last executing test programs: 11.162100863s ago: executing program 0 (id=3427): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x5c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x4}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r1, 0xffffffffffffffff}, 0x4) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x44800) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x44, 0x1, 0x2, 0x801, 0x0, 0x0, {0x2}, [@CTA_EXPECT_MASTER={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x1e}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x40000000) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r6, &(0x7f0000000540)={@val={0x0, 0x800}, @val={0x1, 0x5, 0x6, 0x3, 0x80, 0x6}, @mpls={[], @ipv6=@icmpv6={0x2, 0x6, "a88a5c", 0x68, 0x3a, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x26}, {[], @dest_unreach={0x1, 0x5, 0x0, 0x6, '\x00', {0x4, 0x6, "31ef2d", 0x2, 0x0, 0x1, @private0, @mcast1, [@hopopts={0x11, 0x5, '\x00', [@enc_lim={0x4, 0x1, 0x5}, @ra={0x5, 0x2, 0xd1e2}, @enc_lim={0x4, 0x1, 0x2}, @jumbo={0xc2, 0x4, 0x3}, @calipso={0x7, 0x18, {0x1, 0x4, 0x0, 0x0, [0x1, 0x9]}}]}]}}}}}}, 0x9e) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), r4) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r8, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000640)={0x1f, @any, 0x6}, 0xa) ioctl$TUNSETIFF(r9, 0x400454ca, 0x0) write$cgroup_devices(r9, 0x0, 0xffdd) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$inet6(r10, &(0x7f0000000040)={&(0x7f0000000000)={0xa, 0x0, 0x4, @empty, 0x7f}, 0x1c, 0x0, 0x0, &(0x7f00000001c0)=[@rthdr_2292={{0x28, 0x29, 0x39, {0x29, 0x2, 0x2, 0x1, 0x0, [@mcast2]}}}, @rthdrdstopts={{0x18, 0x29, 0x37, {0x62}}}], 0x40}, 0x24004800) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x74, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @loopback}]}]}, 0x74}}, 0x0) sendmsg$IEEE802154_LIST_IFACE(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000480)=ANY=[@ANYRESDEC=r7, @ANYRES64=r10, @ANYRESHEX=r2, @ANYRES64=r8, @ANYRES16=r9, @ANYBLOB="7043b8a2309cd109fdf57340c168563bb8227f91b594aee0cf93c1059877536fe1c6eb14628b5a4fe3f9be44c5aafb2af38b75cb91fa68b10901f11e679d109c1d56562f97598e11fd1677cc244d4458e5f5b9b1ed", @ANYRESHEX=r9], 0x1c}, 0x1, 0x0, 0x0, 0xc804}, 0x8894) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000440)={0x200, 0x3, 0x8207, 0x81, 0x4, 0x3, 0x5, 0x5}, 0x20) r12 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0), r3) sendmsg$NLBL_CALIPSO_C_LIST(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="000825bd7000ffdbdf2503000000080002000200000008000100010000000800010003000000080001000100000008000200020000000800010001000000"], 0x44}, 0x1, 0x0, 0x0, 0x20040440}, 0x0) 10.147518817s ago: executing program 0 (id=3436): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="00020c"], 0x0, 0x0, 0x0}, 0x0) 6.846207413s ago: executing program 0 (id=3452): r0 = socket$inet(0x2, 0x802, 0x1) connect$inet(r0, &(0x7f0000002780)={0x2, 0x4e22, @remote}, 0x10) write(r0, &(0x7f0000000440)="08008edf773c8000", 0x8) recvmmsg(r0, &(0x7f0000007640)=[{{0x0, 0x0, 0x0}, 0xa8e9}], 0x98f223237edbfab7, 0x20, 0x0) 6.649051921s ago: executing program 0 (id=3456): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0) umount2(&(0x7f00000001c0)='./file0/file0/file0\x00', 0x2) 6.313863352s ago: executing program 0 (id=3461): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, 0x0) 5.242085097s ago: executing program 0 (id=3466): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') r1 = socket$inet_icmp(0x2, 0x2, 0x1) sendfile(r1, r0, 0x0, 0x10) 4.751785226s ago: executing program 32 (id=3466): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') r1 = socket$inet_icmp(0x2, 0x2, 0x1) sendfile(r1, r0, 0x0, 0x10) 4.736477237s ago: executing program 1 (id=3471): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x2) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000180)=""/224) 4.546539598s ago: executing program 1 (id=3474): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x6, 0x24, &(0x7f0000000740)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x40045506, 0x0) 4.280145737s ago: executing program 4 (id=3477): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000093c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba52344000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa182000000000000000000000000000000000000000000000000000000347e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000f40000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aee8ab3a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ddffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40) getdents64(r2, 0x0, 0x0) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)={0x10}, 0x0, 0x0, 0x0}) 4.249350332s ago: executing program 2 (id=3478): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180), 0x13f}}, 0x7e) write$RDMA_USER_CM_CMD_QUERY(r0, 0x0, 0x0) 4.069720829s ago: executing program 2 (id=3479): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r1, &(0x7f0000000040)={0x1a, 0x0, 0xfc, 0x54}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a) sendfile(r1, r2, 0x0, 0x45e3b4f4) getpeername$packet(r1, 0x0, 0x0) bind$llc(r0, 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff000) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r3}, 0x18) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000001840)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b}}, {}, [], {{}, {0x6, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$alg(0x26, 0x5, 0x0) 3.639940223s ago: executing program 1 (id=3482): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@newsa={0x138, 0x10, 0x713, 0x0, 0x4, {{@in6=@private1, @in=@loopback, 0x4e23, 0x0, 0x4e23, 0x0, 0x2, 0x0, 0x0, 0x5e}, {@in6=@remote, 0x4d0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x1, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff}, {0x0, 0x8000000, 0x0, 0x100000}, {}, 0xfffffffe, 0x0, 0xa, 0x4, 0xfc}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x4001000}, 0x0) 3.272458759s ago: executing program 4 (id=3484): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000240)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f00000003c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108) 2.46013549s ago: executing program 2 (id=3485): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$setperm(0x5, r0, 0x1c243811) keyctl$chown(0x4, r0, 0xee00, 0x0) keyctl$get_security(0x11, r0, 0x0, 0x0) 2.40986564s ago: executing program 1 (id=3486): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) syz_genetlink_get_family_id$smc(&(0x7f00000003c0), 0xffffffffffffffff) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000001c0), 0x4) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$llc_int(r2, 0x10c, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a300000000040000380080001400000000008000240000000002c0003801400010063616966300000000000000000000000140001006d6163766c616e3100000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a300000"], 0x110}}, 0x800) sendmsg$NFT_BATCH(r3, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) shutdown(r1, 0x1) ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) 2.315785966s ago: executing program 4 (id=3488): creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0xf4, 0x0, 0x0, 0x8}}, 0x50) 2.267154793s ago: executing program 3 (id=3489): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x40448c0}, 0x4004800) 2.068369244s ago: executing program 4 (id=3490): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000280)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8) r1 = socket$inet_icmp(0x2, 0x2, 0x1) sendto$inet(r1, &(0x7f0000000040)="cc215dd387d5b7071dee1fe574b8de2eab3ae7918d55b99c62b6a2661aa96975d9", 0x21, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x712, 0x0, 0xfffffffffffffd25) 2.01788126s ago: executing program 3 (id=3491): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xc, {"a2e3ad2107c752f91b25470987f70e06d038e7ff7fc6e5539b3264078b089b3b083468060890e0878f0e1ac6e70a9b3368959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31750d095d0636cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8e528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5e162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c23956dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c378069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d943b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dabd9d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b4827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058ec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x1, 0xfffff000, 0x2000}) 1.995266492s ago: executing program 2 (id=3492): listen(0xffffffffffffffff, 0x8) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$bt_sco(r0, &(0x7f0000000000), 0x8) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'dummy0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c58b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c8, &(0x7f0000000100)) 1.751695078s ago: executing program 3 (id=3493): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x9b, 0x10000, 0x5f40, 0x2, 0x12, 0x4a73}, 0x1c) 1.746643817s ago: executing program 2 (id=3494): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x13, 0x3, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000400"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@fallback=r0, r0, 0x2f, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000004c0)=ANY=[@ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB='/'], 0x20) 1.680018432s ago: executing program 1 (id=3495): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @local}, @time_exceeded={0x3, 0x5, 0x0, 0x3, 0x0, 0x6, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @broadcast, @multicast2}, "1a3f02eb38ad1bf6"}}}}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000700000000000000fbffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300000000000000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000018210000", @ANYRES32, @ANYBLOB="0000000000000101851000000700800018110000", @ANYRES32=0x1], &(0x7f0000000040)='GPL\x00', 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x5, 0x4, 0x80000000, 0x5}, 0x10, 0x169a0, 0xffffffffffffffff, 0x1, &(0x7f0000000300)=[r0, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000340)=[{0x1, 0x3, 0x8, 0x2}], 0x10, 0x1, @void, @value}, 0x94) syz_emit_ethernet(0x5a, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa0380c200000008004e00004c0000000000069078ac141400ac1e000107130ce0000002ac141400ac14140000000000440c05"], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000140), 0x0}, 0x20) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4004) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff0802110000"], 0x6f4}}, 0x0) 1.457919587s ago: executing program 3 (id=3496): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000500)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) syz_emit_vhci(&(0x7f0000001fc0)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x6, 0xc9}}}, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="04050400c9"], 0x7) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) openat$dir(0xffffffffffffff9c, 0x0, 0x208a82, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) 1.432145132s ago: executing program 2 (id=3497): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) r0 = fsopen(0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) readahead(r2, 0xb, 0x81) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0x0, 0x0) semget$private(0x0, 0x4, 0xc) bpf$MAP_CREATE(0xe4ffffff00000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x3f}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r4 = socket(0x1, 0x3, 0x0) bind$unix(r4, &(0x7f0000000400)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0) syz_usb_control_io(r5, 0x0, 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) 224.963982ms ago: executing program 1 (id=3498): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x20, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaa"], 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x81, 0xffff7ffffffffffe, 0x10000000000, 0x0, 0x0, 0x5, 0x7, 0x1, 0x1f9a, 0x9], 0xffff1000, 0x328a16}) ioctl$KVM_RUN(r2, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) 215.916208ms ago: executing program 4 (id=3499): creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0xf4, 0x0, 0x0, 0x8}}, 0x50) 162.022247ms ago: executing program 3 (id=3500): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) r1 = socket(0x28, 0x5, 0x0) r2 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r2, 0x0) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) 32.766594ms ago: executing program 3 (id=3501): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x301) 0s ago: executing program 4 (id=3502): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000240)=ANY=[@ANYBLOB="d8010000", @ANYRES16=r1, @ANYBLOB="010000000000fbdbdf25010000000800050001000000060006004e220000140002007767320000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5427c0108800c01008006000500070000002400020086650b35f0b4c2dc04a95e352f55e8204db1e72262099a4daa6bd5d598d1ecdb24000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002004e24ac1e0001000000000000000008000300000000009c0009801c000080060001000200000008000200e0000002050003000300000028000080060001000a0000001400020020010000"], 0x1d8}}, 0x0) kernel console output (not intermixed with test programs): d value for 'group_id' [ 234.158999][ T8273] fuse: Bad value for 'group_id' [ 234.827771][ T8303] netlink: 'syz.4.886': attribute type 2 has an invalid length. [ 234.923189][ T8303] : entered promiscuous mode [ 235.030509][ T8310] netlink: 36 bytes leftover after parsing attributes in process `syz.3.891'. [ 235.046633][ T8310] netlink: 16 bytes leftover after parsing attributes in process `syz.3.891'. [ 235.096000][ T8310] netlink: 36 bytes leftover after parsing attributes in process `syz.3.891'. [ 235.152667][ T8310] netlink: 36 bytes leftover after parsing attributes in process `syz.3.891'. [ 235.727820][ T2128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.741543][ T2128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.458763][ T8400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.934'. [ 239.319213][ T8434] netlink: 36 bytes leftover after parsing attributes in process `syz.2.945'. [ 239.463118][ T8434] netlink: 16 bytes leftover after parsing attributes in process `syz.2.945'. [ 239.642793][ T8434] netlink: 36 bytes leftover after parsing attributes in process `syz.2.945'. [ 239.776364][ T8434] netlink: 36 bytes leftover after parsing attributes in process `syz.2.945'. [ 240.005581][ T8440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.949'. [ 240.223592][ T2996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.248767][ T2996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.789523][ T8467] netlink: 36 bytes leftover after parsing attributes in process `syz.1.960'. [ 240.798654][ T8467] netlink: 16 bytes leftover after parsing attributes in process `syz.1.960'. [ 240.810144][ T8467] netlink: 36 bytes leftover after parsing attributes in process `syz.1.960'. [ 240.984960][ T8467] netlink: 36 bytes leftover after parsing attributes in process `syz.1.960'. [ 241.630843][ T8474] netlink: 8 bytes leftover after parsing attributes in process `syz.2.963'. [ 243.434115][ T8512] netlink: 8 bytes leftover after parsing attributes in process `syz.4.978'. [ 244.857660][ T8536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.986'. [ 245.262274][ T8536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.986'. [ 245.484607][ T8536] netlink: 4 bytes leftover after parsing attributes in process `syz.1.986'. [ 245.660140][ T55] Bluetooth: hci4: link tx timeout [ 245.665403][ T55] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 245.674198][ T55] Bluetooth: hci4: link tx timeout [ 245.680533][ T55] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 246.146452][ T8569] fuse: Unknown parameter 'grou00000000000000000000' [ 247.106539][ T8581] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1005'. [ 247.739319][ T55] Bluetooth: hci4: command 0x0406 tx timeout [ 248.002253][ T2996] Bluetooth: hci5: Frame reassembly failed (-84) [ 248.633915][ T8610] fuse: Unknown parameter 'group_i00000000000000000000' [ 250.046952][ T55] Bluetooth: hci5: command 0x1003 tx timeout [ 250.054436][ T5844] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 250.405307][ T8638] fuse: Unknown parameter 'group_i00000000000000000000' [ 251.447313][ T36] Bluetooth: hci5: Frame reassembly failed (-84) [ 252.859533][ T8684] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1038'. [ 253.195617][ T8693] fuse: Unknown parameter 'group_i00000000000000000000' [ 253.324787][ T8692] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1041'. [ 253.488124][ T5844] Bluetooth: hci5: command 0x1003 tx timeout [ 253.500438][ T55] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 254.941780][ T8717] smc: net device bond0 applied user defined pnetid SYZ0 [ 255.011988][ T8712] smc: net device bond0 erased user defined pnetid SYZ0 [ 255.740000][ T8726] fuse: Unknown parameter 'group_id00000000000000000000' [ 255.756593][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.058014][ T8734] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1056'. [ 257.105393][ T8750] smc: net device bond0 applied user defined pnetid SYZ0 [ 257.146511][ T8750] smc: net device bond0 erased user defined pnetid SYZ0 [ 257.531559][ T8763] IPVS: set_ctl: invalid protocol: 82 172.20.20.187:20004 [ 257.659743][ T8772] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1065'. [ 258.159795][ T52] usb 3-1: new low-speed USB device number 3 using dummy_hcd [ 258.282899][ T2996] Bluetooth: hci5: Frame reassembly failed (-84) [ 258.406142][ T52] usb 3-1: device descriptor read/64, error -71 [ 258.523073][ T8783] lo speed is unknown, defaulting to 1000 [ 258.666025][ T52] usb 3-1: new low-speed USB device number 4 using dummy_hcd [ 259.683958][ T52] usb 3-1: device descriptor read/64, error -71 [ 259.816965][ T52] usb usb3-port1: attempt power cycle [ 259.929208][ T8796] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1072'. [ 260.196038][ T52] usb 3-1: new low-speed USB device number 5 using dummy_hcd [ 260.241434][ T52] usb 3-1: device descriptor read/8, error -71 [ 260.286185][ T55] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 260.506027][ T52] usb 3-1: new low-speed USB device number 6 using dummy_hcd [ 260.670595][ T8805] smc: net device bond0 applied user defined pnetid SYZ0 [ 260.729864][ T8806] smc: net device bond0 erased user defined pnetid SYZ0 [ 260.774412][ T52] usb 3-1: device descriptor read/8, error -71 [ 260.799868][ T8808] bridge2: entered allmulticast mode [ 260.910234][ T52] usb usb3-port1: unable to enumerate USB device [ 261.744178][ T8831] fuse: Bad value for 'user_id' [ 261.753517][ T8831] fuse: Bad value for 'user_id' [ 262.751452][ T8842] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1084'. [ 264.247243][ T5832] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 264.486066][ T5832] usb 5-1: device descriptor read/64, error -71 [ 264.592470][ T1555] Bluetooth: hci5: Frame reassembly failed (-84) [ 264.731242][ T5832] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 264.903707][ T5832] usb 5-1: device descriptor read/64, error -71 [ 265.089273][ T5832] usb usb5-port1: attempt power cycle [ 265.716016][ T5832] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 266.364076][ T8884] fuse: Bad value for 'user_id' [ 266.372600][ T8884] fuse: Bad value for 'user_id' [ 266.616362][ T5844] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 266.623926][ T55] Bluetooth: hci5: command 0x1003 tx timeout [ 268.488829][ T8895] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1099'. [ 269.552488][ T5832] usb 5-1: device descriptor read/8, error -71 [ 269.952099][ T8921] fuse: Bad value for 'user_id' [ 269.957175][ T8921] fuse: Bad value for 'user_id' [ 271.214923][ T8939] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1111'. [ 271.981069][ T8950] autofs: Unknown parameter 'fd0x0000000000000000' [ 273.029253][ T8960] fuse: Bad value for 'fd' [ 273.874449][ T8975] netlink: 'syz.1.1125': attribute type 1 has an invalid length. [ 273.882313][ T8975] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1125'. [ 275.153572][ T8998] fuse: Bad value for 'fd' [ 275.389864][ T8995] autofs: Unknown parameter 'fd0x0000000000000000' [ 276.699784][ T9018] lo speed is unknown, defaulting to 1000 [ 277.265362][ T9018] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1139'. [ 277.670938][ T9042] fuse: Bad value for 'fd' [ 278.682574][ T9050] autofs: Unknown parameter 'fd0x0000000000000000' [ 282.131248][ T9100] fuse: Bad value for 'fd' [ 283.419657][ T9116] bridge1: entered allmulticast mode [ 284.007899][ T9132] siw: device registration error -23 [ 284.632431][ T9142] bridge3: entered allmulticast mode [ 284.972110][ T2996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.014244][ T2996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.461795][ T9170] siw: device registration error -23 [ 286.484075][ T9187] bridge1: entered allmulticast mode [ 287.223983][ T9201] siw: device registration error -23 [ 287.762744][ T9204] smc: net device bond0 applied user defined pnetid SYZ0 [ 287.827359][ T9204] smc: net device bond0 erased user defined pnetid SYZ0 [ 288.324213][ T9218] bridge4: entered allmulticast mode [ 288.782060][ T9225] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.789781][ T9225] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.419778][ T9225] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 289.440447][ T9225] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 289.622933][ T9225] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.631959][ T9225] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.641676][ T9225] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.650709][ T9225] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.741103][ T9225] bridge1: left allmulticast mode [ 289.751444][ T9225] bridge2: left allmulticast mode [ 289.760951][ T9225] bridge3: left allmulticast mode [ 289.773922][ T9225] bridge4: left allmulticast mode [ 290.112949][ T9263] bridge2: entered allmulticast mode [ 290.163411][ T9262] smc: net device bond0 applied user defined pnetid SYZ0 [ 290.195302][ T9269] smc: net device bond0 erased user defined pnetid SYZ0 [ 292.710076][ T9307] bridge3: entered allmulticast mode [ 296.684364][ T9376] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1267'. [ 296.697434][ T9376] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1267'. [ 296.709827][ T9376] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1267'. [ 296.720993][ T9376] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1267'. [ 298.203702][ T9395] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 298.490433][ T9411] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1279'. [ 298.595339][ T9411] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1279'. [ 298.728003][ T9411] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1279'. [ 298.840946][ T9411] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1279'. [ 299.388894][ T9428] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1284'. [ 299.807859][ T9444] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1292'. [ 300.976190][ T2996] wlan0: failed to finalize CSA on link 0, disconnecting [ 301.618079][ T9492] tipc: Enabling of bearer rejected, failed to enable media [ 301.828594][ T9503] __nla_validate_parse: 10 callbacks suppressed [ 301.828616][ T9503] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1313'. [ 301.911639][ T9505] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1317'. [ 301.927040][ T9503] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1313'. [ 301.946001][ T9503] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1313'. [ 301.977665][ T9503] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1313'. [ 302.023761][ T9505] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1317'. [ 302.102789][ T9507] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1315'. [ 303.881694][ T9549] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1333'. [ 304.033947][ T9556] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1336'. [ 305.294552][ T9579] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1346'. [ 307.681650][ T9629] __nla_validate_parse: 1 callbacks suppressed [ 307.681670][ T9629] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1367'. [ 309.112040][ T9659] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1378'. [ 309.555595][ T9670] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1381'. [ 310.485307][ T9691] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1390'. [ 311.378754][ T9701] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1393'. [ 313.915320][ T9774] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1421'. [ 314.130994][ T6131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.148880][ T6131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.310605][ T6131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.337650][ T6131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 316.573140][ T9843] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1446'. [ 316.666648][ T9843] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1446'. [ 316.697487][ T9843] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1446'. [ 316.762161][ T9843] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1446'. [ 317.108469][ T9855] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 317.176638][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.742552][ T9873] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 318.166829][ T9882] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1461'. [ 318.972729][ T9897] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1466'. [ 319.006028][ T9897] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1466'. [ 319.035997][ T9897] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1466'. [ 319.067778][ T9897] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1466'. [ 319.426108][ T9910] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1473'. [ 319.995159][ T9925] vlan3: entered promiscuous mode [ 320.022772][ T9925] vlan2: entered promiscuous mode [ 320.041719][ T9925] gretap0: entered promiscuous mode [ 320.053247][ T9923] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 320.402787][ T9936] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1484'. [ 320.833009][ T9946] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1487'. [ 320.877266][ T9946] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1487'. [ 320.939973][ T9946] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1487'. [ 321.014169][ T9946] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1487'. [ 321.676785][ T9971] sctp: [Deprecated]: syz.2.1498 (pid 9971) Use of struct sctp_assoc_value in delayed_ack socket option. [ 321.676785][ T9971] Use struct sctp_sack_info instead [ 322.752573][ T9984] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 323.370753][T10010] sctp: [Deprecated]: syz.4.1514 (pid 10010) Use of struct sctp_assoc_value in delayed_ack socket option. [ 323.370753][T10010] Use struct sctp_sack_info instead [ 324.253845][T10016] __nla_validate_parse: 2 callbacks suppressed [ 324.253865][T10016] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1519'. [ 324.506589][T10028] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1524'. [ 324.627873][T10032] netlink: zone id is out of range [ 324.633055][T10032] netlink: zone id is out of range [ 324.659484][T10032] netlink: zone id is out of range [ 324.664653][T10032] netlink: zone id is out of range [ 324.738401][T10038] fuse: Unknown parameter '00000000000000000000003' [ 325.081647][T10051] sctp: [Deprecated]: syz.2.1534 (pid 10051) Use of struct sctp_assoc_value in delayed_ack socket option. [ 325.081647][T10051] Use struct sctp_sack_info instead [ 325.474726][T10055] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1535'. [ 325.955207][T10065] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1538'. [ 326.183597][T10071] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1543'. [ 326.247503][T10073] netlink: zone id is out of range [ 326.275530][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1544'. [ 326.284594][T10073] netlink: zone id is out of range [ 326.291176][T10075] netlink: 'syz.3.1544': attribute type 1 has an invalid length. [ 326.299269][T10073] netlink: zone id is out of range [ 326.305280][T10073] netlink: zone id is out of range [ 326.337327][T10075] 8021q: adding VLAN 0 to HW filter on device bond2 [ 326.359193][T10075] bond2: (slave gretap1): making interface the new active one [ 326.373943][T10075] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 326.796483][T10095] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1553'. [ 327.161297][T10108] netlink: 'syz.0.1559': attribute type 16 has an invalid length. [ 327.169893][T10108] netlink: 'syz.0.1559': attribute type 3 has an invalid length. [ 327.178182][T10108] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1559'. [ 328.151507][T10125] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 328.160641][T10125] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 328.169641][T10125] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 328.178414][T10125] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 329.000785][T10131] bridge2: entered allmulticast mode [ 329.188365][T10136] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1568'. [ 329.426263][ T55] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 329.432750][ T5845] Bluetooth: hci5: command 0x1003 tx timeout [ 329.964731][T10164] bridge1: entered allmulticast mode [ 330.824297][T10175] fuse: Unknown parameter 'fd00000000000000000000003' [ 332.140420][T10201] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1591'. [ 332.183213][T10200] netlink: 'syz.3.1592': attribute type 10 has an invalid length. [ 332.300246][T10200] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 332.706702][T10214] fuse: Unknown parameter 'fd00000000000000000000003' [ 332.748972][T10215] netlink: 'syz.2.1597': attribute type 2 has an invalid length. [ 332.798271][T10215] : entered promiscuous mode [ 333.477088][T10236] netlink: 'syz.0.1606': attribute type 10 has an invalid length. [ 333.529155][T10236] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 333.704759][T10242] fuse: Unknown parameter 'fd00000000000000000000003' [ 334.266216][ T5832] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 334.467063][ T5832] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 334.475962][ T5832] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 334.501763][ T5832] usb 2-1: config 0 has no interface number 0 [ 334.526177][ T5832] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 334.536387][ T5832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.544385][ T5832] usb 2-1: Product: syz [ 334.548708][ T5832] usb 2-1: Manufacturer: syz [ 334.554543][ T5832] usb 2-1: SerialNumber: syz [ 334.579856][ T5832] usb 2-1: config 0 descriptor?? [ 334.598051][ T5832] hub 2-1:0.31: bad descriptor, ignoring hub [ 334.613013][ T5832] hub 2-1:0.31: probe with driver hub failed with error -5 [ 334.652405][ T5832] usb 2-1: Found UVC 0.04 device syz (046d:08c3) [ 334.678556][ T5832] uvcvideo 2-1:0.31: Entity type for entity Output 6 was not initialized! [ 334.717872][ T5832] usb 2-1: Failed to create links for entity 6 [ 334.750085][ T5832] usb 2-1: Failed to register entities (-22). [ 334.919518][T10250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 334.929709][T10250] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 335.765091][T10293] netlink: 'syz.0.1629': attribute type 1 has an invalid length. [ 336.591085][T10317] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1637'. [ 337.296764][ T5884] usb 2-1: USB disconnect, device number 4 [ 338.335502][T10347] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1646'. [ 339.146121][ T5884] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 340.295266][ T5884] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 340.331085][ T5884] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 340.377070][ T5884] usb 2-1: config 0 has no interface number 0 [ 340.478274][ T5884] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 340.526509][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.542016][ T5884] usb 2-1: Product: syz [ 340.555988][ T5884] usb 2-1: Manufacturer: syz [ 340.560638][ T5884] usb 2-1: SerialNumber: syz [ 340.579739][T10388] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1662'. [ 340.600622][ T5884] usb 2-1: config 0 descriptor?? [ 340.669707][ T5884] hub 2-1:0.31: bad descriptor, ignoring hub [ 340.690237][ T5884] hub 2-1:0.31: probe with driver hub failed with error -5 [ 340.726482][ T5884] usb 2-1: Found UVC 0.04 device syz (046d:08c3) [ 340.753512][ T5884] uvcvideo 2-1:0.31: Entity type for entity Output 6 was not initialized! [ 340.814630][ T5884] usb 2-1: Failed to create links for entity 6 [ 340.863287][ T5884] usb 2-1: Failed to register entities (-22). [ 340.875836][T10367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 340.919469][T10367] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 341.048090][T10399] netlink: 'syz.2.1664': attribute type 1 has an invalid length. [ 341.060635][T10399] netlink: 'syz.2.1664': attribute type 1 has an invalid length. [ 341.070960][T10399] netlink: 192 bytes leftover after parsing attributes in process `syz.2.1664'. [ 341.076677][T10400] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1665'. [ 341.159723][T10396] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1664'. [ 342.648029][T10420] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1672'. [ 342.751151][T10420] netlink: 'syz.4.1672': attribute type 1 has an invalid length. [ 342.838344][T10420] 8021q: adding VLAN 0 to HW filter on device bond2 [ 342.906753][ T52] usb 2-1: USB disconnect, device number 5 [ 342.986741][T10424] bond2: (slave gretap1): making interface the new active one [ 343.027429][T10424] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 343.042735][T10433] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1678'. [ 344.554865][T10459] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1691'. [ 344.800109][T10472] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1692'. [ 344.860378][T10472] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1692'. [ 344.886067][T10472] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1692'. [ 344.908942][ T52] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 344.928932][T10472] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1692'. [ 345.121657][ T52] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 345.147406][ T52] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.175059][ T52] usb 4-1: config 0 has no interface number 0 [ 345.211192][ T52] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 345.280766][ T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.319732][ T52] usb 4-1: Product: syz [ 345.323955][ T52] usb 4-1: Manufacturer: syz [ 345.394617][ T52] usb 4-1: SerialNumber: syz [ 345.412855][ T52] usb 4-1: config 0 descriptor?? [ 345.438841][ T52] hub 4-1:0.31: bad descriptor, ignoring hub [ 345.447915][ T52] hub 4-1:0.31: probe with driver hub failed with error -5 [ 345.459342][ T52] usb 4-1: Found UVC 0.04 device syz (046d:08c3) [ 345.466251][ T52] uvcvideo 4-1:0.31: Entity type for entity Output 6 was not initialized! [ 345.474921][ T52] usb 4-1: Failed to create links for entity 6 [ 345.481918][ T52] usb 4-1: Failed to register entities (-22). [ 345.716737][T10465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.902990][T10465] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 348.417497][ T52] usb 4-1: USB disconnect, device number 5 [ 349.217588][T10545] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1722'. [ 349.716293][ T9] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 349.897910][ T9] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 349.951567][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 350.027324][ T9] usb 2-1: config 0 has no interface number 0 [ 350.050197][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 350.095954][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.104315][ T9] usb 2-1: Product: syz [ 350.114449][ T9] usb 2-1: Manufacturer: syz [ 350.119368][ T9] usb 2-1: SerialNumber: syz [ 350.140069][ T9] usb 2-1: config 0 descriptor?? [ 350.158381][ T9] hub 2-1:0.31: bad descriptor, ignoring hub [ 350.175720][ T9] hub 2-1:0.31: probe with driver hub failed with error -5 [ 350.195657][ T9] usb 2-1: Found UVC 0.04 device syz (046d:08c3) [ 350.365013][ T9] uvcvideo 2-1:0.31: Entity type for entity Output 6 was not initialized! [ 350.934160][T10552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.966632][ T9] usb 2-1: Failed to create links for entity 6 [ 350.983952][T10552] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 351.003752][ T9] usb 2-1: Failed to register entities (-22). [ 351.479497][T10583] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1736'. [ 351.842304][T10594] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1741'. [ 352.675465][T10614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1751'. [ 352.828454][ T9] usb 2-1: USB disconnect, device number 6 [ 352.950673][T10623] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1754'. [ 353.395122][T10640] lo speed is unknown, defaulting to 1000 [ 353.404373][T10640] lo speed is unknown, defaulting to 1000 [ 353.414573][T10640] lo speed is unknown, defaulting to 1000 [ 353.915949][ T5868] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 353.989673][T10651] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1765'. [ 354.086696][ T5868] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 354.095416][ T5868] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 354.108018][ T5868] usb 4-1: config 0 has no interface number 0 [ 354.149930][ T5868] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 354.165975][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.185387][ T5868] usb 4-1: Product: syz [ 354.205118][ T5868] usb 4-1: Manufacturer: syz [ 354.227548][T10640] infiniband syz0: set down [ 354.233250][ T5832] lo speed is unknown, defaulting to 1000 [ 354.239864][ T5868] usb 4-1: SerialNumber: syz [ 354.261378][ T5868] usb 4-1: config 0 descriptor?? [ 354.275464][T10640] infiniband syz0: added lo [ 354.291700][ T5868] hub 4-1:0.31: bad descriptor, ignoring hub [ 354.310840][ T5868] hub 4-1:0.31: probe with driver hub failed with error -5 [ 354.329297][ T5868] usb 4-1: Found UVC 0.04 device syz (046d:08c3) [ 354.346200][ T5868] uvcvideo 4-1:0.31: Entity type for entity Output 6 was not initialized! [ 354.365030][ T5868] usb 4-1: Failed to create links for entity 6 [ 354.383393][ T5868] usb 4-1: Failed to register entities (-22). [ 354.508588][T10647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 354.517734][T10647] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 354.647446][T10640] RDS/IB: syz0: added [ 354.663644][T10640] smc: adding ib device syz0 with port count 1 [ 354.664913][T10661] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1768'. [ 354.679128][T10640] smc: ib device syz0 port 1 has pnetid [ 354.704957][T10640] lo speed is unknown, defaulting to 1000 [ 354.729328][ T9] lo speed is unknown, defaulting to 1000 [ 355.508084][T10679] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1776'. [ 355.870245][T10640] lo speed is unknown, defaulting to 1000 [ 355.880051][T10690] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1780'. [ 356.601363][T10640] lo speed is unknown, defaulting to 1000 [ 356.711037][T10702] fuse: Unknown parameter '0xffffffffffffffff' [ 357.736412][ T5832] usb 4-1: USB disconnect, device number 6 [ 357.789348][T10711] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1789'. [ 357.951746][T10718] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1791'. [ 358.257294][T10640] lo speed is unknown, defaulting to 1000 [ 358.558487][T10734] fuse: Unknown parameter '0xffffffffffffffff' [ 359.861308][T10745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1803'. [ 360.037662][T10750] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1805'. [ 360.071712][T10640] lo speed is unknown, defaulting to 1000 [ 361.561171][T10767] libceph: resolve '4' (ret=-3): failed [ 363.476281][T10793] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1822'. [ 363.669254][T10799] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1825'. [ 364.002803][T10803] libceph: resolve '4' (ret=-3): failed [ 365.176731][ T5884] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 365.382382][T10826] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1835'. [ 365.471443][ T5884] usb 5-1: config 0 has an invalid interface number: 31 but max is 0 [ 365.494490][ T5884] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 365.581766][ T5884] usb 5-1: config 0 has no interface number 0 [ 365.682950][T10838] netlink: 'syz.2.1839': attribute type 1 has an invalid length. [ 365.684699][ T5884] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 365.751795][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.772737][T10838] 8021q: adding VLAN 0 to HW filter on device bond1 [ 365.796004][ T5884] usb 5-1: Product: syz [ 365.800372][ T5884] usb 5-1: Manufacturer: syz [ 365.805151][ T5884] usb 5-1: SerialNumber: syz [ 365.819496][ T5884] usb 5-1: config 0 descriptor?? [ 365.873467][ T5884] hub 5-1:0.31: bad descriptor, ignoring hub [ 365.888623][ T5884] hub 5-1:0.31: probe with driver hub failed with error -5 [ 365.993106][ T5884] usb 5-1: Found UVC 0.04 device syz (046d:08c3) [ 366.038031][ T5884] uvcvideo 5-1:0.31: Entity type for entity Output 6 was not initialized! [ 366.067458][T10813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 366.068478][ T5884] usb 5-1: Failed to create links for entity 6 [ 366.085292][T10813] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 366.101772][ T5884] usb 5-1: Failed to register entities (-22). [ 366.923253][T10863] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1849'. [ 367.591143][T10879] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1856'. [ 367.856792][T10879] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1856'. [ 368.396303][T10888] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1859'. [ 368.417524][ T5868] usb 5-1: USB disconnect, device number 6 [ 368.689475][T10892] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1862'. [ 369.046795][T10906] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1868'. [ 369.056154][T10906] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1868'. [ 369.295754][T10916] netlink: 'syz.2.1872': attribute type 5 has an invalid length. [ 369.340309][T10916] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1872'. [ 369.584882][T10920] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1874'. [ 370.291488][ T5868] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 370.364751][T10925] netlink: 'syz.0.1876': attribute type 1 has an invalid length. [ 370.521713][ T5868] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 370.546194][ T5868] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 370.586690][ T5868] usb 4-1: config 0 has no interface number 0 [ 370.620173][ T5868] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 370.641323][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.666777][ T5868] usb 4-1: Product: syz [ 370.676188][ T5868] usb 4-1: Manufacturer: syz [ 370.690064][ T5868] usb 4-1: SerialNumber: syz [ 370.757553][ T5868] usb 4-1: config 0 descriptor?? [ 370.807327][ T5868] hub 4-1:0.31: bad descriptor, ignoring hub [ 370.813477][ T5868] hub 4-1:0.31: probe with driver hub failed with error -5 [ 370.906933][ T5868] usb 4-1: Found UVC 0.04 device syz (046d:08c3) [ 370.913401][ T5868] uvcvideo 4-1:0.31: Entity type for entity Output 6 was not initialized! [ 370.928544][ T5868] usb 4-1: Failed to create links for entity 6 [ 370.935181][ T5868] usb 4-1: Failed to register entities (-22). [ 371.019864][T10914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 371.028945][T10914] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 371.091002][T10940] smc: net device bond0 applied user defined pnetid SYZ0 [ 371.795724][T10953] netlink: 'syz.1.1885': attribute type 5 has an invalid length. [ 371.804446][T10953] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1885'. [ 372.004520][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1887'. [ 373.416619][ T9] usb 4-1: USB disconnect, device number 7 [ 375.982621][T11016] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1905'. [ 376.855927][ T9] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 377.192748][ T9] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 377.251015][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 377.326034][ T9] usb 2-1: config 0 has no interface number 0 [ 377.376327][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 377.388644][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.401206][ T9] usb 2-1: Product: syz [ 377.405504][ T9] usb 2-1: Manufacturer: syz [ 377.418251][ T9] usb 2-1: SerialNumber: syz [ 377.432913][ T9] usb 2-1: config 0 descriptor?? [ 377.456053][ T9] hub 2-1:0.31: bad descriptor, ignoring hub [ 377.462469][ T9] hub 2-1:0.31: probe with driver hub failed with error -5 [ 377.473545][ T9] usb 2-1: Found UVC 0.04 device syz (046d:08c3) [ 377.493619][ T9] uvcvideo 2-1:0.31: Entity type for entity Output 6 was not initialized! [ 377.534441][ T9] usb 2-1: Failed to create links for entity 6 [ 377.546025][ T9] usb 2-1: Failed to register entities (-22). [ 377.674567][T11006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 377.684734][T11006] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.598506][T11054] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1912'. [ 380.482882][T11069] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1917'. [ 380.536279][ T5868] usb 2-1: USB disconnect, device number 7 [ 381.119913][T11079] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1920'. [ 381.587998][T11085] fuse: Bad value for 'fd' [ 382.346747][T11094] netlink: 'syz.3.1924': attribute type 4 has an invalid length. [ 382.424516][T11096] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.1926'. [ 382.739368][T11105] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1930'. [ 384.565973][ T5868] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 384.756236][T11128] fuse: Bad value for 'fd' [ 384.772589][ T5868] usb 5-1: config 0 has an invalid interface number: 31 but max is 0 [ 384.910134][ T5868] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 385.029581][ T5868] usb 5-1: config 0 has no interface number 0 [ 385.124841][ T5868] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 385.310801][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.427274][ T5868] usb 5-1: Product: syz [ 385.485097][ T5868] usb 5-1: Manufacturer: syz [ 385.570112][ T5868] usb 5-1: SerialNumber: syz [ 385.663598][ T5868] usb 5-1: config 0 descriptor?? [ 385.673282][T11130] netlink: 'syz.1.1937': attribute type 4 has an invalid length. [ 385.957769][T11136] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.1940'. [ 386.100914][T11140] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1942'. [ 386.175240][ T5868] usb 5-1: can't set config #0, error -71 [ 386.191236][ T5868] usb 5-1: USB disconnect, device number 7 [ 386.888990][T11155] fuse: Bad value for 'fd' [ 387.371690][T11160] netlink: 'syz.1.1950': attribute type 4 has an invalid length. [ 387.833213][T11181] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 387.855757][T11179] netlink: 'syz.1.1958': attribute type 1 has an invalid length. [ 387.902914][T11179] netlink: 'syz.1.1958': attribute type 1 has an invalid length. [ 387.933908][T11179] netlink: 192 bytes leftover after parsing attributes in process `syz.1.1958'. [ 388.199604][T11187] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1958'. [ 388.231591][ T5868] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 389.092015][T11196] fuse: Bad value for 'fd' [ 389.905953][ T5868] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 389.942597][ T5868] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 389.967717][ T5868] usb 3-1: config 0 has no interface number 0 [ 389.989610][T11198] netlink: 'syz.3.1963': attribute type 4 has an invalid length. [ 390.008526][ T5868] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 390.070708][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.157501][ T5868] usb 3-1: Product: syz [ 390.161738][ T5868] usb 3-1: Manufacturer: syz [ 390.248372][ T5868] usb 3-1: SerialNumber: syz [ 390.300052][ T5868] usb 3-1: config 0 descriptor?? [ 390.331049][ T5868] hub 3-1:0.31: bad descriptor, ignoring hub [ 390.356184][ T5868] hub 3-1:0.31: probe with driver hub failed with error -5 [ 390.398489][ T5868] usb 3-1: Found UVC 0.04 device syz (046d:08c3) [ 390.413927][ T5868] uvcvideo 3-1:0.31: Entity type for entity Output 6 was not initialized! [ 390.422767][ T5868] usb 3-1: Failed to create links for entity 6 [ 390.432344][ T5868] usb 3-1: Failed to register entities (-22). [ 390.777393][T11184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.821344][T11184] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 392.474482][T11225] netlink: 'syz.3.1969': attribute type 1 has an invalid length. [ 392.515140][T11225] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1969'. [ 393.738916][T11240] fuse: Bad value for 'fd' [ 393.870862][ T5868] usb 3-1: USB disconnect, device number 7 [ 394.992358][T11265] netlink: 'syz.0.1982': attribute type 10 has an invalid length. [ 396.915192][T11296] fuse: Bad value for 'fd' [ 397.586144][ T5868] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 398.060031][ T5868] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 398.074442][ T5868] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 398.125419][ T5868] usb 4-1: config 0 has no interface number 0 [ 398.329052][ T5868] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 398.347173][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.364637][ T5868] usb 4-1: Product: syz [ 398.376424][ T5868] usb 4-1: Manufacturer: syz [ 398.381058][ T5868] usb 4-1: SerialNumber: syz [ 398.406820][T11307] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1996'. [ 398.464063][ T5868] usb 4-1: config 0 descriptor?? [ 398.513813][ T5868] hub 4-1:0.31: bad descriptor, ignoring hub [ 398.557270][ T5868] hub 4-1:0.31: probe with driver hub failed with error -5 [ 398.600745][ T5868] usb 4-1: Found UVC 0.04 device syz (046d:08c3) [ 398.617068][ T5868] uvcvideo 4-1:0.31: Entity type for entity Output 6 was not initialized! [ 398.654810][ T5868] usb 4-1: Failed to create links for entity 6 [ 398.675890][ T5868] usb 4-1: Failed to register entities (-22). [ 398.720737][T11293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 398.730528][T11293] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 399.061120][T11308] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 399.206230][T11325] fuse: Bad value for 'fd' [ 400.232617][T11328] rdma_rxe: rxe_newlink: failed to add lo [ 400.529666][ T5868] usb 4-1: USB disconnect, device number 8 [ 400.941139][T11354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2007'. [ 401.448302][T11348] fuse: Bad value for 'fd' [ 402.224117][T11372] netlink: 180 bytes leftover after parsing attributes in process `syz.0.2020'. [ 402.238463][T11372] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2020'. [ 402.268839][T11377] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 402.287950][T11372] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2020'. [ 402.330421][T11372] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2020'. [ 402.374645][T11379] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 402.429316][T11382] batadv0: entered promiscuous mode [ 402.448079][T11382] macsec0: entered promiscuous mode [ 403.079051][T11398] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2027'. [ 403.842345][T11408] rdma_rxe: rxe_newlink: failed to add lo [ 403.984090][T11412] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2035'. [ 404.166932][T11418] macsec0: entered promiscuous mode [ 404.174118][T11418] batadv0: entered promiscuous mode [ 404.219246][T11421] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2039'. [ 404.767910][T11434] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2043'. [ 406.039980][T11449] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2048'. [ 406.131719][T11452] bridge_slave_0: left allmulticast mode [ 406.162640][T11452] bridge_slave_0: left promiscuous mode [ 406.183595][T11452] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.199930][T11452] bridge_slave_1: left allmulticast mode [ 406.207473][T11452] bridge_slave_1: left promiscuous mode [ 406.214824][T11452] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.238578][T11452] bond0: (slave bond_slave_0): Releasing backup interface [ 406.272854][T11452] bond0: (slave bond_slave_1): Releasing backup interface [ 406.291085][T11452] team0: Port device team_slave_0 removed [ 406.316910][T11452] team0: Port device team_slave_1 removed [ 406.323362][T11452] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 406.339749][T11452] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 406.353091][T11452] bond0: (slave netdevsim0): Releasing backup interface [ 406.372823][T11452] bond2: (slave gretap1): Releasing active interface [ 406.561792][T11471] rdma_rxe: rxe_newlink: failed to add lo [ 406.856567][T11479] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2058'. [ 407.780129][T11481] siw: device registration error -23 [ 408.942658][T11483] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 410.486884][T11571] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2099'. [ 410.912579][T11581] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2104'. [ 410.926236][T11581] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2104'. [ 411.325331][T11599] netlink: 'syz.2.2113': attribute type 4 has an invalid length. [ 411.878861][T11626] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 413.404032][T11665] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2136'. [ 415.110646][T11725] netlink: 'syz.1.2158': attribute type 1 has an invalid length. [ 415.144123][T11725] netlink: 'syz.1.2158': attribute type 1 has an invalid length. [ 415.153241][T11725] netlink: 192 bytes leftover after parsing attributes in process `syz.1.2158'. [ 415.176879][T11725] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2158'. [ 415.327570][T11733] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 416.387069][T11746] fuse: Bad value for 'fd' [ 416.396837][T11746] overlayfs: missing 'lowerdir' [ 416.841820][T11751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2165'. [ 417.739899][T11784] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2181'. [ 417.822084][T11783] lo speed is unknown, defaulting to 1000 [ 417.914343][T11783] lo speed is unknown, defaulting to 1000 [ 418.281253][T11795] netlink: 'syz.3.2187': attribute type 4 has an invalid length. [ 418.678990][T11815] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2194'. [ 419.092820][T11831] netlink: 'syz.1.2200': attribute type 4 has an invalid length. [ 419.387268][T11841] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 419.394461][T11841] overlayfs: failed to set xattr on upper [ 419.419579][T11841] overlayfs: ...falling back to redirect_dir=nofollow. [ 419.443741][T11841] overlayfs: ...falling back to index=off. [ 419.457191][T11841] overlayfs: ...falling back to uuid=null. [ 419.521086][T11846] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2207'. [ 419.902470][T11863] netlink: 'syz.0.2213': attribute type 4 has an invalid length. [ 420.368884][T11879] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2220'. [ 421.451851][T11905] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2230'. [ 422.054876][T11922] bridge1: left allmulticast mode [ 422.091711][T11922] bridge2: left allmulticast mode [ 422.168665][T11922] bridge3: left allmulticast mode [ 422.192626][T11922] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 422.202016][T11922] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 422.211636][T11922] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 422.221059][T11922] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 422.470115][T11922] batadv0: left promiscuous mode [ 422.558035][T11922] macsec0: left promiscuous mode [ 423.672198][T11950] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2245'. [ 425.447191][T11987] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2260'. [ 425.646122][ T55] Bluetooth: hci4: command 0x0406 tx timeout [ 425.844177][T12008] rdma_rxe: rxe_newlink: failed to add lo [ 426.121306][T12020] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2275'. [ 426.488101][T12037] rdma_rxe: rxe_newlink: failed to add lo [ 426.557097][ T55] Bluetooth: hci3: unexpected event for opcode 0x0c05 [ 426.746891][T12049] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2289'. [ 428.102799][T12077] rdma_rxe: rxe_newlink: failed to add lo [ 429.691109][T12106] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 429.723197][T12110] smc: net device bond0 erased user defined pnetid SYZ0 [ 431.198153][T12136] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 432.412726][T12155] smc: net device bond0 applied user defined pnetid SYZ0 [ 432.453013][T12155] smc: net device bond0 erased user defined pnetid SYZ0 [ 433.431547][T12176] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2333'. [ 433.715967][ T975] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 434.505923][ T975] usb 4-1: Using ep0 maxpacket: 16 [ 434.518074][ T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 434.536256][ T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 434.562044][ T975] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 434.611506][ T975] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 434.662366][ T975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.707419][ T975] usb 4-1: config 0 descriptor?? [ 435.410081][T12180] random: crng reseeded on system resumption [ 435.798316][ T975] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 435.805714][ T975] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 435.854144][ T975] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 435.856026][T12216] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2347'. [ 435.879845][ T975] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 435.911490][T12220] smc: net device bond0 applied user defined pnetid SYZ0 [ 435.921237][ T975] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 435.951620][ T975] input: HID 0955:7214 Haptics as /devices/virtual/input/input6 [ 435.963123][T12222] smc: net device bond0 erased user defined pnetid SYZ0 [ 436.089438][ T975] shield 0003:0955:7214.0001: Registered Thunderstrike controller [ 436.110418][ T975] shield 0003:0955:7214.0001: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.3-1/input0 [ 436.319447][T12233] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2352'. [ 436.501219][T12236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2350'. [ 437.084613][T12210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 437.108530][T12210] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 437.238751][ T5884] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN [ 437.288027][ T5884] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 437.331031][ T5884] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPIPE [ 437.373054][ T5884] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 437.389438][ T975] usb 4-1: reset high-speed USB device number 9 using dummy_hcd [ 437.657598][T12263] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2361'. [ 438.513813][ T69] Bluetooth: hci5: Frame reassembly failed (-84) [ 438.585134][ T69] Bluetooth: hci5: Frame reassembly failed (-84) [ 439.128618][T12280] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2365'. [ 439.144755][T12272] tipc: Started in network mode [ 439.153861][T12272] tipc: Node identity 4e4d8c11b378, cluster identity 4711 [ 439.176323][T12272] tipc: Enabled bearer , priority 0 [ 439.235463][T12280] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2365'. [ 439.335629][T12272] syzkaller0: entered promiscuous mode [ 439.345035][T12272] syzkaller0: entered allmulticast mode [ 439.355595][T12272] tipc: Resetting bearer [ 439.584403][T12292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2366'. [ 440.086304][ T9] usb 4-1: USB disconnect, device number 9 [ 440.180346][T12242] tipc: Resetting bearer [ 440.219061][T12270] tipc: Resetting bearer [ 440.233639][T12300] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2369'. [ 440.372413][ T975] tipc: Node number set to 4248144913 [ 440.529031][ T5844] Bluetooth: hci5: command 0x1003 tx timeout [ 440.535462][ T55] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 441.691872][T12270] tipc: Disabling bearer [ 442.109991][T12332] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2378'. [ 442.111010][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 442.127195][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 442.140336][T12332] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2378'. [ 443.823147][T12354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2383'. [ 444.509052][T12371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2391'. [ 444.555462][T12371] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2391'. [ 445.035021][T12390] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2399'. [ 445.065167][T12390] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2399'. [ 445.081513][T12390] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2399'. [ 445.506673][T12405] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2400'. [ 445.833675][ T55] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 446.566079][T12431] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2411'. [ 446.658341][T12434] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2412'. [ 447.413167][T12242] Bluetooth: hci5: Frame reassembly failed (-84) [ 447.476754][T12242] Bluetooth: hci5: Frame reassembly failed (-84) [ 447.983672][T12457] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2420'. [ 447.995944][T12457] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2420'. [ 449.407363][ T5844] Bluetooth: hci5: command 0x1003 tx timeout [ 449.415918][ T55] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 450.116968][T12495] __nla_validate_parse: 1 callbacks suppressed [ 450.116994][T12495] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2431'. [ 450.139901][T12495] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4) [ 450.240510][T12503] smc: net device bond0 applied user defined pnetid SYZ0 [ 450.253693][T12503] smc: net device bond0 erased user defined pnetid SYZ0 [ 450.332560][T12506] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2437'. [ 450.393205][T12509] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2438'. [ 450.645942][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 450.690875][T12514] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2439'. [ 450.817928][ T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 450.855923][ T9] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 450.900315][ T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 450.918869][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.965547][T12507] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 451.002765][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 451.405738][ T5087] Bluetooth: hci5: Frame reassembly failed (-84) [ 452.310185][T12534] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2449'. [ 452.322541][T12533] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2446'. [ 452.881394][ T5868] usb 5-1: new low-speed USB device number 8 using dummy_hcd [ 453.025953][ T5868] usb 5-1: device descriptor read/64, error -71 [ 453.295928][ T5868] usb 5-1: new low-speed USB device number 9 using dummy_hcd [ 453.486725][ T55] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 453.493273][ T5844] Bluetooth: hci5: command 0x1003 tx timeout [ 453.766007][ T5868] usb 5-1: device descriptor read/64, error -71 [ 453.939272][ T5868] usb usb5-port1: attempt power cycle [ 454.286138][ T5868] usb 5-1: new low-speed USB device number 10 using dummy_hcd [ 454.308753][ T5868] usb 5-1: device descriptor read/8, error -71 [ 454.559723][ T5868] usb 5-1: new low-speed USB device number 11 using dummy_hcd [ 455.840570][T12562] smc: net device bond0 applied user defined pnetid SYZ0 [ 455.915894][T12563] smc: net device bond0 erased user defined pnetid SYZ0 [ 456.083074][ T5832] usb 2-1: USB disconnect, device number 8 [ 456.242513][T12569] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2459'. [ 456.286490][T12569] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2459'. [ 456.575556][T12574] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2461'. [ 456.649333][ T5868] usb 5-1: device descriptor read/8, error -71 [ 456.758941][ T5868] usb usb5-port1: unable to enumerate USB device [ 457.641264][T12599] libceph: resolve '4' (ret=-3): failed [ 458.498028][T12605] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2470'. [ 458.508385][T12605] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4) [ 458.666986][T12611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2474'. [ 458.766075][ T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 458.845190][T12616] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2475'. [ 458.940671][ T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 459.082983][ T9] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 459.117707][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 459.150324][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.224721][T12605] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 459.239939][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 459.275927][ T5832] usb 3-1: new low-speed USB device number 8 using dummy_hcd [ 459.616015][ T5832] usb 3-1: device descriptor read/64, error -71 [ 459.857378][ T5832] usb 3-1: new low-speed USB device number 9 using dummy_hcd [ 459.996069][ T5832] usb 3-1: device descriptor read/64, error -71 [ 460.116489][ T5832] usb usb3-port1: attempt power cycle [ 460.332911][T12638] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2482'. [ 460.418902][T12638] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2482'. [ 460.505899][ T5832] usb 3-1: new low-speed USB device number 10 using dummy_hcd [ 460.567788][ T5832] usb 3-1: device descriptor read/8, error -71 [ 460.805980][ T5832] usb 3-1: new low-speed USB device number 11 using dummy_hcd [ 460.872332][ T5832] usb 3-1: device descriptor read/8, error -71 [ 461.020234][T12649] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2486'. [ 461.056661][ T5832] usb usb3-port1: unable to enumerate USB device [ 461.104930][T12651] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2487'. [ 461.611068][ T55] Bluetooth: hci1: unexpected event for opcode 0x1804 [ 462.526450][ T5832] usb 4-1: USB disconnect, device number 10 [ 462.553019][T12669] netlink: 'syz.0.2494': attribute type 1 has an invalid length. [ 462.561439][T12669] netlink: 'syz.0.2494': attribute type 1 has an invalid length. [ 462.576138][T12669] netlink: 192 bytes leftover after parsing attributes in process `syz.0.2494'. [ 462.637411][T12668] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2494'. [ 462.972044][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.992885][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.253119][T12691] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2500'. [ 463.285875][T12691] netlink: 'syz.4.2500': attribute type 1 has an invalid length. [ 463.349002][T12691] 8021q: adding VLAN 0 to HW filter on device bond3 [ 463.502575][T12698] netlink: 'syz.2.2504': attribute type 1 has an invalid length. [ 463.517621][T12698] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2504'. [ 463.648152][T12702] autofs: Unknown parameter 'fd0x0000000000000000' [ 464.340006][T12706] netlink: 'syz.1.2507': attribute type 1 has an invalid length. [ 464.371651][T12706] netlink: 'syz.1.2507': attribute type 1 has an invalid length. [ 464.380804][T12706] netlink: 192 bytes leftover after parsing attributes in process `syz.1.2507'. [ 464.400748][T12711] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2507'. [ 465.787351][T12738] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2516'. [ 465.839263][T12738] netlink: 'syz.4.2516': attribute type 1 has an invalid length. [ 466.091695][T12738] 8021q: adding VLAN 0 to HW filter on device bond4 [ 466.376047][T12755] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2523'. [ 466.381841][T12756] netlink: 'syz.3.2522': attribute type 2 has an invalid length. [ 466.404263][T12755] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2523'. [ 466.437542][T12756] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2522'. [ 466.720154][T12770] netlink: 'syz.1.2528': attribute type 1 has an invalid length. [ 467.069152][T12781] netlink: zone id is out of range [ 467.100567][T12782] netlink: 'syz.3.2532': attribute type 1 has an invalid length. [ 467.315713][T12782] 8021q: adding VLAN 0 to HW filter on device bond3 [ 467.412770][T12789] gtp0: entered promiscuous mode [ 467.611854][T12798] fuse: Unknown parameter '00000000000000000000' [ 468.164110][T12819] rdma_rxe: rxe_newlink: failed to add lo [ 468.328817][T12825] gtp0: entered promiscuous mode [ 468.603830][T12838] bridge1: left allmulticast mode [ 468.612801][T12838] bridge2: left allmulticast mode [ 469.212291][T12851] fuse: Unknown parameter '00000000000000000000' [ 469.396903][T12855] xt_hashlimit: size too large, truncated to 1048576 [ 469.732905][T12861] __nla_validate_parse: 2 callbacks suppressed [ 469.732930][T12861] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2568'. [ 470.691509][T12887] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2576'. [ 471.322645][T12897] netlink: 'syz.0.2574': attribute type 2 has an invalid length. [ 471.375429][T12897] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2574'. [ 471.485057][T12900] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2581'. [ 471.752105][T12911] autofs: Unknown parameter 'fd0x0000000000000000' [ 471.959039][T12915] fuse: Unknown parameter 'user00000000000000000000' [ 473.183113][T12941] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2595'. [ 473.358133][T12943] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2591'. [ 474.172428][T12954] autofs: Unknown parameter 'fd0x0000000000000000' [ 474.887357][T12965] fuse: Unknown parameter 'user00000000000000000000' [ 476.794181][T13003] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2609'. [ 477.972612][T13023] netlink: 'syz.1.2616': attribute type 2 has an invalid length. [ 478.078061][T13023] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2616'. [ 479.307019][T13053] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2627'. [ 479.901136][T13063] autofs: Unknown parameter 'fd0x0000000000000000' [ 481.666086][ T55] Bluetooth: hci1: unexpected event for opcode 0x6e05 [ 481.901513][T13083] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2638'. [ 482.918292][T13096] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2640'. [ 483.594536][T13111] autofs: Unknown parameter 'fd0x0000000000000000' [ 484.538003][T13127] siw: device registration error -23 [ 484.991322][T13134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2652'. [ 485.782484][T13167] siw: device registration error -23 [ 486.444373][T13178] tipc: Started in network mode [ 486.470488][T13178] tipc: Node identity e685d18cf5ca, cluster identity 4711 [ 486.491858][T13178] tipc: Enabled bearer , priority 0 [ 486.597382][T13168] tipc: Disabling bearer [ 486.890086][ T55] Bluetooth: hci1: unexpected event for opcode 0x0428 [ 487.484448][T13226] tipc: Enabled bearer , priority 0 [ 487.894859][T13218] tipc: Disabling bearer [ 488.195657][T13245] process 'syz.1.2699' launched './file0' with NULL argv: empty string added [ 488.781434][T13264] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2706'. [ 489.600489][ T55] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 489.671495][ T55] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 490.094704][T13303] syzkaller1: entered promiscuous mode [ 490.133323][T13303] syzkaller1: entered allmulticast mode [ 490.426292][T13312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2726'. [ 490.452329][T13312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2726'. [ 490.471898][T13312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2726'. [ 490.597813][ T55] Bluetooth: hci4: unexpected subevent 0x05 length: 10 < 12 [ 491.045524][T13336] tipc: Enabled bearer , priority 0 [ 491.262296][T13337] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2731'. [ 491.804589][T13328] tipc: Disabling bearer [ 492.419476][T13369] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2745'. [ 493.151318][ T55] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 493.317961][T13386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2748'. [ 494.103692][T13395] tipc: Started in network mode [ 494.108814][T13395] tipc: Node identity fa3408a248fa, cluster identity 4711 [ 494.116418][T13395] tipc: Enabled bearer , priority 0 [ 494.229165][T13395] syzkaller0: entered promiscuous mode [ 494.234788][T13395] syzkaller0: entered allmulticast mode [ 494.241918][T13395] tipc: Resetting bearer [ 494.275187][T13390] tipc: Resetting bearer [ 495.140370][ T975] tipc: Node number set to 2999847074 [ 496.280597][T13390] tipc: Disabling bearer [ 496.440830][ T55] Bluetooth: hci2: connection err: -111 [ 496.949203][T13453] syzkaller1: entered promiscuous mode [ 496.954757][T13453] syzkaller1: entered allmulticast mode [ 496.972605][T13455] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2774'. [ 497.135612][T13459] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2776'. [ 497.772553][T13485] syzkaller1: entered promiscuous mode [ 497.790779][T13485] syzkaller1: entered allmulticast mode [ 497.852164][T13487] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2789'. [ 497.909890][ T52] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 498.076073][ T52] usb 5-1: Using ep0 maxpacket: 32 [ 498.098577][ T52] usb 5-1: unable to get BOS descriptor or descriptor too short [ 498.124779][ T52] usb 5-1: config 120 has an invalid interface number: 207 but max is 0 [ 498.142465][ T52] usb 5-1: config 120 has no interface number 0 [ 498.166050][ T52] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=6f.0b [ 498.187658][ T52] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.195956][ T52] usb 5-1: Product: syz [ 498.200482][ T52] usb 5-1: Manufacturer: syz [ 498.205158][ T52] usb 5-1: SerialNumber: syz [ 498.219682][ T52] r8152-cfgselector 5-1: Unknown version 0x0000 [ 498.499675][T13507] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2797'. [ 498.523090][T13507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2797'. [ 498.588370][T13511] netlink: zone id is out of range [ 498.593641][T13511] netlink: del zone limit has 4 unknown bytes [ 498.811339][T13517] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2802'. [ 498.864295][T13520] syzkaller1: entered promiscuous mode [ 498.874407][T13520] syzkaller1: entered allmulticast mode [ 498.974759][T13525] rdma_rxe: rxe_newlink: failed to add lo [ 499.074470][ T6564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 499.091256][ T6564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 499.334127][T13541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2812'. [ 499.351500][T13541] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2812'. [ 500.211764][T13553] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2816'. [ 500.634308][T13557] syzkaller1: entered promiscuous mode [ 500.678235][ T52] r8152-cfgselector 5-1: USB disconnect, device number 12 [ 500.686890][T13557] syzkaller1: entered allmulticast mode [ 501.021810][T13569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2824'. [ 501.231581][T13573] tipc: Enabling of bearer rejected, failed to enable media [ 501.649909][T13588] FAT-fs (nullb0): bogus number of reserved sectors [ 501.656998][T13588] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 501.853072][T13594] netlink: 'syz.4.2833': attribute type 4 has an invalid length. [ 501.894642][ T975] lo speed is unknown, defaulting to 1000 [ 501.905741][ T975] syz0: Port: 1 Link ACTIVE [ 501.923417][ T5884] lo speed is unknown, defaulting to 1000 [ 501.932879][T13597] syzkaller1: entered promiscuous mode [ 501.938960][T13597] syzkaller1: entered allmulticast mode [ 502.301997][T13608] __nla_validate_parse: 3 callbacks suppressed [ 502.302023][T13608] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2840'. [ 502.466166][T13614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2844'. [ 503.092743][T13636] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2855'. [ 503.334991][T13642] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 503.744266][T13648] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2856'. [ 503.871694][T13653] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2859'. [ 504.094979][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 504.106497][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 504.116811][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 504.125399][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 504.134061][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 504.227232][T13660] lo speed is unknown, defaulting to 1000 [ 504.242873][T13666] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2863'. [ 504.278377][T13660] lo speed is unknown, defaulting to 1000 [ 504.520064][T13675] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2867'. [ 504.692501][T13681] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2870'. [ 504.849572][ T52] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 504.990156][T13691] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2873'. [ 505.032432][T13660] chnl_net:caif_netlink_parms(): no params data found [ 505.055854][ T52] usb 2-1: Using ep0 maxpacket: 32 [ 505.063127][ T52] usb 2-1: config 0 has no interfaces? [ 505.074123][ T52] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 505.096192][ T52] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 505.104443][ T52] usb 2-1: Product: syz [ 505.141246][ T52] usb 2-1: Manufacturer: syz [ 505.151169][ T52] usb 2-1: SerialNumber: syz [ 505.197555][ T52] usb 2-1: config 0 descriptor?? [ 505.464173][T13660] bridge0: port 1(bridge_slave_0) entered blocking state [ 505.471671][T13660] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.480906][T13660] bridge_slave_0: entered allmulticast mode [ 505.489379][T13660] bridge_slave_0: entered promiscuous mode [ 505.498639][T13660] bridge0: port 2(bridge_slave_1) entered blocking state [ 505.512791][T13660] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.536183][T13660] bridge_slave_1: entered allmulticast mode [ 505.551290][T13660] bridge_slave_1: entered promiscuous mode [ 505.750750][T13660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 505.793864][T13660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 505.934855][ T9] usb 2-1: USB disconnect, device number 9 [ 506.006808][T13660] team0: Port device team_slave_0 added [ 506.064001][T13660] team0: Port device team_slave_1 added [ 506.138169][T13716] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2880'. [ 506.185462][T13660] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 506.205940][ T55] Bluetooth: hci4: command tx timeout [ 506.275713][T13660] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.310918][T13660] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 506.338320][T13660] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 506.355547][T13660] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.388126][T13660] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 506.596313][T13660] hsr_slave_0: entered promiscuous mode [ 506.603189][T13660] hsr_slave_1: entered promiscuous mode [ 506.629264][T13660] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 506.642301][T13660] Cannot create hsr debugfs directory [ 506.757150][T13728] syzkaller1: entered promiscuous mode [ 506.776382][T13728] syzkaller1: entered allmulticast mode [ 506.902015][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 506.920791][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 507.150162][T13748] netlink: 'syz.3.2891': attribute type 1 has an invalid length. [ 507.168889][T13748] netlink: 'syz.3.2891': attribute type 1 has an invalid length. [ 507.340873][T13756] rdma_rxe: rxe_newlink: failed to add lo [ 507.708912][T13767] syzkaller1: entered promiscuous mode [ 507.714631][T13767] syzkaller1: entered allmulticast mode [ 507.987627][T13769] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 508.004053][T13769] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 508.062921][T13769] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.073393][T13769] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.082705][T13769] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.093256][T13769] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.133899][T13769] bridge1: left allmulticast mode [ 508.141630][T13769] macsec0: left promiscuous mode [ 508.149496][T13769] gtp0: left promiscuous mode [ 508.180706][T13660] bond0: (slave netdevsim0): Releasing backup interface [ 508.285943][ T55] Bluetooth: hci4: command tx timeout [ 508.354943][T12242] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 508.382695][T12242] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 508.672545][T13794] rdma_rxe: rxe_newlink: failed to add lo [ 508.727243][T13660] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 508.862789][T13660] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 508.892223][T13660] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 509.018538][T13660] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 509.455523][T13660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 509.481774][T13660] 8021q: adding VLAN 0 to HW filter on device team0 [ 509.559915][ T6564] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.567154][ T6564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 509.637573][ T6564] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.644827][ T6564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 509.668567][T13820] syzkaller1: entered promiscuous mode [ 509.674104][T13820] syzkaller1: entered allmulticast mode [ 509.968155][ T6564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 510.005865][ T6564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 510.301006][T13849] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 510.320315][T13851] __nla_validate_parse: 2 callbacks suppressed [ 510.320338][T13851] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2923'. [ 510.366180][ T55] Bluetooth: hci4: command tx timeout [ 510.548784][T13856] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2924'. [ 510.674323][T13859] netlink: 'syz.1.2924': attribute type 1 has an invalid length. [ 510.706803][T13660] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 510.834454][T13859] 8021q: adding VLAN 0 to HW filter on device bond1 [ 511.007807][T13866] syzkaller1: entered promiscuous mode [ 511.021259][T13866] syzkaller1: entered allmulticast mode [ 511.133585][T13660] veth0_vlan: entered promiscuous mode [ 511.193418][T13660] veth1_vlan: entered promiscuous mode [ 511.464504][T13881] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2929'. [ 512.144551][T13660] veth0_macvtap: entered promiscuous mode [ 512.290391][T13660] veth1_macvtap: entered promiscuous mode [ 512.353415][T13660] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 512.363899][T13898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2934'. [ 512.415504][T13660] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 512.446104][ T55] Bluetooth: hci4: command tx timeout [ 512.459983][T13660] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.475921][T13660] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.487061][T13660] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.496489][T13660] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.501468][T13901] rdma_rxe: rxe_newlink: failed to add lo [ 512.622731][T13904] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 512.716480][T12273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 512.741468][T12273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 512.763644][T13913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2938'. [ 512.792928][T13913] netlink: 'syz.2.2938': attribute type 1 has an invalid length. [ 512.959847][T13913] 8021q: adding VLAN 0 to HW filter on device bond2 [ 513.107832][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.135599][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.303223][T13924] syzkaller1: entered promiscuous mode [ 513.317372][T13924] syzkaller1: entered allmulticast mode [ 514.032219][T13947] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2942'. [ 514.811741][T13958] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2947'. [ 515.279503][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 515.294428][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 515.305009][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 515.338406][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 515.353499][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 515.456949][T13985] syzkaller0: tun_chr_ioctl cmd 1074025680 [ 515.641236][T13975] lo speed is unknown, defaulting to 1000 [ 515.658634][T13975] lo speed is unknown, defaulting to 1000 [ 515.816573][T13823] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 516.008783][T13823] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 516.039767][T13823] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 516.064337][T13823] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 516.106019][T13823] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.152804][T12295] bridge_slave_1: left allmulticast mode [ 516.189258][T12295] bridge_slave_1: left promiscuous mode [ 516.197504][T13823] usb 5-1: config 0 descriptor?? [ 516.201723][T12295] bridge0: port 2(bridge_slave_1) entered disabled state [ 516.283648][T13823] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 516.291070][T13823] dvb-usb: bulk message failed: -22 (3/0) [ 516.330707][T12295] bridge_slave_0: left allmulticast mode [ 516.341015][T12295] bridge_slave_0: left promiscuous mode [ 516.360749][T12295] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.370437][T13823] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 516.415064][T13823] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 516.444214][T13823] usb 5-1: media controller created [ 516.480063][T13823] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 516.563546][T13823] dvb-usb: bulk message failed: -22 (6/0) [ 516.581204][T13823] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 516.604409][T13823] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input9 [ 516.656991][T13823] dvb-usb: schedule remote query interval to 150 msecs. [ 516.676447][T13823] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 516.694441][T13823] usb 5-1: USB disconnect, device number 13 [ 516.864162][T13823] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 517.426075][ T5845] Bluetooth: hci0: command tx timeout [ 518.369265][T12295] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 518.389735][T12295] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 518.402718][T12295] bond0 (unregistering): Released all slaves [ 518.525768][T12295] bond1 (unregistering): Released all slaves [ 518.680332][T12295] bond2 (unregistering): Released all slaves [ 518.891570][T12295] : left promiscuous mode [ 519.485986][ T5845] Bluetooth: hci0: command tx timeout [ 519.981136][T14067] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input10 [ 519.990936][T12295] : left promiscuous mode [ 520.202197][T12295] tipc: Left network mode [ 520.893433][T13975] chnl_net:caif_netlink_parms(): no params data found [ 521.566085][ T5845] Bluetooth: hci0: command tx timeout [ 522.061804][T14131] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input11 [ 523.493281][T12295] hsr_slave_0: left promiscuous mode [ 523.514309][T12295] hsr_slave_1: left promiscuous mode [ 523.531800][T12295] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 523.557343][T12295] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 523.649620][ T5845] Bluetooth: hci0: command tx timeout [ 523.922793][T12295] team0 (unregistering): Port device team_slave_1 removed [ 523.973360][T12295] team0 (unregistering): Port device team_slave_0 removed [ 524.578353][T13975] bridge0: port 1(bridge_slave_0) entered blocking state [ 524.610604][T13975] bridge0: port 1(bridge_slave_0) entered disabled state [ 524.624736][T13975] bridge_slave_0: entered allmulticast mode [ 524.634026][T13975] bridge_slave_0: entered promiscuous mode [ 524.746183][T13975] bridge0: port 2(bridge_slave_1) entered blocking state [ 524.773848][T13975] bridge0: port 2(bridge_slave_1) entered disabled state [ 524.796107][T13975] bridge_slave_1: entered allmulticast mode [ 524.820529][T13975] bridge_slave_1: entered promiscuous mode [ 525.000871][T13975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 525.051667][T13975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 525.432990][T13975] team0: Port device team_slave_0 added [ 526.384029][T14200] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input12 [ 526.774772][T14183] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.782652][T14183] bridge0: port 1(bridge_slave_0) entered disabled state [ 527.058726][T14183] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 527.073667][T14183] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 527.165560][T14183] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.175124][T14183] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.184090][T14183] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.193330][T14183] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.258522][T13975] team0: Port device team_slave_1 added [ 527.380559][T13975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 527.407120][T14220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3009'. [ 527.426087][T13975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 527.465527][T13975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 527.528484][T13975] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 527.535510][T13975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 527.563482][T13975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 528.622409][T14243] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input13 [ 528.803320][T13975] hsr_slave_0: entered promiscuous mode [ 528.849260][T13975] hsr_slave_1: entered promiscuous mode [ 530.444662][ T5845] Bluetooth: hci2: unexpected event for opcode 0x0428 [ 531.893712][T14303] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input14 [ 532.238349][T13975] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 532.343454][T13975] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 533.022226][T13975] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 533.077912][T13975] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 533.413571][T13975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 533.543139][T13975] 8021q: adding VLAN 0 to HW filter on device team0 [ 533.680146][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 533.687405][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 533.742672][T12273] bridge0: port 2(bridge_slave_1) entered blocking state [ 533.749922][T12273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 533.989184][T13975] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 533.999674][T13975] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 534.146132][T14353] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input15 [ 534.242658][T14360] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3045'. [ 534.573104][T14373] rose0: entered promiscuous mode [ 534.592299][T14373] bond0: (slave rose0): Enslaving as an active interface with an up link [ 534.740517][T13975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 534.931639][T13975] veth0_vlan: entered promiscuous mode [ 534.973518][T13975] veth1_vlan: entered promiscuous mode [ 535.132976][T13975] veth0_macvtap: entered promiscuous mode [ 535.162426][T13975] veth1_macvtap: entered promiscuous mode [ 535.231078][T13975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 535.277361][T13975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 535.581146][T14408] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input16 [ 535.673181][T13975] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.701653][T13975] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.721009][T13975] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.740956][T13975] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 536.032338][ T5845] Bluetooth: hci3: unexpected event for opcode 0x0428 [ 536.184677][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.217587][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.359260][ T6564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.391463][ T6564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.496378][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.514794][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.902389][T14445] tipc: Enabling of bearer rejected, failed to enable media [ 538.441587][T14464] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input17 [ 538.607918][T14471] block device autoloading is deprecated and will be removed. [ 539.327194][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 539.338544][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 539.356073][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 539.369928][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 539.377952][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 539.622501][T14477] lo speed is unknown, defaulting to 1000 [ 539.637652][T14477] lo speed is unknown, defaulting to 1000 [ 539.784335][T14489] netlink: zone id is out of range [ 539.815881][T14489] netlink: del zone limit has 8 unknown bytes [ 540.249878][T14501] tipc: Enabling of bearer rejected, failed to enable media [ 540.998918][T14477] chnl_net:caif_netlink_parms(): no params data found [ 541.116496][T14535] fuse: Bad value for 'fd' [ 541.531498][ T55] Bluetooth: hci3: command tx timeout [ 541.986210][T14541] netlink: zone id is out of range [ 542.006295][T14541] netlink: del zone limit has 4 unknown bytes [ 542.330068][T14477] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.372806][T14477] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.403331][T14477] bridge_slave_0: entered allmulticast mode [ 542.438468][T14477] bridge_slave_0: entered promiscuous mode [ 542.462687][T14477] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.506052][T14477] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.520148][T14477] bridge_slave_1: entered allmulticast mode [ 542.538904][T14477] bridge_slave_1: entered promiscuous mode [ 542.600742][T14563] tipc: Enabling of bearer rejected, failed to enable media [ 542.720716][T14477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 542.769324][T14477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 543.010753][T14477] team0: Port device team_slave_0 added [ 543.067394][T14477] team0: Port device team_slave_1 added [ 543.277381][T14477] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 543.301589][T14477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 543.373428][T14477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 543.394644][T14477] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 543.402573][T14477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 543.439304][T14477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 543.570149][ T55] Bluetooth: hci3: command tx timeout [ 543.875309][T14477] hsr_slave_0: entered promiscuous mode [ 543.905516][T14477] hsr_slave_1: entered promiscuous mode [ 543.926715][T14477] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 543.952663][T14477] Cannot create hsr debugfs directory [ 544.467215][T14610] tipc: Enabling of bearer rejected, failed to enable media [ 545.647513][ T5845] Bluetooth: hci3: command tx timeout [ 546.149298][T14477] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 546.175455][T14477] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 546.267035][T14477] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 546.361376][T14477] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 546.770288][T14477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 546.811997][T14666] tipc: Enabling of bearer rejected, failed to enable media [ 546.861009][T14477] 8021q: adding VLAN 0 to HW filter on device team0 [ 546.941638][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.948837][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 547.001760][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.008970][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 547.726089][ T5845] Bluetooth: hci3: command 0x0419 tx timeout [ 548.348517][T14477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 549.381747][T14477] veth0_vlan: entered promiscuous mode [ 549.393541][T14477] veth1_vlan: entered promiscuous mode [ 549.490219][T14477] veth0_macvtap: entered promiscuous mode [ 549.547194][T14477] veth1_macvtap: entered promiscuous mode [ 549.589986][T14694] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input18 [ 549.717011][T14477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.775905][T14477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.805953][ T55] Bluetooth: hci3: command 0x0419 tx timeout [ 549.866804][T14477] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 549.906637][T14477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.923228][T14477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.944706][T14477] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 549.971643][T14477] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.991269][T14477] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.003400][T14477] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.014070][T14477] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.318732][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.338489][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.364948][T14718] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3132'. [ 551.395203][T14718] vlan2: entered promiscuous mode [ 551.577618][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.586454][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.752562][ T5845] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 551.762823][ T5845] CPU: 0 UID: 0 PID: 5845 Comm: kworker/u9:6 Not tainted 6.14.0-syzkaller-13189-ge48e99b6edf4 #0 PREEMPT(full) [ 551.762853][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 551.762869][ T5845] Workqueue: hci1 hci_rx_work [ 551.762929][ T5845] Call Trace: [ 551.762938][ T5845] [ 551.762948][ T5845] dump_stack_lvl+0x241/0x360 [ 551.762984][ T5845] ? __pfx_dump_stack_lvl+0x10/0x10 [ 551.763013][ T5845] ? __pfx__printk+0x10/0x10 [ 551.763040][ T5845] ? kernfs_path_from_node+0x2b/0x250 [ 551.763074][ T5845] ? kernfs_path_from_node+0x217/0x250 [ 551.763104][ T5845] sysfs_create_dir_ns+0x2fd/0x3f0 [ 551.763143][ T5845] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 551.763182][ T5845] kobject_add_internal+0x435/0x8d0 [ 551.763219][ T5845] kobject_add+0x15b/0x230 [ 551.763245][ T5845] ? do_raw_spin_unlock+0x13c/0x8b0 [ 551.763275][ T5845] ? device_add+0x3e7/0xbf0 [ 551.763300][ T5845] ? __pfx_kobject_add+0x10/0x10 [ 551.763326][ T5845] ? _raw_spin_unlock+0x28/0x50 [ 551.763351][ T5845] ? get_device_parent+0x165/0x410 [ 551.763379][ T5845] device_add+0x4e5/0xbf0 [ 551.763411][ T5845] hci_conn_add_sysfs+0xe8/0x200 [ 551.763444][ T5845] le_conn_complete_evt+0xc6e/0x12a0 [ 551.763484][ T5845] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 551.763506][ T5845] ? __mutex_unlock_slowpath+0x229/0x800 [ 551.763535][ T5845] ? __skb_clone+0x5c/0x6d0 [ 551.763561][ T5845] ? skb_pull_data+0x112/0x230 [ 551.763593][ T5845] hci_le_conn_complete_evt+0x18c/0x420 [ 551.763626][ T5845] hci_event_packet+0xa5c/0x1550 [ 551.763663][ T5845] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 551.763691][ T5845] ? __pfx_hci_event_packet+0x10/0x10 [ 551.763728][ T5845] ? kcov_remote_start+0x430/0x7d0 [ 551.763759][ T5845] ? lockdep_hardirqs_on+0x9d/0x150 [ 551.763787][ T5845] ? hci_send_to_monitor+0xdc/0x530 [ 551.763815][ T5845] hci_rx_work+0x3f3/0xdb0 [ 551.763859][ T5845] ? process_scheduled_works+0x9cb/0x18e0 [ 551.763882][ T5845] process_scheduled_works+0xac3/0x18e0 [ 551.763937][ T5845] ? __pfx_process_scheduled_works+0x10/0x10 [ 551.763971][ T5845] ? assign_work+0x367/0x3d0 [ 551.764000][ T5845] worker_thread+0x870/0xd50 [ 551.764042][ T5845] ? __kthread_parkme+0x1a8/0x200 [ 551.764072][ T5845] ? __pfx_worker_thread+0x10/0x10 [ 551.764096][ T5845] kthread+0x7b7/0x940 [ 551.764136][ T5845] ? __pfx_worker_thread+0x10/0x10 [ 551.764162][ T5845] ? __pfx_kthread+0x10/0x10 [ 551.764188][ T5845] ? __pfx_kthread+0x10/0x10 [ 551.764215][ T5845] ? __pfx_kthread+0x10/0x10 [ 551.764242][ T5845] ? __pfx_kthread+0x10/0x10 [ 551.764268][ T5845] ? _raw_spin_unlock_irq+0x23/0x50 [ 551.764287][ T5845] ? lockdep_hardirqs_on+0x9d/0x150 [ 551.764310][ T5845] ? __pfx_kthread+0x10/0x10 [ 551.764338][ T5845] ret_from_fork+0x4b/0x80 [ 551.764359][ T5845] ? __pfx_kthread+0x10/0x10 [ 551.764387][ T5845] ret_from_fork_asm+0x1a/0x30 [ 551.764437][ T5845] [ 551.764472][ T5845] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 552.065559][ T5845] Bluetooth: hci1: failed to register connection device [ 552.192894][T14736] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3138'. [ 552.281489][T14739] netlink: 'syz.3.3138': attribute type 1 has an invalid length. [ 553.226374][ T5884] usb 3-1: new low-speed USB device number 12 using dummy_hcd [ 553.386323][ T5884] usb 3-1: device descriptor read/64, error -71 [ 553.408446][T14768] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3150'. [ 553.665962][ T5884] usb 3-1: new low-speed USB device number 13 using dummy_hcd [ 553.781378][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 553.791147][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 553.799132][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 553.817778][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 553.823213][T14780] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3153'. [ 553.836954][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 553.846337][ T5884] usb 3-1: device descriptor read/64, error -71 [ 553.878078][T14780] netlink: 'syz.0.3153': attribute type 1 has an invalid length. [ 553.920480][T14780] 8021q: adding VLAN 0 to HW filter on device bond1 [ 553.957422][ T5884] usb usb3-port1: attempt power cycle [ 554.002133][T14776] lo speed is unknown, defaulting to 1000 [ 554.040631][T14776] lo speed is unknown, defaulting to 1000 [ 554.335904][ T5884] usb 3-1: new low-speed USB device number 14 using dummy_hcd [ 554.363052][ T5884] usb 3-1: device descriptor read/8, error -71 [ 554.605924][ T5884] usb 3-1: new low-speed USB device number 15 using dummy_hcd [ 554.645940][ T5884] usb 3-1: device descriptor read/8, error -71 [ 554.758684][ T5884] usb usb3-port1: unable to enumerate USB device [ 554.939572][T14801] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3162'. [ 555.298721][T14808] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3164'. [ 556.108039][ T5845] Bluetooth: hci1: command tx timeout [ 556.196388][T14810] netlink: 'syz.0.3164': attribute type 1 has an invalid length. [ 556.425217][T14810] 8021q: adding VLAN 0 to HW filter on device bond2 [ 556.481893][T14776] chnl_net:caif_netlink_parms(): no params data found [ 556.891190][T14825] bridge0: port 2(bridge_slave_1) entered disabled state [ 556.899047][T14825] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.239431][T14825] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 557.272665][T14825] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 557.400096][T14825] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.416863][T14825] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.437929][T14825] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.447468][T14825] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.853096][T14863] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3175'. [ 558.077404][T14866] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3173'. [ 558.795919][ T5845] Bluetooth: hci1: command tx timeout [ 558.913777][T14871] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3174'. [ 559.192401][T14863] bridge_slave_1 (unregistering): left allmulticast mode [ 559.232510][T14863] bridge_slave_1 (unregistering): left promiscuous mode [ 559.366080][T14863] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.593316][T14776] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.622062][T14776] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.686045][T14776] bridge_slave_0: entered allmulticast mode [ 559.694073][T14776] bridge_slave_0: entered promiscuous mode [ 559.740723][T14776] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.765601][T14776] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.776533][T14776] bridge_slave_1: entered allmulticast mode [ 559.784653][T14776] bridge_slave_1: entered promiscuous mode [ 559.786128][T14883] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3178'. [ 559.828334][T14886] netlink: 'syz.3.3178': attribute type 1 has an invalid length. [ 559.930425][T14776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 559.954422][T14776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 560.112752][T14776] team0: Port device team_slave_0 added [ 560.136275][T14776] team0: Port device team_slave_1 added [ 560.294062][T14776] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 560.339615][T14776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 560.370636][T14776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 560.550204][T14900] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.557800][T14900] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.566943][ T52] usb 4-1: new low-speed USB device number 11 using dummy_hcd [ 560.659584][T14887] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 560.706165][ T52] usb 4-1: device descriptor read/64, error -71 [ 560.847164][ T55] Bluetooth: hci1: command tx timeout [ 560.946814][ T52] usb 4-1: new low-speed USB device number 12 using dummy_hcd [ 561.067683][T14900] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 561.101691][ T52] usb 4-1: device descriptor read/64, error -71 [ 561.121877][T14900] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 561.237951][ T52] usb usb4-port1: attempt power cycle [ 561.293698][T14900] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.315395][T14900] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.325488][T14900] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.334908][T14900] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.502894][T14776] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 561.523199][T14776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 561.557448][T14776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 561.599987][ T52] usb 4-1: new low-speed USB device number 13 using dummy_hcd [ 561.810594][ T52] usb 4-1: device descriptor read/8, error -71 [ 562.635935][ T52] usb 4-1: new low-speed USB device number 14 using dummy_hcd [ 562.849454][T14776] hsr_slave_0: entered promiscuous mode [ 562.876115][ T52] usb 4-1: device descriptor read/8, error -71 [ 562.876464][T14776] hsr_slave_1: entered promiscuous mode [ 562.902641][T14776] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 562.911865][T14776] Cannot create hsr debugfs directory [ 562.932236][ T55] Bluetooth: hci1: command tx timeout [ 562.993248][ T52] usb usb4-port1: unable to enumerate USB device [ 563.079597][T14918] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3190'. [ 563.128041][T14918] netlink: 'syz.0.3190': attribute type 1 has an invalid length. [ 563.155205][T14842] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 563.242746][T14919] syzkaller0: entered promiscuous mode [ 563.248384][T14919] syzkaller0: entered allmulticast mode [ 563.284524][T14918] 8021q: adding VLAN 0 to HW filter on device bond3 [ 563.315957][T14842] usb 2-1: Using ep0 maxpacket: 32 [ 563.341274][T14842] usb 2-1: config 0 has no interfaces? [ 563.384145][T14842] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 563.393513][T14842] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 563.422826][T14842] usb 2-1: Product: syz [ 563.441851][T14842] usb 2-1: Manufacturer: syz [ 563.463917][T14842] usb 2-1: SerialNumber: syz [ 563.502768][T14842] usb 2-1: config 0 descriptor?? [ 564.002762][ T52] usb 2-1: USB disconnect, device number 10 [ 565.318287][T14951] 9pnet_fd: Insufficient options for proto=fd [ 565.548372][T14957] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3201'. [ 565.581530][T14957] netlink: 'syz.3.3201': attribute type 1 has an invalid length. [ 566.285894][T14832] usb 2-1: new low-speed USB device number 11 using dummy_hcd [ 567.142526][T14965] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 567.176067][T14832] usb 2-1: device descriptor read/64, error -71 [ 567.516527][T14832] usb 2-1: new low-speed USB device number 12 using dummy_hcd [ 567.549706][T14776] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 567.766772][T14776] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 567.806483][T14832] usb 2-1: device descriptor read/64, error -71 [ 567.917556][T14832] usb usb2-port1: attempt power cycle [ 568.775691][T14776] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 568.904684][T14776] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 569.036050][T14832] usb 2-1: new low-speed USB device number 13 using dummy_hcd [ 569.280048][T14988] syzkaller0: entered promiscuous mode [ 569.288509][T14988] syzkaller0: entered allmulticast mode [ 570.394947][T14832] usb 2-1: device descriptor read/8, error -71 [ 572.763075][T14776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 572.891940][T14776] 8021q: adding VLAN 0 to HW filter on device team0 [ 572.933937][T12242] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.941163][T12242] bridge0: port 1(bridge_slave_0) entered forwarding state [ 572.981476][T12242] bridge0: port 2(bridge_slave_1) entered blocking state [ 572.988698][T12242] bridge0: port 2(bridge_slave_1) entered forwarding state [ 574.953523][T15043] syzkaller0: entered promiscuous mode [ 574.965702][T15043] syzkaller0: entered allmulticast mode [ 575.381056][T15066] rdma_rxe: rxe_newlink: failed to add lo [ 576.830340][T14776] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 577.016995][ T5954] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 577.307614][ T5954] usb 3-1: Using ep0 maxpacket: 32 [ 577.490637][ T5954] usb 3-1: config 0 has no interfaces? [ 577.685887][ T5954] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 577.745502][ T5954] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 577.833263][ T5954] usb 3-1: Product: syz [ 577.851510][ T5954] usb 3-1: Manufacturer: syz [ 577.868226][ T5954] usb 3-1: SerialNumber: syz [ 577.894856][ T5954] usb 3-1: config 0 descriptor?? [ 578.123858][T14776] veth0_vlan: entered promiscuous mode [ 578.151649][T14776] veth1_vlan: entered promiscuous mode [ 578.288018][T14776] veth0_macvtap: entered promiscuous mode [ 578.324457][T14776] veth1_macvtap: entered promiscuous mode [ 578.389571][T14776] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 578.411943][T14776] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 578.475424][T14776] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.518011][T14776] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.572941][T14776] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.376357][T14776] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.401128][ T5954] usb 3-1: USB disconnect, device number 16 [ 579.658093][T12273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.690080][T12273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.776581][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.820212][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.931398][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.958152][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 582.906058][T14842] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 583.107492][ T5954] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 583.299429][ T5954] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 583.443096][ T5954] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 583.700328][ T5954] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 583.745828][ T5954] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 583.803353][ T5954] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 583.835839][T14842] usb 3-1: Using ep0 maxpacket: 32 [ 583.842714][T14842] usb 3-1: config 0 has no interfaces? [ 583.850758][T14842] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 583.867965][ T5954] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 583.875850][T14842] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 583.885598][T14842] usb 3-1: Product: syz [ 583.895962][T14842] usb 3-1: Manufacturer: syz [ 583.896396][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 583.900580][T14842] usb 3-1: SerialNumber: syz [ 583.915237][T14842] usb 3-1: config 0 descriptor?? [ 583.949135][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 583.960657][ T5954] usb 4-1: Product: syz [ 583.965007][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 583.973444][ T5954] usb 4-1: Manufacturer: syz [ 583.979554][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 584.001629][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 584.010731][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 584.023150][ T5954] cdc_wdm 4-1:1.0: skipping garbage [ 584.029029][ T5954] cdc_wdm 4-1:1.0: skipping garbage [ 584.042024][ T5954] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 584.052541][ T5954] cdc_wdm 4-1:1.0: Unknown control protocol [ 584.145636][T15174] fuse: Bad value for 'group_id' [ 584.163009][T15174] fuse: Bad value for 'group_id' [ 584.255629][ T5954] usb 4-1: USB disconnect, device number 15 [ 584.302300][T15170] lo speed is unknown, defaulting to 1000 [ 584.334183][T15170] lo speed is unknown, defaulting to 1000 [ 584.450991][ T52] usb 3-1: USB disconnect, device number 17 [ 585.317887][T15170] chnl_net:caif_netlink_parms(): no params data found [ 585.737544][T15170] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.753570][T15170] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.771198][T15170] bridge_slave_0: entered allmulticast mode [ 585.791802][T15170] bridge_slave_0: entered promiscuous mode [ 585.822778][T15170] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.839084][T15170] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.855361][T15170] bridge_slave_1: entered allmulticast mode [ 585.892608][T15170] bridge_slave_1: entered promiscuous mode [ 586.045905][ T5845] Bluetooth: hci5: command tx timeout [ 586.092218][ T30] audit: type=1326 audit(1743790895.864:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15245 comm="syz.3.3296" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe9a9d8d169 code=0x0 [ 586.131933][T15170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 586.364759][T15170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 586.489990][T15170] team0: Port device team_slave_0 added [ 586.512667][T15170] team0: Port device team_slave_1 added [ 586.595899][ T5868] usb 3-1: new low-speed USB device number 18 using dummy_hcd [ 586.680615][T15170] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 586.704118][T15170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 586.748356][ T5868] usb 3-1: device descriptor read/64, error -71 [ 586.772322][T15170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 586.791625][T15170] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 586.804205][T15170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 586.836234][T15170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 587.001943][ T5868] usb 3-1: new low-speed USB device number 19 using dummy_hcd [ 587.034281][T15170] hsr_slave_0: entered promiscuous mode [ 587.053537][T15170] hsr_slave_1: entered promiscuous mode [ 587.071640][T15170] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 587.102109][T15170] Cannot create hsr debugfs directory [ 587.146208][ T5868] usb 3-1: device descriptor read/64, error -71 [ 587.149879][T15268] netlink: 'syz.3.3301': attribute type 37 has an invalid length. [ 587.424029][ T5868] usb usb3-port1: attempt power cycle [ 588.126020][ T5845] Bluetooth: hci5: command 0x041b tx timeout [ 588.139754][T15273] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 588.146111][T15273] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 588.198600][T15273] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 588.204570][T15273] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 588.213669][T15273] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 588.219667][T15273] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 588.230441][T15273] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 588.236469][T15273] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 588.252244][T15273] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 588.258679][T15273] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 588.446065][ T5868] usb 3-1: new low-speed USB device number 20 using dummy_hcd [ 588.613380][ T5868] usb 3-1: device descriptor read/8, error -71 [ 588.925928][ T5868] usb 3-1: new low-speed USB device number 21 using dummy_hcd [ 588.972827][ T5868] usb 3-1: device descriptor read/8, error -71 [ 589.225484][ T5868] usb usb3-port1: unable to enumerate USB device [ 589.468855][T15277] sp0: Synchronizing with TNC [ 589.958856][T15170] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 590.051772][T15170] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 590.100402][T15170] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 590.111554][T15304] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3317'. [ 590.131001][T15170] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 590.415842][T15310] netlink: 'syz.4.3317': attribute type 1 has an invalid length. [ 591.311415][T15170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 591.361490][T15170] 8021q: adding VLAN 0 to HW filter on device team0 [ 591.409810][ T6564] bridge0: port 1(bridge_slave_0) entered blocking state [ 591.417042][ T6564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 591.430346][ T6564] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.437565][ T6564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 593.063528][T15339] autofs: Unknown parameter 'fd0x0000000000000000' [ 593.993987][T15361] Bluetooth: MGMT ver 1.23 [ 594.160348][T15170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 594.347042][T15170] veth0_vlan: entered promiscuous mode [ 594.414410][T15170] veth1_vlan: entered promiscuous mode [ 595.310281][T15170] veth0_macvtap: entered promiscuous mode [ 595.338785][T15170] veth1_macvtap: entered promiscuous mode [ 595.360719][T15170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 595.373113][T15170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 595.386931][T15170] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 595.413081][T15170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 595.455835][T15170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 595.468559][T15170] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 595.555519][T15170] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 595.651206][T15388] autofs: Unknown parameter 'fd0x0000000000000000' [ 595.682831][T15170] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 595.747985][T15170] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 595.786116][T15170] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 596.902190][T12242] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 596.912648][T12242] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 597.040663][T12273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 597.059733][T12273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 598.395254][T15422] gtp0: entered promiscuous mode [ 598.527992][T15428] autofs: Unknown parameter 'fd0x0000000000000000' [ 604.342211][T15479] usb usb1: usbfs: process 15479 (syz.3.3369) did not claim interface 0 before use [ 604.401513][T15479] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 606.887384][T15534] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.3389'. [ 611.847897][T15601] autofs: Unknown parameter 'fd0x0000000000000000' [ 612.205927][T14837] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 612.697675][T14837] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 612.728106][T14837] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 612.971258][T14837] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 612.985833][T14837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 612.993895][T14837] usb 2-1: SerialNumber: syz [ 613.023966][T14837] cdc_ether 2-1:1.0: skipping garbage [ 613.030662][T14837] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 613.051261][T14837] usb-storage 2-1:1.0: USB Mass Storage device detected [ 613.137606][T14837] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 613.701097][T14837] usb 2-1: USB disconnect, device number 15 [ 614.472198][T15645] autofs: Unknown parameter 'fd0x0000000000000000' [ 615.146488][T15661] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3438'. [ 615.191589][T15661] netlink: 'syz.1.3438': attribute type 1 has an invalid length. [ 616.721515][T15689] fuse: Bad value for 'user_id' [ 616.735887][T15689] fuse: Bad value for 'user_id' [ 617.106013][T15696] autofs: Unknown parameter 'fd0x0000000000000000' [ 618.368234][T15713] ======================================================= [ 618.368234][T15713] WARNING: The mand mount option has been deprecated and [ 618.368234][T15713] and is ignored by this kernel. Remove the mand [ 618.368234][T15713] option from the mount to silence this warning. [ 618.368234][T15713] ======================================================= [ 618.586677][T15722] fuse: Bad value for 'fd' [ 619.666671][T15734] 8021q: VLANs not supported on ipvlan1 [ 619.931635][T15742] lo speed is unknown, defaulting to 1000 [ 619.969243][T15742] lo speed is unknown, defaulting to 1000 [ 620.281642][T15750] 9pnet_fd: Insufficient options for proto=fd [ 620.832927][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 620.842333][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 620.853722][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 620.863644][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 620.873471][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 621.002809][T15761] lo speed is unknown, defaulting to 1000 [ 621.026624][T15761] lo speed is unknown, defaulting to 1000 [ 621.203889][T15773] vlan3: entered promiscuous mode [ 621.219417][T15773] vlan2: entered promiscuous mode [ 621.237010][T15773] gretap0: entered promiscuous mode [ 622.651122][T15790] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3486'. [ 622.713387][T15793] fuse: Bad value for 'fd' [ 622.723800][T15794] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input20 [ 622.808552][T15761] chnl_net:caif_netlink_parms(): no params data found [ 622.925933][ T55] Bluetooth: hci2: command tx timeout [ 623.282621][T15761] bridge0: port 1(bridge_slave_0) entered blocking state [ 623.328503][T15761] bridge0: port 1(bridge_slave_0) entered disabled state [ 623.362840][T15761] bridge_slave_0: entered allmulticast mode [ 623.391905][T15761] bridge_slave_0: entered promiscuous mode [ 623.424385][T15761] bridge0: port 2(bridge_slave_1) entered blocking state [ 623.440995][T15761] bridge0: port 2(bridge_slave_1) entered disabled state [ 623.458775][T15761] bridge_slave_1: entered allmulticast mode [ 623.496711][T15761] bridge_slave_1: entered promiscuous mode [ 623.986143][T14832] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 624.078748][T15761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 624.412017][T15761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 624.559681][T15761] team0: Port device team_slave_0 added [ 624.581379][T15761] team0: Port device team_slave_1 added [ 624.652195][T15761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 624.659471][T15761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 624.686699][T15761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 624.737556][T15761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 624.744596][T15761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 624.772461][T14832] usb 3-1: device descriptor read/64, error -71 [ 624.782318][T15761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 624.835356][T15831] fuse: Bad value for 'fd' [ 624.931672][T15832] ------------[ cut here ]------------ [ 624.937952][T15832] WARNING: CPU: 0 PID: 15832 at ./include/linux/memcontrol.h:361 folio_memcg+0x1a6/0x310 [ 624.948728][T15832] Modules linked in: [ 624.953325][T15832] CPU: 0 UID: 0 PID: 15832 Comm: syz.1.3498 Not tainted 6.14.0-syzkaller-13189-ge48e99b6edf4 #0 PREEMPT(full) [ 624.965132][T15832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 624.975599][T15832] RIP: 0010:folio_memcg+0x1a6/0x310 [ 624.980936][T15832] Code: 42 80 3c 28 00 74 08 4c 89 ff e8 e5 a7 1d 00 4d 8b 3f 4c 89 f8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 0b 0f b6 ff 90 <0f> 0b 90 eb c6 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ff fe ff ff [ 624.984897][T15761] hsr_slave_0: entered promiscuous mode [ 625.000829][T15832] RSP: 0018:ffffc90004b3f178 EFLAGS: 00010283 [ 625.013981][T15832] RAX: ffffffff820d37b5 RBX: 0000000000000000 RCX: 0000000000080000 [ 625.016928][T14832] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 625.023007][T15832] RDX: ffffc9001b7b1000 RSI: 000000000000191b RDI: 000000000000191c [ 625.036583][T15761] hsr_slave_1: entered promiscuous mode [ 625.038352][T15832] RBP: 0000000000000000 R08: ffffffff820d3778 R09: 1ffffd4000326bc8 [ 625.045471][T15761] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 625.052789][T15832] R10: dffffc0000000000 R11: fffff94000326bc9 R12: ffffea0001935e70 [ 625.060202][T15761] Cannot create hsr debugfs directory [ 625.073834][T15832] R13: dffffc0000000000 R14: ffffea0001935e40 R15: ffff888031785780 [ 625.081882][T15832] FS: 00007fed65e5b6c0(0000) GS:ffff888124fcc000(0000) knlGS:0000000000000000 [ 625.091061][T15832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 625.097734][T15832] CR2: 0000000000000000 CR3: 000000004f5a8000 CR4: 00000000003526f0 [ 625.105719][T15832] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 625.113742][T15832] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 625.121781][T15832] Call Trace: [ 625.125148][T15832] [ 625.128134][T15832] workingset_activation+0x5f/0x4b0 [ 625.133373][T15832] ? folio_mark_accessed+0x671/0xa40 [ 625.138717][T15832] folio_mark_accessed+0x73e/0xa40 [ 625.144500][T15832] ? folio_mark_accessed+0x2d2/0xa40 [ 625.150111][T15832] kvm_release_page_clean+0x9b/0xe0 [ 625.155335][T15832] kvm_tdp_page_fault+0x304/0x3a0 [ 625.160563][T15832] kvm_mmu_do_page_fault+0x579/0xb50 [ 625.166102][T15832] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 625.171933][T15832] ? vmx_vcpu_run+0x16cf/0x2780 [ 625.176839][T15832] kvm_mmu_page_fault+0x2e5/0xc70 [ 625.181878][T15832] ? __pfx_kvm_mmu_load+0x10/0x10 [ 625.186957][T15832] ? __pfx_kvm_mmu_page_fault+0x10/0x10 [ 625.192533][T15832] ? rcu_is_watching+0x15/0xb0 [ 625.197363][T15832] ? handle_ept_violation+0x35b/0x690 [ 625.202748][T15832] ? __pfx_handle_ept_violation+0x10/0x10 [ 625.208529][T15832] vmx_handle_exit+0x1076/0x1b20 [ 625.213568][T15832] ? vcpu_run+0x4cbf/0x7ad0 [ 625.218168][T15832] vcpu_run+0x5ecb/0x7ad0 [ 625.222517][T15832] ? vcpu_run+0x4cbf/0x7ad0 [ 625.227095][T15832] ? __pfx_vcpu_run+0x10/0x10 [ 625.231786][T15832] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 625.237564][T15832] ? __set_regs+0x7ba/0x8d0 [ 625.242080][T15832] kvm_arch_vcpu_ioctl_run+0x1047/0x1910 [ 625.248491][T15832] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1910 [ 625.254232][T15832] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 625.260487][T15832] ? __pfx___mutex_trylock_common+0x10/0x10 [ 625.266421][T15832] ? rcu_is_watching+0x15/0xb0 [ 625.271193][T15832] ? look_up_lock_class+0x7b/0x170 [ 625.276369][T15832] ? register_lock_class+0x54/0x330 [ 625.281577][T15832] ? __lock_acquire+0xad5/0xd80 [ 625.286476][T15832] ? do_raw_write_lock+0x14a/0x4f0 [ 625.291615][T15832] kvm_vcpu_ioctl+0xa24/0x1030 [ 625.296439][T15832] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 625.301649][T15832] ? __lock_acquire+0xad5/0xd80 [ 625.306560][T15832] ? __asan_memset+0x23/0x50 [ 625.311166][T15832] ? smack_file_ioctl+0x361/0x3b0 [ 625.316228][T15832] ? __pfx_smack_file_ioctl+0x10/0x10 [ 625.321614][T15832] ? __fget_files+0x2a/0x420 [ 625.326252][T15832] ? __fget_files+0x2a/0x420 [ 625.330962][T15832] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 625.336217][T15832] __se_sys_ioctl+0xf1/0x160 [ 625.340827][T15832] do_syscall_64+0xf3/0x230 [ 625.345349][T15832] ? clear_bhb_loop+0x45/0xa0 [ 625.350763][T15832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.356922][T15832] RIP: 0033:0x7fed64f8d169 [ 625.361365][T15832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.381071][T15832] RSP: 002b:00007fed65e5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 625.389567][T15832] RAX: ffffffffffffffda RBX: 00007fed651a6080 RCX: 00007fed64f8d169 [ 625.397608][T15832] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 625.405596][T15832] RBP: 00007fed6500e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 625.413606][T15832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 625.421624][T15832] R13: 0000000000000000 R14: 00007fed651a6080 R15: 00007ffd938314a8 [ 625.429653][T15832] [ 625.432696][T15832] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 625.439980][T15832] CPU: 0 UID: 0 PID: 15832 Comm: syz.1.3498 Not tainted 6.14.0-syzkaller-13189-ge48e99b6edf4 #0 PREEMPT(full) [ 625.451702][T15832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 625.461762][T15832] Call Trace: [ 625.465045][T15832] [ 625.468020][T15832] dump_stack_lvl+0x241/0x360 [ 625.472735][T15832] ? __pfx_dump_stack_lvl+0x10/0x10 [ 625.477944][T15832] ? __pfx__printk+0x10/0x10 [ 625.482565][T15832] ? vscnprintf+0x5d/0x90 [ 625.486923][T15832] panic+0x349/0x880 [ 625.490844][T15832] ? __warn+0x174/0x4d0 [ 625.495017][T15832] ? __pfx_panic+0x10/0x10 [ 625.499472][T15832] __warn+0x344/0x4d0 [ 625.503474][T15832] ? folio_memcg+0x1a6/0x310 [ 625.508083][T15832] report_bug+0x2b3/0x500 [ 625.512420][T15832] ? folio_memcg+0x1a6/0x310 [ 625.517025][T15832] ? folio_memcg+0x1a6/0x310 [ 625.521670][T15832] ? folio_memcg+0x1a8/0x310 [ 625.526275][T15832] handle_bug+0x89/0x170 [ 625.530527][T15832] exc_invalid_op+0x1a/0x50 [ 625.535035][T15832] asm_exc_invalid_op+0x1a/0x20 [ 625.539889][T15832] RIP: 0010:folio_memcg+0x1a6/0x310 [ 625.545120][T15832] Code: 42 80 3c 28 00 74 08 4c 89 ff e8 e5 a7 1d 00 4d 8b 3f 4c 89 f8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 0b 0f b6 ff 90 <0f> 0b 90 eb c6 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ff fe ff ff [ 625.564759][T15832] RSP: 0018:ffffc90004b3f178 EFLAGS: 00010283 [ 625.570850][T15832] RAX: ffffffff820d37b5 RBX: 0000000000000000 RCX: 0000000000080000 [ 625.578825][T15832] RDX: ffffc9001b7b1000 RSI: 000000000000191b RDI: 000000000000191c [ 625.586799][T15832] RBP: 0000000000000000 R08: ffffffff820d3778 R09: 1ffffd4000326bc8 [ 625.594770][T15832] R10: dffffc0000000000 R11: fffff94000326bc9 R12: ffffea0001935e70 [ 625.602747][T15832] R13: dffffc0000000000 R14: ffffea0001935e40 R15: ffff888031785780 [ 625.610733][T15832] ? folio_memcg+0x168/0x310 [ 625.615340][T15832] ? folio_memcg+0x1a5/0x310 [ 625.619981][T15832] ? folio_memcg+0x1a5/0x310 [ 625.624587][T15832] workingset_activation+0x5f/0x4b0 [ 625.629821][T15832] ? folio_mark_accessed+0x671/0xa40 [ 625.635133][T15832] folio_mark_accessed+0x73e/0xa40 [ 625.640272][T15832] ? folio_mark_accessed+0x2d2/0xa40 [ 625.645571][T15832] kvm_release_page_clean+0x9b/0xe0 [ 625.650782][T15832] kvm_tdp_page_fault+0x304/0x3a0 [ 625.655921][T15832] kvm_mmu_do_page_fault+0x579/0xb50 [ 625.661247][T15832] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 625.667079][T15832] ? vmx_vcpu_run+0x16cf/0x2780 [ 625.671950][T15832] kvm_mmu_page_fault+0x2e5/0xc70 [ 625.676992][T15832] ? __pfx_kvm_mmu_load+0x10/0x10 [ 625.682030][T15832] ? __pfx_kvm_mmu_page_fault+0x10/0x10 [ 625.687585][T15832] ? rcu_is_watching+0x15/0xb0 [ 625.692354][T15832] ? handle_ept_violation+0x35b/0x690 [ 625.697736][T15832] ? __pfx_handle_ept_violation+0x10/0x10 [ 625.703485][T15832] vmx_handle_exit+0x1076/0x1b20 [ 625.708438][T15832] ? vcpu_run+0x4cbf/0x7ad0 [ 625.712951][T15832] vcpu_run+0x5ecb/0x7ad0 [ 625.717301][T15832] ? vcpu_run+0x4cbf/0x7ad0 [ 625.721855][T15832] ? __pfx_vcpu_run+0x10/0x10 [ 625.726544][T15832] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 625.732287][T15832] ? __set_regs+0x7ba/0x8d0 [ 625.736824][T15832] kvm_arch_vcpu_ioctl_run+0x1047/0x1910 [ 625.742486][T15832] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1910 [ 625.748214][T15832] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 625.754202][T15832] ? __pfx___mutex_trylock_common+0x10/0x10 [ 625.760109][T15832] ? rcu_is_watching+0x15/0xb0 [ 625.764881][T15832] ? look_up_lock_class+0x7b/0x170 [ 625.770009][T15832] ? register_lock_class+0x54/0x330 [ 625.775216][T15832] ? __lock_acquire+0xad5/0xd80 [ 625.780084][T15832] ? do_raw_write_lock+0x14a/0x4f0 [ 625.785217][T15832] kvm_vcpu_ioctl+0xa24/0x1030 [ 625.790025][T15832] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 625.795238][T15832] ? __lock_acquire+0xad5/0xd80 [ 625.800101][T15832] ? __asan_memset+0x23/0x50 [ 625.804699][T15832] ? smack_file_ioctl+0x361/0x3b0 [ 625.809735][T15832] ? __pfx_smack_file_ioctl+0x10/0x10 [ 625.815122][T15832] ? __fget_files+0x2a/0x420 [ 625.819720][T15832] ? __fget_files+0x2a/0x420 [ 625.824318][T15832] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 625.829547][T15832] __se_sys_ioctl+0xf1/0x160 [ 625.834149][T15832] do_syscall_64+0xf3/0x230 [ 625.838659][T15832] ? clear_bhb_loop+0x45/0xa0 [ 625.843344][T15832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.849244][T15832] RIP: 0033:0x7fed64f8d169 [ 625.853665][T15832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.873285][T15832] RSP: 002b:00007fed65e5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 625.881714][T15832] RAX: ffffffffffffffda RBX: 00007fed651a6080 RCX: 00007fed64f8d169 [ 625.889693][T15832] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 625.897668][T15832] RBP: 00007fed6500e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 625.905668][T15832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 625.913643][T15832] R13: 0000000000000000 R14: 00007fed651a6080 R15: 00007ffd938314a8 [ 625.921633][T15832] [ 625.924979][T15832] Kernel Offset: disabled [ 625.929331][T15832] Rebooting in 86400 seconds..