034b8127893a00aac7ce06a0c2820f7084a8d8e61fc6868c0c2c74005af049ea328a94d5d4534aa99c49208a5f339dec460f5231d6a3e42e4b314c913da4d4127f3d8407e7edbbb044d2e034d6c14c0b86de30afe2d0b92bcaa10cb48c54576114ab1844e25eabc3a8c7906e917b052dfe31e110aaf94876488e3ef926f2d6e6cb635836cb11dbd146a83e2034b7d41ebdaa959f4f74444aceab064af4fb73b5ac964eca5e12"}]}}}}}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x14, 0x1, 0x2, 0xf07, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x2ef84f70c2432ac2}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60122d9200083a0000000000000000000000ffff4569098dfe8000000000000000000000000000aa9100900800000000"], 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 8.128861274s ago: executing program 4 (id=2148): socket(0x10, 0x3, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, 0x0, 0x0) connect$vsock_stream(r0, &(0x7f0000002240)={0x28, 0x0, 0x0, @hyper}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r1 = fsopen(&(0x7f0000000080)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) symlinkat(&(0x7f0000000140)='.\x00', r2, &(0x7f00000000c0)='./file0\x00') r3 = openat(r2, &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000000)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b) 8.054943s ago: executing program 7 (id=2149): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06055c8, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f00000004c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x60}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x20}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x7, 0x0}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 5.631706685s ago: executing program 4 (id=2150): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r4 = accept$alg(r3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) recvmmsg(r4, &(0x7f0000006100), 0x49f, 0xf0ff, 0x0) ioprio_set$pid(0x1, 0x0, 0x4000) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) syz_io_uring_complete(0x0) 5.553606244s ago: executing program 7 (id=2151): socket$key(0xf, 0x3, 0x2) sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x2400c000) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) socket(0x10, 0x803, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x7, 0x1, 0x3, 0x100000001, 0x0, 0x7, 0x0, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0x0, 0x0, 0xdffffffe, 0x1000000000000, 0x7fffffff, 0xffffffffffffffff}, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000000340)=""/102392, 0x18ff8) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0x4, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x8000, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, 0x0) 4.126457139s ago: executing program 4 (id=2152): socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000140)={r4, 0x0, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r5, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x1000000, 0x2000}) fsopen(&(0x7f0000000100)='cifs\x00', 0x0) 3.238757945s ago: executing program 7 (id=2153): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01080000000000000000020000000900020073797a2a0000000008000440000000000900010073797a3000000000080003400000000a1400000011"], 0x64}}, 0x0) r4 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r5, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x69, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x26892}], 0xbb}}], 0x2, 0x0) 2.334406858s ago: executing program 4 (id=2154): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x20200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2) r4 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r4, 0x0, 0x0, 0x48, 0x7c) fdatasync(r3) r5 = syz_io_uring_setup(0x7955, 0x0, 0x0, &(0x7f0000000000)) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) io_uring_setup(0x1d05, &(0x7f0000000080)={0x0, 0x0, 0x80, 0x1000004, 0x387, 0x0, r5}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r6, 0x29, 0x1c, 0x0, 0x14) 2.160376429s ago: executing program 7 (id=2155): setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_access\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="020000"], 0x24, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x458, 0x5011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x394}}}}]}}]}}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000001440)={'\x00', 0x52d35ce30131f272}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r4, 0x303, 0x70bd28, 0x0, {0xa}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0) bind$netlink(r0, &(0x7f0000000640)={0x10, 0x0, 0x25dfdbfd, 0x10000}, 0xc) ioctl$TUNSETCARRIER(r2, 0x400454e2, &(0x7f00000001c0)=0x1) close(0x3) syz_usb_connect$cdc_ecm(0x1, 0xdd, &(0x7f00000006c0)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcb, 0x1, 0x1, 0x8, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0xf, 0x2, 0x2, 0x6, 0x0, 0x2, {{0x7, 0x24, 0x6, 0x0, 0x0, "74a4"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0xfffffffe, 0x3, 0x2, 0xf}, [@network_terminal={0x7, 0x24, 0xa, 0x5, 0x7f, 0x2, 0x24}, @mdlm_detail={0x61, 0x24, 0x13, 0x7, "762b23c7da0c051ef32a5c4788a4f6181e73724e894af4c5e628129dab1527136f8947f7fbd0011d43b0aee1af6f6f269c409192ac1f5f2806a3f3a680fd09ee886a0f87d6540f26c0a3905033394db14361cb2f1b1a06a36270c7434a"}, @country_functional={0xa, 0x24, 0x7, 0x2, 0xa, [0x5, 0x2]}, @mbim={0xc, 0x24, 0x1b, 0x5cfa, 0x401, 0x8, 0x2d, 0x9, 0x7f}, @country_functional={0x10, 0x24, 0x7, 0x4, 0x2, [0x2, 0x5, 0x81, 0x9, 0x8000]}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x4, 0x4, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x2, 0x9, 0x9}}}}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x310, 0x3, 0x10, 0x1, 0x0, 0x35}, 0x2d, &(0x7f0000000240)={0x5, 0xf, 0x2d, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x9, "d967a97d7344c296a05ae8197f291621"}, @ss_container_id={0x14, 0x10, 0x4, 0xc, "9df2b89662c2734991d4eb5bd99259b4"}]}, 0x6, [{0xbb, &(0x7f0000000380)=@string={0xbb, 0x3, "e11e1f6ae91dcb14ccc49ba6118a7d7060811884eef6b8304cc75a20cd7dd5a8766240da6f53554f7397776cd08b28206dbec5295cfb8ea2151cba8c987a48ef23ae44611d3abd40f443f9b336cc92eda4b24d5851356e35150491b5d3661a223792944aee0d92c6e990eeeb11cf08a8384d0f4e0976b70d839300db843f6e71d05d43b706bafa3aba5f975d5a6991c0cb0dec071d9b6ba1df386601022ff2d6d41a073a300954e0002050404f97fab262bad313d0c9f130e0"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0xc07}}, {0xe8, &(0x7f0000000440)=@string={0xe8, 0x3, "f25818b2e381c6670a85cc09bc7df00aa9a29e22b19c2c07bc11dd0d4c7d0318837e76940b45f4b13ce577c716adc346447dc45f85dc5068c222f5c1cad992861ffee2c8aed91817bac938b7369492ffcbca8290fa95cafa1d3dad444a6d863777185200b8f0bd723e40ef2432c05605c19866f2fb89be8adc59d31f1b3ebfe36d0da97052848be128d80bdb9c430d6d67c02d63c1f14ce73ba1dc1ac4f8c17318f4c5be684f5242f935324a3e529837ad5fd4d511c9168634d2608868aa0306495ec18431b5f714188762c07bd24d5c4bac4fa98b65689605bd0261d464e3e0e31f61e5dfd5"}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x445}}, {0x7, &(0x7f0000000540)=@string={0x7, 0x3, "0b881d2193"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x81d}}]}) syz_usb_control_io$hid(r1, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) 1.427019227s ago: executing program 4 (id=2156): socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x1e, 0x4, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() socket(0x3, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r3, 0x0, 0x0) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) socket(0x10, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x3) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0xfffe, 0x0, @local}}, 0x0, 0x0, 0x2, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8) r6 = openat$smackfs_syslog(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$smackfs_label(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="2d28082e2900b7594394143acd190b5de9a4080f34a0e9b1ae014c1066e3c71b5353d6aa7202570f4d750940ab8c2acb55efa55bc499720832b8a3245774578abfa5e3a6709c9c96d3b00a8eab43925ff952a227fd294bb0f1428f96ffe43aa86e2f72d97829fc6cc5570b3d11dcd7fbcc74f83a1b74f8597867b154539f335cda9417bba823fc78c24ce75c24f954ba4f19a5119c9a8e08fd8253f559a2b8a973056aa44807d82737"], 0x6) socket$netlink(0x10, 0x3, 0x8000000004) 1.373573511s ago: executing program 6 (id=2157): write$bt_hci(0xffffffffffffffff, 0x0, 0x6) r0 = socket$packet(0x11, 0x2, 0x300) socket$rds(0x15, 0x5, 0x0) bind$packet(r0, &(0x7f0000000180)={0x11, 0x16, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) syz_io_uring_submit(0x0, 0x0, 0x0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0x8000003d) fcntl$setsig(r1, 0xa, 0x21) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x4000, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x804000000000000) write$tcp_congestion(0xffffffffffffffff, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r2}, 0x10) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r3, 0x402, 0x8000003d) setresuid(0x0, 0xee00, 0x0) unshare(0x2a020480) socket$nl_generic(0x10, 0x3, 0x10) 453.96523ms ago: executing program 35 (id=2136): r0 = syz_open_dev$vim2m(0x0, 0x1, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0xc0205647, &(0x7f0000000000)=0x2) r1 = syz_open_procfs(0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) mount(0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) chdir(0x0) listen(0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) getsockname$inet6(0xffffffffffffffff, 0x0, 0x0) 140.968877ms ago: executing program 4 (id=2159): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000), 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@dev={0xfe, 0x80, '\x00', 0x19}, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1}, {0x81, 0x2}, 0x2000000, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) 0s ago: executing program 6 (id=2160): dup(0xffffffffffffffff) syz_open_dev$radio(0x0, 0x1, 0x2) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000080)) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x0, 0x0}}, 0xfc36) kernel console output (not intermixed with test programs): ][T10393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.356790][T10393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 443.377658][T10393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.417106][T10393] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 443.467243][T10647] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.476967][T10647] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.486269][T10647] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.495065][T10647] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.522734][ T5877] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 443.532370][T10647] vxlan0: entered promiscuous mode [ 443.594610][T10393] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.622670][T10393] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.632259][T10393] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.664908][T10393] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.706041][ T5877] usb 1-1: Using ep0 maxpacket: 16 [ 443.721855][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.974864][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 443.992327][ T5877] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 444.004617][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.034827][ T5877] usb 1-1: config 0 descriptor?? [ 444.915840][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.937401][ T5877] input: HID 05ac:8241 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:05AC:8241.0028/input/input40 [ 444.992514][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.097196][ T5877] appleir 0003:05AC:8241.0028: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.0-1/input0 [ 445.114639][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 445.134109][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.752100][ T5877] usb 1-1: USB disconnect, device number 31 [ 446.255937][ T6181] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.427021][ T6181] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.573697][ T6181] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.725967][ T6181] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.042840][ T6181] bridge_slave_1: left allmulticast mode [ 447.048565][ T6181] bridge_slave_1: left promiscuous mode [ 447.082957][ T6181] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.123315][ T6181] bridge_slave_0: left allmulticast mode [ 447.129058][ T6181] bridge_slave_0: left promiscuous mode [ 447.160147][ T6181] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.331283][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 447.345833][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 447.356328][ T5837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 447.367641][ T5837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 447.385663][ T5837] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 447.394072][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 448.926709][ T6181] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 448.940198][ T6181] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 448.952702][ T5879] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 448.964365][ T6181] bond0 (unregistering): Released all slaves [ 449.087449][T10747] lo speed is unknown, defaulting to 1000 [ 449.113103][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 449.199670][T10777] ip6t_srh: unknown srh match flags 4000 [ 449.212755][ T5879] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 449.221877][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.264018][ T5879] usb 4-1: Product: syz [ 449.268270][ T5879] usb 4-1: Manufacturer: syz [ 449.285604][ T5879] usb 4-1: SerialNumber: syz [ 449.303534][ T5879] usb 4-1: config 0 descriptor?? [ 449.483951][ T5837] Bluetooth: hci4: command tx timeout [ 449.561160][ T5879] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 449.981364][ T6181] hsr_slave_0: left promiscuous mode [ 450.010277][ T6181] hsr_slave_1: left promiscuous mode [ 450.068065][ T6181] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 450.083312][ T6181] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 450.109441][ T6181] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 450.127691][ T6181] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 450.230867][ T6181] veth1_macvtap: left promiscuous mode [ 450.239704][ T6181] veth0_macvtap: left promiscuous mode [ 450.255751][ T6181] veth1_vlan: left promiscuous mode [ 450.269480][ T6181] veth0_vlan: left promiscuous mode [ 450.975325][ T5879] gspca_sunplus: reg_r err -71 [ 450.980291][ T5879] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 450.991916][ T5879] usb 4-1: USB disconnect, device number 22 [ 451.562817][ T5837] Bluetooth: hci4: command tx timeout [ 452.780624][ T6181] team0 (unregistering): Port device team_slave_1 removed [ 452.823458][ T5876] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 452.835851][ T6181] team0 (unregistering): Port device team_slave_0 removed [ 452.986013][ T5876] usb 4-1: Using ep0 maxpacket: 8 [ 453.027275][ T5876] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 453.037023][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.045407][ T5876] usb 4-1: Product: syz [ 453.050830][ T5876] usb 4-1: Manufacturer: syz [ 453.066632][ T5876] usb 4-1: SerialNumber: syz [ 453.075808][ T5876] usb 4-1: config 0 descriptor?? [ 453.301105][ T5876] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 453.655039][ T5837] Bluetooth: hci4: command tx timeout [ 453.859365][T10747] chnl_net:caif_netlink_parms(): no params data found [ 453.916615][T10836] hub 1-0:1.0: USB hub found [ 453.934425][T10836] hub 1-0:1.0: 1 port detected [ 454.236077][T10747] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.250195][T10747] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.269522][T10747] bridge_slave_0: entered allmulticast mode [ 454.281002][T10747] bridge_slave_0: entered promiscuous mode [ 454.312762][ T5876] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 454.334521][ T5876] usb 4-1: USB disconnect, device number 23 [ 454.352037][T10747] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.382623][T10747] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.400447][T10747] bridge_slave_1: entered allmulticast mode [ 454.417887][T10747] bridge_slave_1: entered promiscuous mode [ 454.583659][T10747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 454.625493][T10747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 455.611264][T10747] team0: Port device team_slave_0 added [ 455.743373][ T5837] Bluetooth: hci4: command tx timeout [ 455.883139][T10747] team0: Port device team_slave_1 added [ 456.754298][T10747] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 456.802235][T10747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 456.906297][T10747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 456.922720][ T6147] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 456.941069][T10876] netlink: 'syz.3.1498': attribute type 5 has an invalid length. [ 456.957882][T10747] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 456.986813][T10747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 457.083695][T10747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 457.139911][ T6147] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.177440][ T6147] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.222515][ T6147] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 457.270145][ T6147] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 457.302538][ T6147] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.343731][ T6147] usb 5-1: config 0 descriptor?? [ 457.406888][T10747] hsr_slave_0: entered promiscuous mode [ 457.460231][T10747] hsr_slave_1: entered promiscuous mode [ 457.493994][T10747] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 457.570010][T10747] Cannot create hsr debugfs directory [ 457.807301][ T6147] plantronics 0003:047F:FFFF.0029: unknown main item tag 0x0 [ 457.823208][ T6147] plantronics 0003:047F:FFFF.0029: No inputs registered, leaving [ 457.852921][ T6147] plantronics 0003:047F:FFFF.0029: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 459.429627][T10747] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 459.462235][T10747] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 459.481446][T10747] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 459.499508][T10747] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 459.814580][T10747] 8021q: adding VLAN 0 to HW filter on device bond0 [ 459.901234][T10747] 8021q: adding VLAN 0 to HW filter on device team0 [ 459.918394][ T5877] usb 5-1: USB disconnect, device number 23 [ 459.953782][ T6346] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.960970][ T6346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 460.032837][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.040052][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 460.770752][T10747] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 460.882725][T10747] veth0_vlan: entered promiscuous mode [ 460.940807][T10747] veth1_vlan: entered promiscuous mode [ 461.108399][T10747] veth0_macvtap: entered promiscuous mode [ 461.372615][ T5877] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 461.384980][T10747] veth1_macvtap: entered promiscuous mode [ 462.019437][T10747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.052489][T10747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.073216][T10747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.100389][T10747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.110986][ T5877] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 462.122311][T10747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.128178][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.134021][T10747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.151474][T10747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.166560][T10747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.178244][ T5877] usb 5-1: config 0 descriptor?? [ 462.179059][T10747] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 462.190931][T10967] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1514'. [ 462.196645][ T5877] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 462.208981][T10967] netlink: 'syz.0.1514': attribute type 1 has an invalid length. [ 462.232649][T10967] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1514'. [ 462.323940][T10747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.362687][T10747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.379549][T10747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.412524][T10747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.452621][T10747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.483261][T10747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.502484][T10747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.541269][T10747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.570077][T10747] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 462.599633][ T29] audit: type=1800 audit(1737411083.077:17): pid=10973 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.1516" name="bus" dev="overlay" ino=1598 res=0 errno=0 [ 462.658597][T10747] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.687187][T10747] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.722488][T10747] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.732113][T10747] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.027684][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.053953][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.138135][ T6181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.160028][ T6181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.442680][ T5877] gspca_stv06xx: I2C: Read error writing address: -71 [ 463.513792][ T5877] usb 5-1: USB disconnect, device number 24 [ 465.312968][T11042] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.495255][T11042] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.814415][T11042] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.074184][T11042] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.102617][ T5877] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 466.210489][T11096] kvm: pic: non byte read [ 466.261662][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 466.311204][ T5877] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 466.320533][T10268] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 466.369173][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.402282][T11042] bridge_slave_1: left allmulticast mode [ 466.409429][ T5877] usb 4-1: config 0 descriptor?? [ 466.435471][T11042] bridge_slave_1: left promiscuous mode [ 466.446877][T11042] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.490240][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 466.508365][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 466.514458][T11042] bridge_slave_0: left allmulticast mode [ 466.518305][T10268] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 466.533376][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 466.540834][T10268] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 466.550167][T11042] bridge_slave_0: left promiscuous mode [ 466.551923][T10268] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 466.570469][T10268] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 466.580580][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 466.590897][T10268] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.600816][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 466.608990][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 466.620331][T10268] usb 1-1: config 0 descriptor?? [ 466.652674][T11042] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.908565][ T5877] keytouch 0003:0926:3333.002A: fixing up Keytouch IEC report descriptor [ 467.227340][ T5877] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.002A/input/input41 [ 467.337103][ T5877] keytouch 0003:0926:3333.002A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 467.473983][T10268] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x2 [ 467.501101][T10268] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0 [ 467.534414][T10268] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0 [ 467.541936][T10268] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0 [ 467.582739][T10268] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0 [ 467.590526][T10268] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0 [ 467.662647][T10268] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0 [ 467.663815][T11093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 467.670866][T10268] plantronics 0003:047F:FFFF.002B: No inputs registered, leaving [ 467.728048][T11093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 467.760948][T10268] plantronics 0003:047F:FFFF.002B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 468.065611][ T5876] usb 1-1: USB disconnect, device number 32 [ 468.191959][T10268] usb 4-1: USB disconnect, device number 24 [ 468.683012][ T5837] Bluetooth: hci4: command tx timeout [ 469.092268][T11042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 469.118497][T11042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 469.147193][T11042] bond0 (unregistering): Released all slaves [ 469.843109][T11120] netlink: 88 bytes leftover after parsing attributes in process `syz.5.1535'. [ 470.021993][T11142] random: crng reseeded on system resumption [ 470.382658][T11102] lo speed is unknown, defaulting to 1000 [ 470.391159][T11155] fuse: Bad value for 'fd' [ 470.763363][ T5837] Bluetooth: hci4: command tx timeout [ 470.797778][T11042] hsr_slave_0: left promiscuous mode [ 470.829528][T11042] hsr_slave_1: left promiscuous mode [ 470.848325][T11042] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 470.883476][T11042] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 470.924533][T11042] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 470.956079][T11042] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 471.012319][T11042] veth1_macvtap: left promiscuous mode [ 471.022825][T11042] veth0_macvtap: left promiscuous mode [ 471.028585][T11042] veth1_vlan: left promiscuous mode [ 471.040496][T11042] veth0_vlan: left promiscuous mode [ 472.842819][ T5837] Bluetooth: hci4: command tx timeout [ 472.884698][T11188] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1552'. [ 472.985064][T11191] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1552'. [ 473.905497][T11042] team0 (unregistering): Port device team_slave_1 removed [ 474.316034][T11042] team0 (unregistering): Port device team_slave_0 removed [ 474.317085][T11201] netlink: 'syz.5.1554': attribute type 1 has an invalid length. [ 474.331609][T11201] nbd: couldn't find a device at index 20 [ 474.922679][ T5837] Bluetooth: hci4: command tx timeout [ 476.324260][T11240] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1567'. [ 476.399307][T11240] netlink: 'syz.3.1567': attribute type 25 has an invalid length. [ 476.483538][T11240] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.492669][T11240] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.502056][T11240] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.511255][T11240] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 476.639931][T11102] chnl_net:caif_netlink_parms(): no params data found [ 477.565846][T11262] ptrace attach of "./syz-executor exec"[5825] was attempted by ""[11262] [ 477.721686][T11102] bridge0: port 1(bridge_slave_0) entered blocking state [ 477.757654][T11102] bridge0: port 1(bridge_slave_0) entered disabled state [ 477.775264][T11102] bridge_slave_0: entered allmulticast mode [ 477.794878][T11102] bridge_slave_0: entered promiscuous mode [ 477.827200][T11102] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.848452][T11102] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.879569][T11102] bridge_slave_1: entered allmulticast mode [ 477.912106][T11102] bridge_slave_1: entered promiscuous mode [ 478.024222][T11281] kvm: emulating exchange as write [ 478.138455][T11102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 478.157111][T11288] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1579'. [ 478.230351][T11102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 478.393953][T11102] team0: Port device team_slave_0 added [ 478.426323][T11102] team0: Port device team_slave_1 added [ 479.151633][T11102] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 479.170355][T11102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.422598][T11102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 480.263032][T11102] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 480.305278][T11102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 480.331307][ C1] vkms_vblank_simulate: vblank timer overrun [ 480.436000][T11102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 480.700834][T11102] hsr_slave_0: entered promiscuous mode [ 480.755789][T11102] hsr_slave_1: entered promiscuous mode [ 480.811899][T11102] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 480.832605][T11102] Cannot create hsr debugfs directory [ 482.109536][T11337] QAT: Device 7 not found [ 483.323272][T11357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1593'. [ 483.414403][T11357] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1593'. [ 483.435554][T11357] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1593'. [ 483.475488][T11360] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 483.542154][T11102] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 483.615457][T11102] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 483.724476][T11102] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 483.767936][T11102] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 484.108372][T11102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 484.191973][T11102] 8021q: adding VLAN 0 to HW filter on device team0 [ 484.325212][T11036] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.332569][T11036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 484.419218][T11036] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.426630][T11036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 484.607624][ T974] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 484.883412][ T974] usb 5-1: Using ep0 maxpacket: 32 [ 485.005179][ T974] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 485.162142][ T974] usb 5-1: config 0 has no interface number 0 [ 485.189142][T11102] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 485.214426][ T974] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 485.290263][ T974] usb 5-1: config 0 interface 1 has no altsetting 0 [ 485.386819][ T974] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 485.443763][ T974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.478669][ T974] usb 5-1: Product: syz [ 485.485704][ T974] usb 5-1: Manufacturer: syz [ 485.494066][ T974] usb 5-1: SerialNumber: syz [ 485.497907][T11102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 485.528706][ T974] usb 5-1: config 0 descriptor?? [ 485.651420][T11102] veth0_vlan: entered promiscuous mode [ 485.685013][T11102] veth1_vlan: entered promiscuous mode [ 486.267262][ T974] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 486.300929][T11102] veth0_macvtap: entered promiscuous mode [ 486.306282][ T974] cx231xx 5-1:0.1: Failed to read PCB config [ 486.338734][ T974] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71 [ 486.345413][T11102] veth1_macvtap: entered promiscuous mode [ 486.365108][ T974] usb 5-1: USB disconnect, device number 25 [ 486.434130][T11102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.469334][T11102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.511174][T11102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.582570][T11102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.600184][T11102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.648951][T11102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.673317][T11102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.692570][ T974] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 486.702637][T11102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.731658][T11102] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 486.769071][T11102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.802552][T11102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.834881][T11102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.872685][T11102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.883124][T11102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.902569][T11102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.912714][ T974] usb 5-1: Using ep0 maxpacket: 32 [ 486.918342][T11102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.933287][ T974] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 486.952590][ T974] usb 5-1: config 0 has no interface number 0 [ 486.970893][ T974] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 486.984019][T11102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.003010][ T974] usb 5-1: config 0 interface 1 has no altsetting 0 [ 487.020402][T11102] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 487.030298][ T974] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 487.042630][ T974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.061885][T11102] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.072882][ T974] usb 5-1: Product: syz [ 487.077120][ T974] usb 5-1: Manufacturer: syz [ 487.081842][ T974] usb 5-1: SerialNumber: syz [ 487.109917][T11102] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.142580][T11102] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.154293][ T974] usb 5-1: config 0 descriptor?? [ 487.174736][T11102] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.339424][ T974] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 487.405232][ T974] cx231xx 5-1:0.1: Failed to read PCB config [ 487.425704][ T974] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71 [ 487.434945][T11032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.466125][T11032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.471695][ T974] usb 5-1: USB disconnect, device number 26 [ 487.568217][T11032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.602830][T11032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 488.754884][T11026] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.984849][T11026] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 490.038241][ T5881] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 490.375298][ T5881] usb 5-1: Using ep0 maxpacket: 8 [ 490.557494][ T5881] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 490.698037][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.812899][ T5881] usb 5-1: Product: syz [ 490.849171][ T5881] usb 5-1: Manufacturer: syz [ 490.869888][ T5881] usb 5-1: SerialNumber: syz [ 490.902377][ T5881] usb 5-1: config 0 descriptor?? [ 491.027618][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 491.041492][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 491.065501][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 491.079810][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 491.088387][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 491.098438][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 491.163708][ T5881] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 492.042504][ T5881] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 492.080430][ T5881] usb 5-1: USB disconnect, device number 27 [ 493.169266][ T54] Bluetooth: hci4: command tx timeout [ 494.899772][T11516] binder_alloc: 11515: binder_alloc_buf, no vma [ 495.245913][ T54] Bluetooth: hci4: command tx timeout [ 495.498500][T11026] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.626619][T11520] syzkaller0: entered promiscuous mode [ 495.632236][T11520] syzkaller0: entered allmulticast mode [ 495.674744][T11487] lo speed is unknown, defaulting to 1000 [ 495.856142][T11026] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.192556][ T6147] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 496.363335][ T6147] usb 4-1: Using ep0 maxpacket: 8 [ 496.379936][ T6147] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 496.586205][ T6147] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.899534][ T6147] usb 4-1: config 0 descriptor?? [ 497.324294][ T54] Bluetooth: hci4: command tx timeout [ 499.310477][ T6147] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 499.323889][ T6147] asix 4-1:0.0: probe with driver asix failed with error -71 [ 499.357332][ T6147] usb 4-1: USB disconnect, device number 25 [ 499.406026][ T54] Bluetooth: hci4: command tx timeout [ 500.967540][ T5881] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 501.287272][ T5881] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 501.324687][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.452971][ T5881] usb 1-1: config 0 descriptor?? [ 501.881279][T11577] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1645'. [ 501.901731][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 503.776178][ T5881] usb 1-1: Cannot set autoneg [ 503.908443][ T5881] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 504.686645][ T5881] usb 1-1: USB disconnect, device number 33 [ 504.828319][T11487] chnl_net:caif_netlink_parms(): no params data found [ 504.902023][T11026] bridge_slave_1: left allmulticast mode [ 504.942663][T11026] bridge_slave_1: left promiscuous mode [ 504.973010][T11026] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.063664][T11026] bridge_slave_0: left allmulticast mode [ 505.078054][T11026] bridge_slave_0: left promiscuous mode [ 505.102678][T11026] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.134694][T11607] xt_hashlimit: max too large, truncated to 1048576 [ 505.932910][T11026] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 505.946152][T11026] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 505.958700][T11026] bond0 (unregistering): Released all slaves [ 506.043254][T11610] syz_tun: left promiscuous mode [ 506.122921][T11610] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 506.562732][ T5877] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 506.744786][ T5877] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 506.762931][ T5877] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 506.779829][ T5877] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 506.792194][T11026] hsr_slave_0: left promiscuous mode [ 506.795983][ T5877] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 506.816589][T11026] hsr_slave_1: left promiscuous mode [ 506.817804][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.843078][T11621] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 506.864312][T11026] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 506.874370][T11026] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 506.901552][T11026] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 506.924203][T11026] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 507.013730][T11026] veth1_macvtap: left promiscuous mode [ 507.041429][T11026] veth0_macvtap: left promiscuous mode [ 507.079141][T11026] veth1_vlan: left promiscuous mode [ 507.099831][T11026] veth0_vlan: left promiscuous mode [ 508.405673][T11026] team0 (unregistering): Port device team_slave_1 removed [ 508.521004][T11026] team0 (unregistering): Port device team_slave_0 removed [ 509.594180][ T5877] aiptek 5-1:17.0: Aiptek tried all speeds, no sane response [ 509.601735][ T5877] aiptek 5-1:17.0: probe with driver aiptek failed with error -22 [ 509.639115][ T5877] usb 5-1: USB disconnect, device number 28 [ 511.471995][T11487] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.490055][T11487] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.553011][T11487] bridge_slave_0: entered allmulticast mode [ 511.612836][T11487] bridge_slave_0: entered promiscuous mode [ 511.621952][T11487] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.653962][T11487] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.661304][T11487] bridge_slave_1: entered allmulticast mode [ 511.685704][T11487] bridge_slave_1: entered promiscuous mode [ 511.821694][T11487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 511.850594][T11487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 512.007105][T11487] team0: Port device team_slave_0 added [ 512.032177][T11487] team0: Port device team_slave_1 added [ 512.136040][T11487] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 512.152528][T11487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.180431][T11487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 512.196439][T11487] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 512.213505][T11487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.241409][T11487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 512.390383][T11487] hsr_slave_0: entered promiscuous mode [ 512.416513][T11487] hsr_slave_1: entered promiscuous mode [ 512.434870][T11487] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 512.448839][T11487] Cannot create hsr debugfs directory [ 513.023504][ T5923] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 513.327362][ T5877] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 513.362640][ T5923] usb 6-1: Using ep0 maxpacket: 8 [ 513.386529][ T5923] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 513.486844][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.512871][ T5877] usb 4-1: Using ep0 maxpacket: 32 [ 513.590239][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 513.706213][ T5923] usb 6-1: Product: syz [ 513.710478][ T5923] usb 6-1: Manufacturer: syz [ 513.747744][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 513.768463][ T5923] usb 6-1: SerialNumber: syz [ 513.797926][ T5923] usb 6-1: config 0 descriptor?? [ 513.812774][ T5877] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 513.846568][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.973994][ T5877] usb 4-1: config 0 descriptor?? [ 514.069268][ T5923] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 514.200119][ T29] audit: type=1804 audit(1737411134.677:18): pid=11728 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.1676" name="/newroot/344/bus/bus" dev="overlay" ino=1793 res=1 errno=0 [ 514.207446][T11728] Invalid ELF header magic: != ELF [ 514.573374][ T5877] ft260 0003:0403:6030.002C: unknown main item tag 0x0 [ 514.739396][ T5923] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 514.779507][ T5877] ft260 0003:0403:6030.002C: chip code: 5e81 abf2 [ 514.791789][ T5923] usb 6-1: USB disconnect, device number 22 [ 514.867172][T11487] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 514.885798][T11487] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 514.905054][T11732] netfs: Couldn't get user pages (rc=-14) [ 514.954882][T11487] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 514.970964][ T5877] ft260 0003:0403:6030.002C: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0 [ 514.995218][T11487] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 515.172054][ T5877] ft260 0003:0403:6030.002C: failed to retrieve status: -32, no wakeup [ 515.280845][T11487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 515.351927][T11487] 8021q: adding VLAN 0 to HW filter on device team0 [ 515.390101][ T6181] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.397325][ T6181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.490659][ T6147] usb 4-1: USB disconnect, device number 26 [ 515.509942][T11038] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.517199][T11038] bridge0: port 2(bridge_slave_1) entered forwarding state [ 517.548368][T11757] binder: BINDER_SET_CONTEXT_MGR already set [ 517.586120][T11757] binder: 11753:11757 ioctl 4018620d 20000040 returned -16 [ 517.949990][T11487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 518.151164][T11487] veth0_vlan: entered promiscuous mode [ 518.237297][T11487] veth1_vlan: entered promiscuous mode [ 518.274436][T11775] binder: 11772:11775 ioctl c0306201 20000500 returned -14 [ 518.493328][T11774] syzkaller0: entered promiscuous mode [ 518.512112][T11774] syzkaller0: entered allmulticast mode [ 518.531155][T11487] veth0_macvtap: entered promiscuous mode [ 518.574817][T11487] veth1_macvtap: entered promiscuous mode [ 522.028022][T11826] netlink: 'syz.4.1695': attribute type 27 has an invalid length. [ 525.096577][T11820] : renamed from ipvlan1 [ 525.102728][T11825] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 525.110509][T11825] IPv6: NLM_F_CREATE should be set when creating new route [ 525.685237][T11826] bridge0: port 2(bridge_slave_1) entered disabled state [ 525.692678][T11826] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.521781][T11826] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 526.553924][T11826] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 527.329374][T11826] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.352138][T11826] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.361243][T11826] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.370318][T11826] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.569578][T11487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.599310][T11487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.622499][T11487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.640310][T11487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.658343][T11487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.670549][T11487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.686036][T11487] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 527.746545][T11487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.779919][T11487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.798758][T11487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.817283][T11487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.869284][T11487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.921013][T11487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.020997][T11487] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 528.209739][T11487] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.234294][T11487] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.252565][T11487] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.299978][T11487] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.345437][ T1106] syzkaller0: tun_net_xmit 76 [ 528.353479][ T1106] syzkaller0: tun_net_xmit 48 [ 528.383832][ T5879] syzkaller0: tun_net_xmit 76 [ 531.601224][ T29] audit: type=1326 audit(1737411152.077:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11940 comm="syz.5.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 531.634584][ T29] audit: type=1326 audit(1737411152.087:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11940 comm="syz.5.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 531.690055][ T29] audit: type=1326 audit(1737411152.087:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11940 comm="syz.5.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 531.726110][ T29] audit: type=1326 audit(1737411152.087:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11940 comm="syz.5.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 531.759766][ T29] audit: type=1326 audit(1737411152.087:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11940 comm="syz.5.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 531.782087][ T29] audit: type=1326 audit(1737411152.087:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11940 comm="syz.5.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff95fd84690 code=0x7ffc0000 [ 531.829429][ T29] audit: type=1326 audit(1737411152.087:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11940 comm="syz.5.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff95fd84690 code=0x7ffc0000 [ 531.912884][ T29] audit: type=1326 audit(1737411152.087:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11940 comm="syz.5.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 531.989904][ T29] audit: type=1326 audit(1737411152.087:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11940 comm="syz.5.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 532.021839][ T29] audit: type=1326 audit(1737411152.087:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11940 comm="syz.5.1715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff95fd84690 code=0x7ffc0000 [ 533.508203][ T5926] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 533.587154][ T5926] hid-generic 0000:0000:0000.002D: hidraw0: HID v0.00 Device [syz0] on syz0 [ 536.286722][T11026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.320392][T11026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.332278][T11026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.341096][T11026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 538.952001][T11026] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.090078][T11026] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.207811][T11026] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.279524][T11026] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.435498][T11026] bridge_slave_1: left allmulticast mode [ 539.441226][T11026] bridge_slave_1: left promiscuous mode [ 539.447469][T11026] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.456936][T11026] bridge_slave_0: left allmulticast mode [ 539.463404][T11026] bridge_slave_0: left promiscuous mode [ 539.469140][T11026] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.405424][T12052] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 542.429379][T12056] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 542.498521][T12056] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 542.555263][T12056] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 542.636196][T12056] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 542.709018][T12056] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 542.755516][T12056] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 542.989193][T11026] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 543.087335][T11026] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 543.107387][T12061] overlayfs: failed to get inode (-116) [ 543.131305][T12061] overlayfs: failed to get inode (-116) [ 543.190035][T11026] bond0 (unregistering): Released all slaves [ 543.983439][T12086] usb usb9: usbfs: process 12086 (syz.4.1751) did not claim interface 0 before use [ 544.467577][T12050] lo speed is unknown, defaulting to 1000 [ 544.876202][ T54] Bluetooth: hci4: command tx timeout [ 545.432643][T11026] hsr_slave_0: left promiscuous mode [ 545.457880][T11026] hsr_slave_1: left promiscuous mode [ 545.922085][T11026] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 545.982532][T11026] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 545.993483][T11026] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 546.007271][T11026] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 546.113830][T11026] veth1_macvtap: left promiscuous mode [ 546.142588][T11026] veth0_macvtap: left promiscuous mode [ 546.179326][T11026] veth1_vlan: left promiscuous mode [ 546.202125][T11026] veth0_vlan: left promiscuous mode [ 546.603294][ T5926] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 546.813942][ T5926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 546.934283][ T54] Bluetooth: hci4: command tx timeout [ 547.089687][ T5926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 547.113076][ T5926] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 547.131717][ T5926] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 547.153338][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.164040][ T5926] usb 1-1: config 0 descriptor?? [ 547.637633][T12112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 547.655222][T12112] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 547.778215][ T5926] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 547.791291][ T5926] plantronics 0003:047F:FFFF.002E: No inputs registered, leaving [ 547.870922][ T5926] plantronics 0003:047F:FFFF.002E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 547.988978][T11871] usb 1-1: USB disconnect, device number 34 [ 548.983255][T12145] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1763'. [ 549.069914][T12146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1764'. [ 549.094950][T12056] Bluetooth: hci4: command tx timeout [ 549.104455][T12149] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1763'. [ 549.138401][ T29] kauditd_printk_skb: 17 callbacks suppressed [ 549.138415][ T29] audit: type=1804 audit(1737411169.617:46): pid=12148 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.1765" name="/newroot/377/bus/bus" dev="overlay" ino=1974 res=1 errno=0 [ 549.175280][T12148] Invalid ELF header magic: != ELF [ 550.121126][T11026] team0 (unregistering): Port device team_slave_1 removed [ 550.967790][T11026] team0 (unregistering): Port device team_slave_0 removed [ 551.163155][T12056] Bluetooth: hci4: command 0x0419 tx timeout [ 552.351139][T12176] netlink: 'syz.5.1771': attribute type 4 has an invalid length. [ 552.406088][T12177] netlink: 'syz.5.1771': attribute type 4 has an invalid length. [ 553.034089][T12146] : entered promiscuous mode [ 553.242537][T12056] Bluetooth: hci4: command 0x0419 tx timeout [ 553.503266][T12050] chnl_net:caif_netlink_parms(): no params data found [ 553.934194][T12050] bridge0: port 1(bridge_slave_0) entered blocking state [ 553.989699][T12050] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.025250][T12050] bridge_slave_0: entered allmulticast mode [ 554.038604][T12050] bridge_slave_0: entered promiscuous mode [ 554.063537][T12050] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.092091][T12050] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.120219][T12050] bridge_slave_1: entered allmulticast mode [ 554.159737][T12050] bridge_slave_1: entered promiscuous mode [ 554.349133][T12050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 554.893860][T12050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 555.187670][T12050] team0: Port device team_slave_0 added [ 555.233385][T12224] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1779'. [ 555.265707][T12050] team0: Port device team_slave_1 added [ 555.322724][T12056] Bluetooth: hci4: command 0x0419 tx timeout [ 555.942851][T12050] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 555.949869][T12050] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 556.015466][T12050] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 556.076344][T12050] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 556.109889][T12050] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 556.146765][T12050] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 556.250077][T12050] hsr_slave_0: entered promiscuous mode [ 556.279790][T12050] hsr_slave_1: entered promiscuous mode [ 556.293723][T12050] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 556.301712][T12050] Cannot create hsr debugfs directory [ 556.316109][T12238] overlayfs: upper fs does not support tmpfile. [ 557.402498][ T54] Bluetooth: hci4: command 0x0419 tx timeout [ 558.881250][ T9155] bridge0: port 3(syz_tun) entered disabled state [ 559.123957][ T9155] syz_tun (unregistering): left allmulticast mode [ 559.130429][ T9155] syz_tun (unregistering): left promiscuous mode [ 559.182670][ T9155] bridge0: port 3(syz_tun) entered disabled state [ 560.307875][T12050] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 560.353974][T12050] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 560.367776][T12050] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 560.423474][T12050] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 562.218098][T12050] 8021q: adding VLAN 0 to HW filter on device bond0 [ 562.280949][T12050] 8021q: adding VLAN 0 to HW filter on device team0 [ 562.334120][T11042] bridge0: port 1(bridge_slave_0) entered blocking state [ 562.341302][T11042] bridge0: port 1(bridge_slave_0) entered forwarding state [ 562.423642][T11028] bridge0: port 2(bridge_slave_1) entered blocking state [ 562.430886][T11028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 562.522746][ T5879] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 562.704320][ T5879] usb 5-1: Using ep0 maxpacket: 8 [ 562.741525][ T5879] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 562.753716][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.761978][ T5879] usb 5-1: Product: syz [ 562.768882][T12056] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 562.802356][ T5879] usb 5-1: Manufacturer: syz [ 562.807228][ T5879] usb 5-1: SerialNumber: syz [ 562.930111][ T5879] usb 5-1: config 0 descriptor?? [ 562.936021][T12056] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 562.949464][T12056] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 562.958113][T12056] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 562.972125][T12056] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 562.979829][T12056] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 563.334718][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.455055][ T5879] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 563.756634][T12325] lo speed is unknown, defaulting to 1000 [ 564.255785][T12050] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 564.645513][T12050] veth0_vlan: entered promiscuous mode [ 564.706030][T12050] veth1_vlan: entered promiscuous mode [ 564.738400][T12325] chnl_net:caif_netlink_parms(): no params data found [ 564.866711][T12050] veth0_macvtap: entered promiscuous mode [ 564.882234][ T5879] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 564.913524][ T5879] usb 5-1: USB disconnect, device number 29 [ 564.926164][T12050] veth1_macvtap: entered promiscuous mode [ 565.011540][T12050] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 565.278129][ T54] Bluetooth: hci1: command tx timeout [ 565.885784][T12050] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.895895][T12050] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 565.912468][T12050] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.922359][T12050] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 565.952536][T12050] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.990433][T12050] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 566.197035][T12050] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 566.261340][T12050] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 566.272121][T12050] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 566.283264][T12050] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 566.293389][T12050] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 566.304347][T12050] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 566.316471][T12050] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 566.509155][T12050] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 566.709337][T12050] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.232503][T12050] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.281958][T12050] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.325575][ T54] Bluetooth: hci1: command tx timeout [ 567.339344][T12325] bridge0: port 1(bridge_slave_0) entered blocking state [ 567.424769][T12325] bridge0: port 1(bridge_slave_0) entered disabled state [ 567.432134][T12325] bridge_slave_0: entered allmulticast mode [ 567.479026][T12325] bridge_slave_0: entered promiscuous mode [ 567.540462][T12325] bridge0: port 2(bridge_slave_1) entered blocking state [ 567.578471][T12325] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.604672][T12325] bridge_slave_1: entered allmulticast mode [ 567.612505][T12325] bridge_slave_1: entered promiscuous mode [ 567.665983][ T5879] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 568.682760][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 568.962339][ T5879] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 568.963471][T12325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 569.020035][ T5879] usb 4-1: config 0 has an invalid interface number: 21 but max is 0 [ 569.094439][ T5879] usb 4-1: config 0 has no interface number 0 [ 569.144820][ T5879] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 569.199803][T12325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 569.227973][ T5879] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 569.286696][ T5879] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 569.345630][ T5879] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 569.372570][ T5879] usb 4-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0 [ 569.373532][T12325] team0: Port device team_slave_0 added [ 569.391298][ T5879] usb 4-1: Product: syz [ 569.402470][ T5879] usb 4-1: Manufacturer: syz [ 569.413673][ T54] Bluetooth: hci1: command tx timeout [ 569.421150][T12325] team0: Port device team_slave_1 added [ 569.442716][ T5879] usb 4-1: config 0 descriptor?? [ 569.448604][T12381] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 569.562591][T11861] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 569.576325][T12325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 569.590802][T12325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 569.631590][T12325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 569.661974][T11028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 569.702683][T11028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 569.831021][T11861] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 569.883941][T12325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 569.908439][T11861] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 569.912079][T12325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 569.945704][T11861] usb 5-1: New USB device found, idVendor=0c70, idProduct=f012, bcdDevice= 0.00 [ 570.069142][T11861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.080998][T12325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 570.158705][T11861] usb 5-1: config 0 descriptor?? [ 570.204752][ T5879] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.21/input/input43 [ 570.585802][ T5879] usb 4-1: USB disconnect, device number 27 [ 570.591841][ C1] keyspan_remote 4-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19 [ 570.703732][ T6181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.711710][ T6181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.771440][T12325] hsr_slave_0: entered promiscuous mode [ 570.781238][T11861] aquacomputer_d5next 0003:0C70:F012.002F: unknown main item tag 0x0 [ 570.813222][T12325] hsr_slave_1: entered promiscuous mode [ 570.834232][T11861] aquacomputer_d5next 0003:0C70:F012.002F: hidraw0: USB HID v0.00 Device [HID 0c70:f012] on usb-dummy_hcd.4-1/input0 [ 570.846779][T12325] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 570.870678][T12325] Cannot create hsr debugfs directory [ 571.016276][T11869] usb 5-1: USB disconnect, device number 30 [ 571.303153][T12421] syzkaller1: entered promiscuous mode [ 571.310063][T12421] syzkaller1: entered allmulticast mode [ 571.487867][T11038] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.492950][ T54] Bluetooth: hci1: command tx timeout [ 571.562864][T11861] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 571.695150][T11038] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.735400][T11861] usb 6-1: Using ep0 maxpacket: 8 [ 571.748446][T12325] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 571.756319][T11861] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 571.770264][T11861] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC7, changing to 0x87 [ 571.782010][T11861] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid wMaxPacketSize 0 [ 571.799738][T11861] usb 6-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad [ 571.809304][T11861] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.817824][T11861] usb 6-1: Product: syz [ 571.822035][T11861] usb 6-1: Manufacturer: syz [ 571.827203][T11861] usb 6-1: SerialNumber: syz [ 571.834937][T11861] usb 6-1: config 0 descriptor?? [ 571.846648][T11038] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.851181][T11861] smsusb:smsusb_probe: board id=2, interface number 0 [ 571.871399][T12325] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 571.881084][T12325] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 571.889022][T11861] smsusb:smsusb_probe: Device initialized with return code -19 [ 571.906544][T12325] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 571.962073][T11038] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.062266][T12421] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1812'. [ 572.089937][T12325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 572.117996][ T5879] usb 6-1: USB disconnect, device number 23 [ 572.209048][T12325] 8021q: adding VLAN 0 to HW filter on device team0 [ 572.313443][T11038] bridge_slave_1: left allmulticast mode [ 572.329694][T11038] bridge_slave_1: left promiscuous mode [ 572.366145][T11038] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.408338][T11038] bridge_slave_0: left allmulticast mode [ 572.444157][T11038] bridge_slave_0: left promiscuous mode [ 572.494921][T11038] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.243208][T12056] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 573.255437][T12056] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 573.282610][T12056] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 573.303956][T12056] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 573.311797][T12056] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 573.319431][T12056] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 573.699489][T11038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 573.725594][T11038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 573.810302][T11038] bond0 (unregistering): Released all slaves [ 573.914925][T11044] bridge0: port 1(bridge_slave_0) entered blocking state [ 573.922082][T11044] bridge0: port 1(bridge_slave_0) entered forwarding state [ 574.307709][T11044] bridge0: port 2(bridge_slave_1) entered blocking state [ 574.314949][T11044] bridge0: port 2(bridge_slave_1) entered forwarding state [ 574.344733][T12452] binder: BINDER_SET_CONTEXT_MGR already set [ 574.350776][T12452] binder: 12449:12452 ioctl 4018620d 20000040 returned -16 [ 574.678791][T12441] lo speed is unknown, defaulting to 1000 [ 575.424185][T12056] Bluetooth: hci4: command tx timeout [ 576.609467][T12492] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1828'. [ 576.619821][T12492] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1828'. [ 576.629778][T12492] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1828'. [ 577.225860][T11038] hsr_slave_0: left promiscuous mode [ 577.240503][T11038] hsr_slave_1: left promiscuous mode [ 577.282687][T11038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 577.290193][T11038] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 577.325548][T11038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 577.337266][T11038] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 577.393273][T11038] veth1_macvtap: left promiscuous mode [ 577.409165][T11038] veth0_macvtap: left promiscuous mode [ 577.425444][T11038] veth1_vlan: left promiscuous mode [ 577.442588][T11038] veth0_vlan: left promiscuous mode [ 577.502595][T12056] Bluetooth: hci4: command tx timeout [ 577.622511][T11861] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 578.270781][T11861] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85 [ 578.609800][T11861] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 578.622176][T11861] usb 5-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice= 0.00 [ 578.631780][T11861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.645770][T11861] usb 5-1: config 0 descriptor?? [ 579.257002][T11861] appletouch 5-1:0.0: Geyser mode initialized. [ 579.283739][T11861] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input44 [ 579.562892][T12056] Bluetooth: hci4: command tx timeout [ 579.935824][ T5879] usb 5-1: USB disconnect, device number 31 [ 579.935824][ C0] appletouch 5-1:0.0: atp_complete: usb_submit_urb failed with result -19 [ 580.014439][ T5879] appletouch 5-1:0.0: input: appletouch disconnected [ 580.257648][T12526] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1837'. [ 580.266911][T12526] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1837'. [ 580.283151][T12526] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1837'. [ 580.304910][T12526] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1837'. [ 581.653275][T12056] Bluetooth: hci4: command tx timeout [ 582.548460][T11038] team0 (unregistering): Port device team_slave_1 removed [ 582.706581][T11038] team0 (unregistering): Port device team_slave_0 removed [ 584.532871][T11869] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 584.619228][T12557] syz.3.1847: attempt to access beyond end of device [ 584.619228][T12557] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 584.689154][T12557] syz.3.1847: attempt to access beyond end of device [ 584.689154][T12557] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 584.714657][T11869] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 584.732675][T11869] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 584.842724][T12557] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 584.861627][T12557] syz.3.1847: attempt to access beyond end of device [ 584.861627][T12557] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 584.894833][T12557] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 585.752558][T11869] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 585.761820][T11869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.808419][T12557] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 585.816251][T12557] UDF-fs: Scanning with blocksize 512 failed [ 585.851430][T12555] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 585.926512][T11869] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 586.065483][T12557] syz.3.1847: attempt to access beyond end of device [ 586.065483][T12557] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 586.100398][T12557] syz.3.1847: attempt to access beyond end of device [ 586.100398][T12557] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 586.113995][T12557] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 586.137802][T12557] syz.3.1847: attempt to access beyond end of device [ 586.137802][T12557] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 586.151477][T12555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 586.173303][T12555] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 586.211457][T12557] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 586.234803][T12557] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 586.278089][T12557] UDF-fs: Scanning with blocksize 1024 failed [ 586.304503][T12557] syz.3.1847: attempt to access beyond end of device [ 586.304503][T12557] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 586.342226][T12557] syz.3.1847: attempt to access beyond end of device [ 586.342226][T12557] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 586.358311][T12557] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 586.369412][T12557] syz.3.1847: attempt to access beyond end of device [ 586.369412][T12557] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 586.383685][T12557] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 586.394154][T12557] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 586.401993][T12557] UDF-fs: Scanning with blocksize 2048 failed [ 586.416055][T12557] syz.3.1847: attempt to access beyond end of device [ 586.416055][T12557] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 586.429405][T12557] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 586.443254][T12557] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 586.459242][T12557] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 586.467428][T12557] UDF-fs: Scanning with blocksize 4096 failed [ 586.474845][T12557] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 587.993445][ T25] usb 5-1: USB disconnect, device number 32 [ 588.132048][T12325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 588.194163][T12588] binder: 12586:12588 ioctl c0306201 0 returned -14 [ 588.238067][T12441] chnl_net:caif_netlink_parms(): no params data found [ 588.394750][T12596] binder: 12586:12596 ioctl c0306201 20000480 returned -14 [ 588.747819][T12441] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.767331][T12441] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.782830][T12441] bridge_slave_0: entered allmulticast mode [ 588.794775][T12441] bridge_slave_0: entered promiscuous mode [ 588.834578][T12441] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.841744][T12441] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.880383][T12441] bridge_slave_1: entered allmulticast mode [ 588.893867][T12441] bridge_slave_1: entered promiscuous mode [ 589.099725][T12614] kvm: pic: non byte write [ 589.129664][T12441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 589.153656][T12607] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194322 ns). Using initial count to start timer. [ 589.324987][T12441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 589.740392][T11038] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.119231][T11038] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.797669][T11038] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.830013][T12441] team0: Port device team_slave_0 added [ 590.844945][T12441] team0: Port device team_slave_1 added [ 592.250355][T11038] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.317592][T12441] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 592.345744][T12441] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 592.371917][ C1] vkms_vblank_simulate: vblank timer overrun [ 592.482800][T12441] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 592.496907][T12441] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 592.508913][T12441] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 592.535855][T12441] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 592.704610][T12325] veth0_vlan: entered promiscuous mode [ 592.776811][T12325] veth1_vlan: entered promiscuous mode [ 592.820241][T12441] hsr_slave_0: entered promiscuous mode [ 592.921568][T12441] hsr_slave_1: entered promiscuous mode [ 592.956398][T12441] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 593.184323][T12441] Cannot create hsr debugfs directory [ 593.826488][T12325] veth0_macvtap: entered promiscuous mode [ 593.884375][T12325] veth1_macvtap: entered promiscuous mode [ 593.924352][T11038] bridge_slave_1: left allmulticast mode [ 593.952908][T11038] bridge_slave_1: left promiscuous mode [ 593.958765][T11038] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.055762][T11038] bridge_slave_0: left allmulticast mode [ 594.061486][T11038] bridge_slave_0: left promiscuous mode [ 594.458868][T11038] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.580654][T12688] block nbd3: NBD_DISCONNECT [ 595.837725][T12688] block nbd3: Disconnected due to user request. [ 596.062508][T12688] block nbd3: shutting down sockets [ 596.219196][T11038] bond2 (unregistering): (slave ip6erspan0): Releasing active interface [ 597.013254][T11038] dvmrp0 (unregistering): left allmulticast mode [ 599.863206][T11038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 599.904063][T11038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 599.959597][T11038] bond0 (unregistering): Released all slaves [ 599.989036][T11038] bond1 (unregistering): (slave batadv1): Releasing active interface [ 600.008848][T11038] batadv1: left promiscuous mode [ 600.027037][T11038] bond1 (unregistering): Released all slaves [ 600.054663][T11038] bond2 (unregistering): Released all slaves [ 600.386540][T11038] : left promiscuous mode [ 600.575946][T12325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 600.639804][T12325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.670352][T12325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 600.718214][T12325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.829562][T12325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 600.872817][T12325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.884290][T12325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 600.902305][T12325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 600.914339][T12325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.926037][T12325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 600.942569][T12325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.953746][T12325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 600.965097][T12325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.227329][T12325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 601.252749][T11038] tipc: Disabling bearer [ 601.358910][T11038] tipc: Disabling bearer [ 602.252774][T11038] tipc: Left network mode [ 602.311991][T12325] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.334046][T12325] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.355939][T12325] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.367601][T12325] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.522183][T12742] syz.5.1885 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 605.967517][T12782] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 606.676251][T11038] hsr_slave_0: left promiscuous mode [ 606.737880][T11038] hsr_slave_1: left promiscuous mode [ 606.759225][T11038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 606.833084][T11038] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 606.868206][T11038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 606.889075][T11038] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 607.006451][T12793] netlink: zone id is out of range [ 607.071407][T12793] netlink: zone id is out of range [ 607.145941][T12793] netlink: zone id is out of range [ 607.215928][T12793] netlink: del zone limit has 4 unknown bytes [ 607.419276][T11038] veth1_macvtap: left promiscuous mode [ 607.430161][T11038] veth0_macvtap: left promiscuous mode [ 607.439943][T11038] veth1_vlan: left promiscuous mode [ 607.452741][T11038] veth0_vlan: left promiscuous mode [ 607.658160][T11038] pimreg (unregistering): left allmulticast mode [ 607.807851][T12799] bio_check_eod: 2 callbacks suppressed [ 607.807874][T12799] syz.4.1897: attempt to access beyond end of device [ 607.807874][T12799] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 607.832494][T12799] hpfs: hpfs_map_sector(): read error [ 608.767969][T11038] team0 (unregistering): Port device team_slave_1 removed [ 608.866748][T11038] team0 (unregistering): Port device team_slave_0 removed [ 610.139745][T12813] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 610.335426][T11873] lo speed is unknown, defaulting to 1000 [ 610.352524][T11873] infiniband syz2: ib_query_port failed (-19) [ 610.464990][ T6181] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 610.493857][ T6181] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 610.677275][T11044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 610.703031][T11044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 610.788648][T12441] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 610.830955][T12441] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 611.238689][T12441] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 611.641494][T12441] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 611.724988][T11873] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 611.919750][T12441] 8021q: adding VLAN 0 to HW filter on device bond0 [ 611.926499][T11873] usb 6-1: Using ep0 maxpacket: 8 [ 611.941426][T12441] 8021q: adding VLAN 0 to HW filter on device team0 [ 611.958409][T11873] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 611.980170][T11873] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 612.115737][ T6181] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.122953][ T6181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.137167][T11873] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 612.152005][ T6181] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.159190][ T6181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 612.167015][T11873] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 612.180845][T11873] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 612.206032][T11873] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.432128][T11873] usb 6-1: GET_CAPABILITIES returned 0 [ 612.450060][T11873] usbtmc 6-1:16.0: can't read capabilities [ 612.661702][T12441] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 613.807555][T12441] veth0_vlan: entered promiscuous mode [ 613.816999][T11038] IPVS: stop unused estimator thread 0... [ 613.867354][T12441] veth1_vlan: entered promiscuous mode [ 614.012575][T11867] usb 6-1: USB disconnect, device number 24 [ 615.153196][T12441] veth0_macvtap: entered promiscuous mode [ 615.215616][T12866] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1909'. [ 615.224827][T12866] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1909'. [ 615.233872][T12866] netlink: 'syz.6.1909': attribute type 1 has an invalid length. [ 615.241738][T12866] nbd: error processing sock list [ 615.246072][T12441] veth1_macvtap: entered promiscuous mode [ 615.364710][T12441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.420083][T12441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.453992][T12441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.482508][T12441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.512141][T12441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.531441][T12441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.551398][T12441] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 616.502983][T12882] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in; [ 616.502983][T12882] program syz.5.1911 not setting count and/or reply_len properly [ 616.974592][T12441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.212637][T12441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.364199][T12441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.412432][T12441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.424009][T12441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.447433][T12441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.684337][T12441] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 617.729462][T12441] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.927722][T12441] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.040343][T12441] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.154621][T12441] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.332493][ T6181] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 619.347949][ T6181] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 620.090593][T11036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 620.125149][T11036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 622.436392][ T6181] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.594193][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 622.610711][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 622.620512][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 622.642607][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 622.653338][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 622.663844][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 622.735866][ T6181] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.881406][ T6181] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.984140][ T6181] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.390859][ T6181] bridge_slave_1: left allmulticast mode [ 623.408444][ T6181] bridge_slave_1: left promiscuous mode [ 623.427965][ T6181] bridge0: port 2(bridge_slave_1) entered disabled state [ 623.464155][ T6181] bridge_slave_0: left allmulticast mode [ 623.475924][ T6181] bridge_slave_0: left promiscuous mode [ 623.481754][ T6181] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.775104][ T54] Bluetooth: hci4: command tx timeout [ 624.784047][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 626.843276][ T54] Bluetooth: hci4: command tx timeout [ 627.281023][T12056] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 627.301666][T12056] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 627.313064][T12056] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 627.330720][T12056] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 627.345656][T12056] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 627.581073][T12056] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 628.922720][T12056] Bluetooth: hci4: command tx timeout [ 630.004136][T12056] Bluetooth: hci5: command tx timeout [ 631.012855][T12056] Bluetooth: hci4: command tx timeout [ 631.405813][ T6181] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 631.443049][ T6181] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 631.462616][ T6181] bond0 (unregistering): Released all slaves [ 631.511688][T13025] 8021q: adding VLAN 0 to HW filter on device bond0 [ 631.554397][T13025] bond0: (slave rose0): Enslaving as an active interface with an up link [ 631.732780][T12939] chnl_net:caif_netlink_parms(): no params data found [ 632.093003][T12056] Bluetooth: hci5: command tx timeout [ 633.046922][T12939] bridge0: port 1(bridge_slave_0) entered blocking state [ 633.083303][T12939] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.090620][T12939] bridge_slave_0: entered allmulticast mode [ 633.114840][T12939] bridge_slave_0: entered promiscuous mode [ 633.158029][T12939] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.201407][T12939] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.231753][T12939] bridge_slave_1: entered allmulticast mode [ 633.247119][T12939] bridge_slave_1: entered promiscuous mode [ 633.527213][T13062] program syz.5.1945 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 633.537203][T13062] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 634.150368][T12056] Bluetooth: hci5: command tx timeout [ 634.502961][ T6181] hsr_slave_0: left promiscuous mode [ 634.543264][ T6181] hsr_slave_1: left promiscuous mode [ 634.574135][ T6181] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 634.595883][ T6181] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 634.617262][ T6181] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 634.636813][ T6181] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 634.731571][ T6181] veth1_macvtap: left promiscuous mode [ 634.761563][ T6181] veth0_macvtap: left promiscuous mode [ 634.771086][ T6181] veth1_vlan: left promiscuous mode [ 634.783547][ T6181] veth0_vlan: left promiscuous mode [ 636.940934][T12056] Bluetooth: hci5: command tx timeout [ 637.071865][T13095] ebt_among: src integrity fail: 300 [ 639.554992][ T6181] team0 (unregistering): Port device team_slave_1 removed [ 639.630438][ T6181] team0 (unregistering): Port device team_slave_0 removed [ 639.639467][T13108] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 639.669112][T13108] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1957'. [ 640.266213][T12939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 640.286023][T12939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 640.323588][T13102] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1955'. [ 640.581692][T12939] team0: Port device team_slave_0 added [ 640.630208][T12939] team0: Port device team_slave_1 added [ 640.834325][T12939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 640.841334][T12939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 640.904729][T12939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 640.983214][T12939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 640.990222][T12939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 641.026653][T12939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 641.243778][T12939] hsr_slave_0: entered promiscuous mode [ 641.263763][T12939] hsr_slave_1: entered promiscuous mode [ 641.323845][T12987] chnl_net:caif_netlink_parms(): no params data found [ 641.342566][T11870] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 641.497804][T11870] usb 6-1: config 0 has an invalid interface number: 95 but max is 0 [ 641.527586][T11870] usb 6-1: config 0 has no interface number 0 [ 641.551050][T11870] usb 6-1: config 0 interface 95 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8 [ 641.584597][T11870] usb 6-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46 [ 641.610748][T11870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.637486][T12987] bridge0: port 1(bridge_slave_0) entered blocking state [ 641.645356][T11870] usb 6-1: Product: syz [ 641.654801][T11870] usb 6-1: Manufacturer: syz [ 641.659684][T12987] bridge0: port 1(bridge_slave_0) entered disabled state [ 641.672008][T11870] usb 6-1: SerialNumber: syz [ 641.690557][T12987] bridge_slave_0: entered allmulticast mode [ 641.699145][T11870] usb 6-1: config 0 descriptor?? [ 641.711208][T12987] bridge_slave_0: entered promiscuous mode [ 641.723918][T13123] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 641.782195][T12987] bridge0: port 2(bridge_slave_1) entered blocking state [ 641.803030][T12987] bridge0: port 2(bridge_slave_1) entered disabled state [ 641.810426][T12987] bridge_slave_1: entered allmulticast mode [ 641.834152][T12987] bridge_slave_1: entered promiscuous mode [ 642.037458][T12987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 642.058933][T11870] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 642.120970][T11870] usb 6-1: MIDIStreaming interface descriptor not found [ 643.117666][T12987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 643.128343][T11870] usb 6-1: USB disconnect, device number 25 [ 643.976315][T12987] team0: Port device team_slave_0 added [ 644.025359][T12987] team0: Port device team_slave_1 added [ 644.200826][T12939] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 644.280137][T13172] udevd[13172]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.95/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 644.433563][T12987] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 644.453701][T12987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 644.490855][T12987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 644.545339][T12939] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 644.645406][T12939] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 644.679782][T12987] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 644.703326][T12987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 644.823865][T12987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 646.139523][T12939] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 646.891691][T12987] hsr_slave_0: entered promiscuous mode [ 646.933438][T12987] hsr_slave_1: entered promiscuous mode [ 646.982572][T12987] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 647.010775][T12987] Cannot create hsr debugfs directory [ 647.179597][T13200] kvm: kvm [13198]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x4000 [ 648.665053][T12939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 648.776304][T12939] 8021q: adding VLAN 0 to HW filter on device team0 [ 648.894755][T11032] bridge0: port 1(bridge_slave_0) entered blocking state [ 648.901998][T11032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 649.485424][T11036] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.492733][T11036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 651.119743][T12939] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 652.862742][T11869] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 653.570623][T11869] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 653.611796][T12987] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 653.614921][T11869] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 653.645359][T12987] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 653.652322][T11869] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 653.692516][T11869] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 653.727783][T12987] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 653.764096][T11869] usb 6-1: New USB device found, idVendor=0451, idProduct=3410, bcdDevice=ef.1e [ 653.865493][T11869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.940025][T12987] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 653.947072][T11869] usb 6-1: Product: syz [ 654.015445][T11869] usb 6-1: Manufacturer: syz [ 654.158152][T11869] usb 6-1: SerialNumber: syz [ 654.338461][T11869] usb 6-1: config 0 descriptor?? [ 654.355055][T11869] ti_usb_3410_5052 6-1:0.0: TI USB 3410 1 port adapter converter detected [ 654.403671][T11869] usb 6-1: TI USB 3410 1 port adapter converter now attached to ttyUSB0 [ 654.447379][T12939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 654.578139][T12987] 8021q: adding VLAN 0 to HW filter on device bond0 [ 654.773219][T12987] 8021q: adding VLAN 0 to HW filter on device team0 [ 654.796456][T11032] bridge0: port 1(bridge_slave_0) entered blocking state [ 654.803641][T11032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 654.952250][ T1106] bridge0: port 2(bridge_slave_1) entered blocking state [ 654.959464][ T1106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 655.181176][T13287] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 655.270195][T13287] kvm: pic: non byte read [ 655.290807][T13287] kvm: pic: level sensitive irq not supported [ 655.291060][T13287] kvm: pic: non byte read [ 655.329767][T13287] kvm: pic: level sensitive irq not supported [ 655.329922][T13287] kvm: pic: non byte read [ 655.366651][T13287] kvm: pic: level sensitive irq not supported [ 655.366739][T13287] kvm: pic: non byte read [ 656.942882][T12987] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 656.994791][T12939] veth0_vlan: entered promiscuous mode [ 657.032710][ T5879] usb 6-1: USB disconnect, device number 26 [ 657.059460][T12939] veth1_vlan: entered promiscuous mode [ 657.077722][ T5879] ti_usb_3410_5052_1 ttyUSB0: TI USB 3410 1 port adapter converter now disconnected from ttyUSB0 [ 657.140373][T12939] veth0_macvtap: entered promiscuous mode [ 657.218439][ T5879] ti_usb_3410_5052 6-1:0.0: device disconnected [ 657.310717][T12987] veth0_vlan: entered promiscuous mode [ 657.385034][T12939] veth1_macvtap: entered promiscuous mode [ 657.489924][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 657.528503][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 657.543697][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 657.593536][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 657.682544][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 657.738823][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 657.763692][T12939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 657.778801][T12987] veth1_vlan: entered promiscuous mode [ 657.792258][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 657.815261][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 657.830873][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 657.853214][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 658.131125][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 658.402545][ T29] audit: type=1326 audit(1737411278.617:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.5.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 658.467613][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 658.491888][T12939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 658.502701][ T29] audit: type=1326 audit(1737411278.617:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.5.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 658.568666][T12939] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.585258][T12939] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.597973][ T29] audit: type=1326 audit(1737411278.617:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.5.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 658.622774][T12939] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.647464][T12939] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.666235][ T29] audit: type=1326 audit(1737411278.617:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.5.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 658.760702][ T29] audit: type=1326 audit(1737411278.617:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.5.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 658.792770][ T29] audit: type=1326 audit(1737411278.617:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.5.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 659.431167][ T29] audit: type=1326 audit(1737411278.617:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.5.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 659.459308][T12987] veth0_macvtap: entered promiscuous mode [ 659.494022][T11032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.501971][T11032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 659.521870][T12987] veth1_macvtap: entered promiscuous mode [ 659.535005][ T29] audit: type=1326 audit(1737411278.617:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.5.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 659.612724][ T29] audit: type=1326 audit(1737411278.617:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.5.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 659.659691][T12987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 659.709317][T12987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 659.715539][ T29] audit: type=1326 audit(1737411278.617:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.5.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff95fd85d29 code=0x7ffc0000 [ 659.760847][T12987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 659.805605][T12987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.605457][T12987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 661.136129][T12987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.146594][T12987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 661.199694][T12987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.215950][T12987] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 661.225914][T11038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 661.257472][T11038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 661.414250][T12987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.452873][T12987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.477931][T12987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.546599][T12987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.582727][T12987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.612826][T12987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.688207][T12987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.733204][T12987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.785877][T12987] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 661.875053][T12987] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.912527][T12987] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.921367][T12987] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.957533][T12987] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.274591][T11040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 662.298690][T11040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 662.380106][T11028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 662.405181][T11028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 664.224019][T13379] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1993'. [ 664.712558][T11887] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 664.798028][ T1106] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.877857][T13388] input: syz0 as /devices/virtual/input/input45 [ 665.007377][T11887] usb 5-1: Using ep0 maxpacket: 16 [ 665.058463][T11887] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 665.281923][T11887] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 665.345199][ T1106] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 665.349019][T11887] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 665.420898][T11887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 665.469724][T11887] usb 5-1: Product: syz [ 665.474618][T11887] usb 5-1: Manufacturer: syz [ 665.479514][T11887] usb 5-1: SerialNumber: syz [ 665.617128][ T1106] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 665.743205][T11887] usb 5-1: 0:2 : does not exist [ 665.757738][ T1106] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 665.772160][T11887] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 665.824329][T11887] usb 5-1: USB disconnect, device number 33 [ 666.055433][T13109] udevd[13109]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 666.114826][ T1106] bridge_slave_1: left allmulticast mode [ 666.151643][ T1106] bridge_slave_1: left promiscuous mode [ 666.185419][ T1106] bridge0: port 2(bridge_slave_1) entered disabled state [ 666.270021][ T1106] bridge_slave_0: left allmulticast mode [ 666.285599][ T1106] bridge_slave_0: left promiscuous mode [ 666.291913][ T1106] bridge0: port 1(bridge_slave_0) entered disabled state [ 667.843263][T12056] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 667.953430][T12056] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 667.965419][T12056] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 667.978871][T12056] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 667.991898][T12056] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 667.999808][T12056] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 668.974059][T13429] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 669.968938][T13434] syz.7.2002 (13434) used greatest stack depth: 17680 bytes left [ 670.068213][ T1106] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 670.134935][T12056] Bluetooth: hci5: command tx timeout [ 670.194211][ T1106] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 670.235689][ T1106] bond0 (unregistering): Released all slaves [ 672.338192][T12056] Bluetooth: hci5: command tx timeout [ 672.414809][T13453] netlink: 'syz.7.2005': attribute type 1 has an invalid length. [ 673.153913][T13455] rdma_op ffff88801278c1f0 conn xmit_rdma 0000000000000000 [ 674.839766][T12056] Bluetooth: hci5: command tx timeout [ 675.767638][T13472] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 676.922790][T12056] Bluetooth: hci5: command tx timeout [ 677.810599][ T1106] hsr_slave_0: left promiscuous mode [ 677.857524][ T1106] hsr_slave_1: left promiscuous mode [ 677.916756][ T1106] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 677.952076][ T1106] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 678.017068][ T1106] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 678.051963][ T1106] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 678.129749][ T1106] veth1_macvtap: left promiscuous mode [ 678.143502][ T1106] veth0_macvtap: left promiscuous mode [ 678.159547][ T1106] veth1_vlan: left promiscuous mode [ 678.175434][ T1106] veth0_vlan: left promiscuous mode [ 679.308361][T13514] overlayfs: failed to get inode (-116) [ 679.324504][T13514] overlayfs: failed to get inode (-116) [ 679.443601][T13521] ipt_ECN: cannot use operation on non-tcp rule [ 682.429532][T13522] syz.5.2021 (13522) used greatest stack depth: 17392 bytes left [ 683.818487][ T1106] team0 (unregistering): Port device team_slave_1 removed [ 684.244167][ T1106] team0 (unregistering): Port device team_slave_0 removed [ 686.237991][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 688.285794][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 688.446858][T13416] chnl_net:caif_netlink_parms(): no params data found [ 691.109331][T13416] bridge0: port 1(bridge_slave_0) entered blocking state [ 691.117704][T13416] bridge0: port 1(bridge_slave_0) entered disabled state [ 691.143146][T13416] bridge_slave_0: entered allmulticast mode [ 691.281215][T13416] bridge_slave_0: entered promiscuous mode [ 691.324735][T13416] bridge0: port 2(bridge_slave_1) entered blocking state [ 691.340681][T13416] bridge0: port 2(bridge_slave_1) entered disabled state [ 691.544829][T13416] bridge_slave_1: entered allmulticast mode [ 691.644167][T13416] bridge_slave_1: entered promiscuous mode [ 692.080810][T13416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 693.229653][T13416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 694.460352][T13416] team0: Port device team_slave_0 added [ 694.897584][T13416] team0: Port device team_slave_1 added [ 695.209371][T13416] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 696.164128][T13416] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 696.952955][T13416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 697.339923][T13416] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 697.378989][T13416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 698.486704][T13416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 702.212990][T13416] hsr_slave_0: entered promiscuous mode [ 702.363462][T13416] hsr_slave_1: entered promiscuous mode [ 702.503970][T13416] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 702.686141][T13416] Cannot create hsr debugfs directory [ 705.500286][T13734] 9pnet_fd: Insufficient options for proto=fd [ 706.385308][T13744] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2059'. [ 707.509263][T13750] netlink: 'syz.5.2060': attribute type 4 has an invalid length. [ 711.025262][T13816] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 713.294576][T13416] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 713.332771][T13416] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 714.107167][T13416] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 714.147656][T13416] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 715.918018][T13416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 715.990362][T13416] 8021q: adding VLAN 0 to HW filter on device team0 [ 716.065804][T11026] bridge0: port 1(bridge_slave_0) entered blocking state [ 716.073147][T11026] bridge0: port 1(bridge_slave_0) entered forwarding state [ 716.155752][T11026] bridge0: port 2(bridge_slave_1) entered blocking state [ 716.163154][T11026] bridge0: port 2(bridge_slave_1) entered forwarding state [ 717.387722][T13416] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 719.995536][T13416] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 721.035972][T13416] veth0_vlan: entered promiscuous mode [ 721.695431][T13416] veth1_vlan: entered promiscuous mode [ 721.816186][T13416] veth0_macvtap: entered promiscuous mode [ 721.858786][T13416] veth1_macvtap: entered promiscuous mode [ 721.983505][T13416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.018498][T13416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.059061][T13416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.092286][T13416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.142401][T13416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.332615][T13416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.351693][T13416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.364299][T13416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.805279][T13416] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 723.318936][T13416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.360773][T13416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.393787][T13416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.423895][T13416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.440288][T13416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.483191][T13416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.530164][T13416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.542164][T13416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.641158][T13416] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 724.770848][T13416] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.799202][T13416] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.828955][T13416] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.867641][T13416] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 725.296274][ T3609] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 725.330363][ T3609] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 725.455748][T11028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 725.481060][T11028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 727.821112][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.933938][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.020733][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.127869][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.779170][T14000] netlink: 1788 bytes leftover after parsing attributes in process `syz.5.2100'. [ 730.867729][T14004] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 732.416542][T12056] Bluetooth: hci1: unexpected event for opcode 0x041c [ 734.081873][ T11] bridge_slave_1: left allmulticast mode [ 734.395564][ T11] bridge_slave_1: left promiscuous mode [ 734.401569][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 734.527534][ T11] bridge_slave_0: left allmulticast mode [ 734.571642][ T11] bridge_slave_0: left promiscuous mode [ 734.594443][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 734.847365][T14044] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 736.456553][T12056] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 736.466100][T12056] Bluetooth: hci1: Injecting HCI hardware error event [ 736.477153][ T54] Bluetooth: hci1: hardware error 0x00 [ 736.861634][T14057] [U] [ 736.864429][T14057] [U] [ 736.867156][T14057] [U] [ 736.869881][T14057] [U] [ 736.872609][T14057] [U] [ 736.875335][T14057] [U] [ 736.878058][T14057] [U] [ 736.880783][T14057] [U] [ 736.884006][T14057] [U] [ 736.886741][T14057] [U] [ 736.889469][T14057] [U] [ 737.534222][T14050] [U] [ 737.843300][T14061] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 738.046566][T14061] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 738.055084][T14061] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 738.067418][T14061] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 738.075724][T14061] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 738.083492][T14061] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 739.565406][ T54] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 739.654309][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 739.732059][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 739.747321][ T11] bond0 (unregistering): Released all slaves [ 740.098056][T14062] bridge0: port 3(gretap0) entered blocking state [ 740.141050][ T54] Bluetooth: hci5: command tx timeout [ 740.197037][T14062] bridge0: port 3(gretap0) entered disabled state [ 740.287237][T14062] gretap0: entered allmulticast mode [ 740.370225][T14062] gretap0: entered promiscuous mode [ 740.421877][T14062] bridge0: port 3(gretap0) entered blocking state [ 740.428582][T14062] bridge0: port 3(gretap0) entered forwarding state [ 742.257002][ T54] Bluetooth: hci5: command tx timeout [ 743.317907][ T11] hsr_slave_0: left promiscuous mode [ 744.428085][ T54] Bluetooth: hci5: command tx timeout [ 744.780311][ T11] hsr_slave_1: left promiscuous mode [ 745.047166][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 745.059333][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 745.078716][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 745.086789][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 746.452701][ T54] Bluetooth: hci5: command tx timeout [ 746.518186][ T11] veth1_macvtap: left promiscuous mode [ 746.585776][ T11] veth0_macvtap: left promiscuous mode [ 746.591552][ T11] veth1_vlan: left promiscuous mode [ 747.839943][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 748.356478][ T11] veth0_vlan: left promiscuous mode [ 749.885046][T14061] Bluetooth: hci4: command 0x0406 tx timeout [ 750.241662][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 750.241684][ T29] audit: type=1326 audit(1737411370.717:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b58585d29 code=0x7ffc0000 [ 750.382644][ T29] audit: type=1326 audit(1737411370.717:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b58585d29 code=0x7ffc0000 [ 750.438196][ T29] audit: type=1326 audit(1737411370.717:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f0b58585d29 code=0x7ffc0000 [ 750.627843][ T29] audit: type=1326 audit(1737411370.717:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b58585d29 code=0x7ffc0000 [ 750.663179][ T29] audit: type=1326 audit(1737411370.717:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b58585d29 code=0x7ffc0000 [ 751.782914][ T29] audit: type=1326 audit(1737411370.717:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f0b58585d29 code=0x7ffc0000 [ 752.047570][ T29] audit: type=1326 audit(1737411370.717:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b58585d29 code=0x7ffc0000 [ 752.344348][ T29] audit: type=1326 audit(1737411370.717:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b58585d29 code=0x7ffc0000 [ 761.966208][ T11] team0 (unregistering): Port device team_slave_1 removed [ 762.200131][ T11] team0 (unregistering): Port device team_slave_0 removed [ 764.616546][T14241] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2153'. [ 766.550379][T14253] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 766.717366][T14253] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 766.839536][T14253] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 766.989182][T14253] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 767.001370][T14051] chnl_net:caif_netlink_parms(): no params data found [ 767.194430][T14253] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 767.240074][T14253] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 767.253841][T14253] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 767.344434][T14253] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 767.392509][T14253] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 767.485011][T14253] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 767.649003][T14051] bridge0: port 1(bridge_slave_0) entered blocking state [ 767.792436][T14051] bridge0: port 1(bridge_slave_0) entered disabled state [ 767.821827][T14051] bridge_slave_0: entered allmulticast mode [ 768.056937][T14051] bridge_slave_0: entered promiscuous mode [ 768.065500][T14051] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.077417][T14051] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.085080][T14051] bridge_slave_1: entered allmulticast mode [ 768.092988][T14051] bridge_slave_1: entered promiscuous mode [ 768.123392][ T30] INFO: task syz.3.1890:12767 blocked for more than 143 seconds. [ 768.148341][ T30] Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 768.249497][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 768.932599][ T30] task:syz.3.1890 state:D stack:24048 pid:12767 tgid:12766 ppid:5832 flags:0x00004006 [ 768.947404][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 768.954066][T14061] Bluetooth: hci2: command 0x0406 tx timeout [ 768.963102][ T30] Call Trace: [ 768.966532][ T30] [ 768.969584][ T30] __schedule+0x17fb/0x4be0 [ 768.974279][ T30] ? __pfx___schedule+0x10/0x10 [ 768.979243][ T30] ? __pfx_lock_release+0x10/0x10 [ 768.984410][ T30] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 768.990427][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 768.996523][ T30] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 769.003094][ T30] ? schedule+0x90/0x320 [ 769.007447][ T30] schedule+0x14b/0x320 [ 769.011704][ T30] schedule_preempt_disabled+0x13/0x30 [ 769.017355][ T30] __mutex_lock+0x7e7/0xee0 [ 769.021974][ T30] ? __mutex_lock+0x5ef/0xee0 [ 769.026804][ T30] ? netfs_writepages+0x12b/0x9e0 [ 769.031943][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 769.037319][ T30] netfs_writepages+0x12b/0x9e0 [ 769.225755][ T30] ? mark_lock+0x9a/0x360 [ 769.230182][ T30] ? __pfx_lock_release+0x10/0x10 [ 769.243446][T14061] Bluetooth: hci4: command 0x0406 tx timeout [ 769.284223][T14291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 769.287680][ T30] ? __lock_acquire+0x1397/0x2100 [ 769.297756][ T30] ? __pfx_netfs_writepages+0x10/0x10 [ 769.303277][ T30] ? __pfx_netfs_writepages+0x10/0x10 [ 769.308722][ T30] do_writepages+0x35f/0x880 [ 769.313527][ T30] ? __pfx_do_writepages+0x10/0x10 [ 769.318701][ T30] ? filemap_fdatawrite+0x1e8/0x2a0 [ 769.324459][T14291] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 769.324671][T14061] Bluetooth: hci5: command 0x0c1a tx timeout [ 769.366616][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 769.371739][ T30] ? __pfx_lock_release+0x10/0x10 [ 769.377508][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 769.383280][ T30] ? wbc_attach_and_unlock_inode+0x561/0x580 [ 769.389334][ T30] filemap_fdatawrite+0x1f3/0x2a0 [ 769.395059][ T30] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 769.400895][ T30] ? kmem_cache_free+0x30e/0x410 [ 769.406670][ T30] ? __pfx_ima_file_free+0x10/0x10 [ 769.411872][ T30] v9fs_dir_release+0x151/0x560 [ 769.428034][ T30] ? __pfx___might_resched+0x10/0x10 [ 769.437212][ T30] ? __pfx_v9fs_dir_release+0x10/0x10 [ 769.452161][ T30] ? __pfx_call_rcu+0x10/0x10 [ 769.485797][ T30] ? evm_file_release+0x105/0x1e0 [ 769.491002][ T30] ? __pfx_v9fs_dir_release+0x10/0x10 [ 769.512353][ T30] __fput+0x23c/0xa50 [ 769.516705][ T30] task_work_run+0x24f/0x310 [ 769.601207][ T30] ? __phys_addr+0xba/0x170 [ 769.606208][ T30] ? __pfx_task_work_run+0x10/0x10 [ 769.611386][ T30] ? task_work_add+0x321/0x490 [ 769.643422][ T30] get_signal+0x15f7/0x1750 [ 769.648038][ T30] ? fput+0x1fa/0x290 [ 769.652068][ T30] ? __pfx_get_signal+0x10/0x10 [ 769.673186][ T30] arch_do_signal_or_restart+0x96/0x860 [ 769.678836][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 769.702427][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 769.708521][ T30] ? syscall_exit_to_user_mode+0xa3/0x340 [ 769.721209][ T30] syscall_exit_to_user_mode+0xce/0x340 [ 769.732664][ T30] do_syscall_64+0x100/0x230 [ 769.737465][ T30] ? clear_bhb_loop+0x35/0x90 [ 769.742195][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 769.763167][ T30] RIP: 0033:0x7f1b5a785d29 [ 769.767691][ T30] RSP: 002b:00007f1b5b5f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 769.792404][ T30] RAX: 0000000000563000 RBX: 00007f1b5a975fa0 RCX: 00007f1b5a785d29 [ 769.801252][ T30] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 769.822710][ T30] RBP: 00007f1b5a801b08 R08: 0000000000000000 R09: 0000000000000000 [ 769.830769][ T30] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000000 [ 769.838901][ T30] R13: 0000000000000000 R14: 00007f1b5a975fa0 R15: 00007ffd6a5a6de8 [ 769.847131][ T30] [ 769.872401][ T30] [ 769.872401][ T30] Showing all locks held in the system: [ 769.912356][ T30] 3 locks held by kworker/u8:0/11: [ 769.917545][ T30] #0: ffff88801baeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 770.002445][ T30] #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 770.029873][ T30] #2: ffffffff8e93d180 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x530 [ 770.058871][ T30] 1 lock held by khungtaskd/30: [ 770.068559][ T30] #0: ffffffff8e937da0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 [ 770.088817][ T30] 2 locks held by dhcpcd/5491: [ 770.096580][ T30] #0: ffff888011ef76c8 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0x119/0x790 [ 770.110148][ T30] #1: ffffffff8fca7ec8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x99/0x200 [ 770.124202][ T30] 2 locks held by getty/5581: [ 770.128937][ T30] #0: ffff88814dac50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 770.139370][ T30] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00 [ 770.150039][ T30] 1 lock held by syz-executor/5835: [ 770.155674][ T30] 2 locks held by kworker/u8:19/11042: [ 770.161179][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 770.173640][ T30] #1: ffffc90002ec7d00 ((work_completion)(&rreq->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 770.186757][ T30] 3 locks held by kworker/u8:20/11044: [ 770.193164][ T30] 2 locks held by kworker/1:2/11859: [ 770.198632][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 770.210460][ T30] #1: ffffc90004857d00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 770.221945][ T30] 1 lock held by syz-executor/12325: [ 770.227549][ T30] #0: ffffffff8fca7ec8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 [ 770.236832][ T30] 1 lock held by syz.3.1890/12767: [ 770.242000][ T30] #0: ffff8880582d9850 (&ctx->wb_lock){+.+.}-{4:4}, at: netfs_writepages+0x12b/0x9e0 [ 770.251803][ T30] 1 lock held by syz.3.1890/12772: [ 770.257034][ T30] #0: ffff8880582d9850 (&ctx->wb_lock){+.+.}-{4:4}, at: netfs_writepages+0xcf/0x9e0 [ 770.266839][ T30] 1 lock held by syz-executor/14051: [ 770.272150][ T30] #0: ffffffff8e93d2b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830 [ 770.283660][ T30] 2 locks held by syz.5.2136/14170: [ 770.288921][ T30] #0: ffffffff8fd0afb0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 770.297256][ T30] #1: ffffffff8ec03a88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x12d/0x1a90 [ 770.307557][ T30] 1 lock held by dhcpcd/14292: [ 770.312379][ T30] #0: ffff888031e32258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 770.322179][ T30] 2 locks held by dhcpcd/14293: [ 770.327293][ T30] #0: ffff8880263c6258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 770.337101][ T30] #1: ffffffff8e93d2b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830 [ 770.348163][ T30] 1 lock held by dhcpcd/14294: [ 770.353053][ T30] #0: ffff888028f34258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 770.363035][ T30] [ 770.366721][ T30] ============================================= [ 770.366721][ T30] [ 770.375500][ T30] NMI backtrace for cpu 1 [ 770.379885][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 770.390073][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 770.400177][ T30] Call Trace: [ 770.403513][ T30] [ 770.406488][ T30] dump_stack_lvl+0x241/0x360 [ 770.411250][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 770.416497][ T30] ? __pfx__printk+0x10/0x10 [ 770.421190][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 770.426190][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 770.431691][ T30] ? _printk+0xd5/0x120 [ 770.435891][ T30] ? __pfx__printk+0x10/0x10 [ 770.440515][ T30] ? __wake_up_klogd+0xcc/0x110 [ 770.445384][ T30] ? __pfx__printk+0x10/0x10 [ 770.449988][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 770.455027][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 770.461030][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 770.467038][ T30] watchdog+0xff6/0x1040 [ 770.471296][ T30] ? watchdog+0x1ea/0x1040 [ 770.475759][ T30] ? __pfx_watchdog+0x10/0x10 [ 770.480451][ T30] kthread+0x2f0/0x390 [ 770.484539][ T30] ? __pfx_watchdog+0x10/0x10 [ 770.489233][ T30] ? __pfx_kthread+0x10/0x10 [ 770.493844][ T30] ret_from_fork+0x4b/0x80 [ 770.498272][ T30] ? __pfx_kthread+0x10/0x10 [ 770.502881][ T30] ret_from_fork_asm+0x1a/0x30 [ 770.507676][ T30] [ 770.511247][ T30] Sending NMI from CPU 1 to CPUs 0: [ 770.516966][ C0] NMI backtrace for cpu 0 [ 770.516980][ C0] CPU: 0 UID: 0 PID: 11873 Comm: kworker/0:17 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 770.517000][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 770.517012][ C0] Workqueue: events drain_vmap_area_work [ 770.517043][ C0] RIP: 0010:__kernel_text_address+0x34/0x40 [ 770.517070][ C0] Code: 00 00 00 85 c0 0f 95 c0 48 c7 c1 00 d0 77 91 48 39 cb 0f 93 c1 48 c7 c2 6f c4 92 91 48 39 d3 0f 92 c2 20 ca 08 c2 0f b6 c2 5b cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 770.517084][ C0] RSP: 0018:ffffc90003c5f458 EFLAGS: 00000202 [ 770.517099][ C0] RAX: 0000000000000001 RBX: ffffc90003c5f4c8 RCX: ffffffff9177d000 [ 770.517111][ C0] RDX: ffffffff9192c401 RSI: ffffc90003c58000 RDI: ffffffff816975b0 [ 770.517124][ C0] RBP: ffffc90003c5f510 R08: ffffc90003c5fdc0 R09: 0000000000000000 [ 770.517136][ C0] R10: ffffc90003c5f4d0 R11: fffff5200078be9c R12: ffff88802f06da00 [ 770.517149][ C0] R13: ffffffff818b3080 R14: dffffc0000000000 R15: 1ffff9200078be99 [ 770.517163][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 770.517177][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 770.517189][ C0] CR2: 00007ffd014ff000 CR3: 000000005fd8a000 CR4: 00000000003526f0 [ 770.517205][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 770.517215][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 770.517225][ C0] Call Trace: [ 770.517231][ C0] [ 770.517238][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 770.517273][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 770.517294][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 770.517321][ C0] ? nmi_handle+0x2a/0x5a0 [ 770.517348][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 770.517374][ C0] ? nmi_handle+0x14f/0x5a0 [ 770.517393][ C0] ? nmi_handle+0x2a/0x5a0 [ 770.517413][ C0] ? __kernel_text_address+0x34/0x40 [ 770.517436][ C0] ? default_do_nmi+0x63/0x160 [ 770.517462][ C0] ? exc_nmi+0x123/0x1f0 [ 770.517486][ C0] ? end_repeat_nmi+0xf/0x53 [ 770.517510][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 770.517541][ C0] ? __init_begin+0x41000/0x41000 [ 770.517563][ C0] ? __pfx_use_tsc_delay+0x1/0x10 [ 770.517583][ C0] ? worker_thread+0x870/0xd30 [ 770.517600][ C0] ? __kernel_text_address+0x34/0x40 [ 770.517623][ C0] ? __kernel_text_address+0x34/0x40 [ 770.517647][ C0] ? __pfx_use_tsc_delay+0x1/0x10 [ 770.517667][ C0] ? __kernel_text_address+0x34/0x40 [ 770.517690][ C0] [ 770.517696][ C0] [ 770.517701][ C0] unwind_get_return_address+0x4d/0x90 [ 770.517721][ C0] arch_stack_walk+0xfd/0x150 [ 770.517744][ C0] ? worker_thread+0x870/0xd30 [ 770.517763][ C0] stack_trace_save+0x118/0x1d0 [ 770.517790][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 770.517823][ C0] save_stack+0xfb/0x1f0 [ 770.517847][ C0] ? __pfx_save_stack+0x10/0x10 [ 770.517869][ C0] ? free_unref_page+0xd2c/0x1000 [ 770.517889][ C0] ? kasan_depopulate_vmalloc_pte+0x74/0x90 [ 770.517912][ C0] ? __apply_to_page_range+0x806/0xde0 [ 770.517930][ C0] ? kasan_release_vmalloc+0xa5/0xd0 [ 770.517950][ C0] ? purge_vmap_node+0x22f/0x8d0 [ 770.517973][ C0] ? __purge_vmap_area_lazy+0x708/0xae0 [ 770.517997][ C0] ? drain_vmap_area_work+0x27/0x40 [ 770.518020][ C0] ? process_scheduled_works+0xa66/0x1840 [ 770.518051][ C0] ? page_ext_get+0x20/0x2a0 [ 770.518077][ C0] __reset_page_owner+0x76/0x430 [ 770.518105][ C0] free_unref_page+0xd2c/0x1000 [ 770.518131][ C0] kasan_depopulate_vmalloc_pte+0x74/0x90 [ 770.518154][ C0] __apply_to_page_range+0x806/0xde0 [ 770.518177][ C0] ? __pfx_kasan_depopulate_vmalloc_pte+0x10/0x10 [ 770.518203][ C0] ? __pfx___apply_to_page_range+0x10/0x10 [ 770.518226][ C0] ? __pfx_do_flush_tlb_all+0x10/0x10 [ 770.518258][ C0] kasan_release_vmalloc+0xa5/0xd0 [ 770.518281][ C0] purge_vmap_node+0x22f/0x8d0 [ 770.518305][ C0] ? preempt_schedule+0xe1/0xf0 [ 770.518324][ C0] ? __purge_vmap_area_lazy+0x2d9/0xae0 [ 770.518349][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 770.518376][ C0] ? __pfx_purge_vmap_node+0x10/0x10 [ 770.518402][ C0] ? on_each_cpu_cond_mask+0x74/0x80 [ 770.518429][ C0] __purge_vmap_area_lazy+0x708/0xae0 [ 770.518457][ C0] ? process_scheduled_works+0x976/0x1840 [ 770.518483][ C0] drain_vmap_area_work+0x27/0x40 [ 770.518507][ C0] process_scheduled_works+0xa66/0x1840 [ 770.518547][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 770.518579][ C0] ? assign_work+0x364/0x3d0 [ 770.518608][ C0] worker_thread+0x870/0xd30 [ 770.518628][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 770.518648][ C0] ? __kthread_parkme+0x169/0x1d0 [ 770.518668][ C0] ? __pfx_worker_thread+0x10/0x10 [ 770.518684][ C0] kthread+0x2f0/0x390 [ 770.518703][ C0] ? __pfx_worker_thread+0x10/0x10 [ 770.518719][ C0] ? __pfx_kthread+0x10/0x10 [ 770.518738][ C0] ret_from_fork+0x4b/0x80 [ 770.518754][ C0] ? __pfx_kthread+0x10/0x10 [ 770.518773][ C0] ret_from_fork_asm+0x1a/0x30 [ 770.518806][ C0] [ 771.111186][T14061] Bluetooth: hci2: command 0x0406 tx timeout [ 771.160444][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 771.167368][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 771.177565][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 771.187677][ T30] Call Trace: [ 771.190991][ T30] [ 771.193946][ T30] dump_stack_lvl+0x241/0x360 [ 771.198703][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 771.203946][ T30] ? __pfx__printk+0x10/0x10 [ 771.208575][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 771.214579][ T30] ? vscnprintf+0x5d/0x90 [ 771.218970][ T30] panic+0x349/0x880 [ 771.222901][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 771.229078][ T30] ? __pfx_panic+0x10/0x10 [ 771.233508][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 771.238896][ T30] ? __irq_work_queue_local+0x137/0x410 [ 771.244457][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 771.249928][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 771.256107][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 771.262303][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 771.268484][ T30] watchdog+0x1035/0x1040 [ 771.272831][ T30] ? watchdog+0x1ea/0x1040 [ 771.277265][ T30] ? __pfx_watchdog+0x10/0x10 [ 771.281956][ T30] kthread+0x2f0/0x390 [ 771.286039][ T30] ? __pfx_watchdog+0x10/0x10 [ 771.290729][ T30] ? __pfx_kthread+0x10/0x10 [ 771.295437][ T30] ret_from_fork+0x4b/0x80 [ 771.299862][ T30] ? __pfx_kthread+0x10/0x10 [ 771.304497][ T30] ret_from_fork_asm+0x1a/0x30 [ 771.309301][ T30] [ 771.312630][ T30] Kernel Offset: disabled [ 771.316964][ T30] Rebooting in 86400 seconds..