last executing test programs: 3m5.607480257s ago: executing program 4 (id=97): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup(0xffffffffffffffff) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) fsmount(0xffffffffffffffff, 0x1, 0x8c) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00'}, 0x18) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)={r1}) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0xfffc, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x8) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x1d, &(0x7f0000000080)=0x4f, 0x4) accept4(r2, 0x0, 0x0, 0x80000) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) ioperm(0x2, 0x7, 0x13) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000700)=""/200, 0xc8, 0x0, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r5 = shmget$private(0x0, 0x800000, 0x1, &(0x7f0000173000/0x800000)=nil) shmat(r5, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r0, 0x0, 0x0) r7 = openat$cgroup_subtree(r6, &(0x7f0000000080), 0x2, 0x0) write$cgroup_subtree(r7, &(0x7f00000000c0)=ANY=[], 0x1f) 3m3.434567276s ago: executing program 4 (id=109): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x56, &(0x7f00000000c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x20, 0x6, 0x0, @local, @local, {[], {{0xfffe, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x1ff, {[@fastopen={0x1e, 0xc, "4d1f3200754292a1377c"}]}}}}}}}}, 0x0) 3m3.191829777s ago: executing program 4 (id=111): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f00000006c0)="0300f198aaae5a98ca0000850800", 0xe, 0x20044080, &(0x7f0000000200)={0x11, 0x2, r1, 0x1, 0xfe, 0x6, @random="7483ccb17b06"}, 0x14) 3m2.98827765s ago: executing program 4 (id=113): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3}, 0x4) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x2, 0x7fffff7f}]}) close_range(r1, 0xffffffffffffffff, 0x0) 3m2.759521576s ago: executing program 4 (id=115): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=@newtclass={0x24, 0x28, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0x1}, {0xfff3, 0xfff6}, {0xe, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x400c800}, 0x2004c844) recvfrom$packet(r3, 0x0, 0x0, 0x1, &(0x7f0000000080)={0x11, 0xd, r5, 0x1, 0x7}, 0x14) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syncfs(r4) symlinkat(0x0, 0xffffffffffffff9c, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) sendfile(r7, r7, 0x0, 0x800007) sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c0000002000010000000000000000000a801400070000011708010014000200ff010000000000000000000000000001050016006c00000014000100fc010000000000000000000000000001"], 0x4c}}, 0x40000) connect$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r9 = socket$kcm(0x11, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="180099feffff"], 0x0, 0x7, 0x0, 0x0, 0x41100, 0xf}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)=r9, 0x8) 3m1.348438144s ago: executing program 4 (id=126): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x45) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r3) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x46014}, 0x2404c880) recvmmsg(r3, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) ioctl$TIOCMGET(0xffffffffffffffff, 0x541e, &(0x7f0000000040)) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x40000014}) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) renameat(r4, &(0x7f00000004c0)='./cgroup.net/devices.allow\x00', r4, &(0x7f0000000500)='./cgroup.net/cgroup.procs\x00') r5 = gettid() ioctl$BLKTRACESETUP(r4, 0xc0401273, &(0x7f00000002c0)={'\x00', 0x5, 0x1, 0x6, 0x439f, 0x101, r5}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) rt_sigqueueinfo(0x0, 0xe, &(0x7f00000004c0)={0x22, 0x6, 0x7}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$packet(0x11, 0x3, 0x300) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 2m45.44747699s ago: executing program 32 (id=126): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x45) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r3) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x46014}, 0x2404c880) recvmmsg(r3, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) ioctl$TIOCMGET(0xffffffffffffffff, 0x541e, &(0x7f0000000040)) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x40000014}) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) renameat(r4, &(0x7f00000004c0)='./cgroup.net/devices.allow\x00', r4, &(0x7f0000000500)='./cgroup.net/cgroup.procs\x00') r5 = gettid() ioctl$BLKTRACESETUP(r4, 0xc0401273, &(0x7f00000002c0)={'\x00', 0x5, 0x1, 0x6, 0x439f, 0x101, r5}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) rt_sigqueueinfo(0x0, 0xe, &(0x7f00000004c0)={0x22, 0x6, 0x7}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$packet(0x11, 0x3, 0x300) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 12.227953495s ago: executing program 3 (id=709): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb011c1800000000000000000000000000000003000000005f00"], 0x0, 0x1b, 0x0, 0x1}, 0x28) socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000c00078008000640001000000500010006000000050005000200000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe0500030008"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) syz_open_dev$video(0x0, 0x485, 0x40000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r5, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) 9.114808875s ago: executing program 0 (id=716): r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x200) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0x15, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x3, 0x0, @thr={0x0, 0x0}}, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r8 = socket(0x200000000000011, 0x2, 0x1) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r8, 0x0, 0x0}) io_uring_enter(r5, 0xd00, 0x7e15, 0x0, 0x0, 0x30) openat$ppp(0xffffff9c, &(0x7f0000000100), 0x40c00, 0x0) read(r0, 0x0, 0x0) 9.113027021s ago: executing program 1 (id=717): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000380)={"f9bef8d1aaeadafa287efdb9450ae3e2d260489591c42ab93a0c7bca18e9a19fa8e6cd61e9f62f91123f1311f81f85b4044554cb6e3ca1b6d1fc011bd71bdda82f37ccfa5b87dd5dcd311dbbb67f240dc02c53b7eabf3651660ce801e3878538da8bb24e1dbc480dae36207bf6b7b946c7a8ec08468f9a75ec797b8c11807655272833a7c70ccfc9a8259e7a148eca4d16b6ff519973a20b65f91a7261cdd2440a5a0566d843fa334b0280f0aacc3b417322b9b56098dd842c44139da4bd1e2212a40ba043bd72b995b172b26b71d434e9f3bf74b4ed480b264e0e9d6f628732534db36bfb92ee6419fb244db44abf0cd9357755ce9c4c9a584e5eb89ffd10c8a6c3c6115265f25f798570751917cd7cfc2ca71729e268c3b30c05b3dfdb18cbbfd3036a889f5fefb0f9d56bf970bdbf2524f8e435b721c809e73a5fdafbf1594088ad1974908bf5fc752d564c1a4989a7d1e59564567d9b437442c5c1cfec93526395d18b1ecb18dedd713ced403a00a2cd27b2dc857808287ea88157b3c19075eb33f7cc60a6161a88ad37fb04d0ce0fda24176406391a5ac521299143bdf59a474a17272105e55e9870cec2942a6705993e821e54441c877a64450e739b1321ad17e1ed552e65654bbfcc8ebd1d64fc4e888609a90410f780fe5031c27737f2de05a7ddf00129eb746a2e990438d9bf6a3211779707d615d79111b3fe71c26433482306ce7563c11cdf6f8da283ae147311465af80ba5350e6d65438cd5a20ec155d78227e5336d504f8f1145f4b942180f7ba6e5c9a070d4e31289d4845229780e53713090e782a75b32729c10da28c1f2702dad57a37416fc138040064347a0a290803f51a619402d88d0a4b2bef39bf92696b6d7052459a78a258edfe2e66f2e10a80b168b483c90a1a1dd67c6d6c9b7a2336d1678131ca38552d9acff05dcd57f9f4164064b7781d8a8b5507e21edfe35d65d726bf24799535648cd04f3b7e85c3f6762f353a8f65afdc7ba63bc0eb65d7188cb1adee1d8d14c0413458d2ff65093d972ac3696fa12defc0f8dedf2309e1b80fc672205e6ccfc6b494233c4d00b5471cb52d896c73cddee40e5e51ee8a9bbe453a1a7d5b9832cacc5965220145504ccb2a157a7c1d9d718c0bf96cd350ac5ca330c827bedbff299774707f5840a0d954ae39c9421975d48e05d87a1ceddefbecae936e15ffb308364b69eefd345d6200cd128e48c162a4ebd026fefb7cc73e80204b21ff30d63e8707292f60682c6f6a587fff9c5a0fae24e0406df5363c7c9d31f72829b6a9d9237a84e83e22c33bf6313ee4072f09f9c6254d0eb7239d51cdda77b8e3d42a89449a3e1b6be8953a27651486383879490486fd11b6ac4e1b86f8a71fc294e0ebf572f4ef00582be189ee5a38c18d4d51cd3221fb1475a56cdf3cc7258bf8c559bf1a9"}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x10000, 0x0, 0x4, 0xefffffff, 0x0, [{0x2, 0x8, 0xfc, '\x00', 0x3}, {0x4, 0x9, 0xfc, '\x00', 0x7c}, {0xfc, 0x12, 0x4, '\x00', 0x1}, {0x11, 0xb, 0x0, '\x00', 0xea}, {}, {0xfe, 0x0, 0x1, '\x00', 0x2}, {0x1f, 0x1, 0x2}, {0xfd, 0x0, 0x7, '\x00', 0x2}, {0x0, 0xf, 0xf7, '\x00', 0xfc}, {0xa8, 0x6, 0x0, '\x00', 0x11}, {0xb}, {0x9, 0x9, 0x42, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x1}, {0x2, 0x0, 0x6}, {0xff, 0x9, 0x0, '\x00', 0x49}, {0x1, 0x1, 0x80}, {0x3, 0x0, 0x0, '\x00', 0x84}, {0x2, 0x2, 0x6, '\x00', 0x10}, {0x48, 0x4, 0xd, '\x00', 0xfd}, {0x8, 0xc0, 0x3}, {0x4, 0x12, 0x3, '\x00', 0x25}, {0xfd, 0x9, 0x0, '\x00', 0x5}, {0x2, 0x2, 0x9}, {0x9, 0xff, 0x3, '\x00', 0x7}]}}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="01002cbd701cfe9ffa651300000008fe0003", @ANYRES32=r6, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, 0x0, 0x800) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), 0xffffffffffffffff) r7 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) write$nbd(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100"], 0x40) sendmsg$NL80211_CMD_NEW_STATION(r7, 0x0, 0x40801) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7078, 0x1000, 0x400007, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x23457, 0x0, 0x0, 0x1}) io_uring_enter(r8, 0x3516, 0x0, 0x0, 0x0, 0x0) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x50}}, 0x0) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000009c0)=ANY=[@ANYBLOB="1c0000000406010100000000000000000000000005000100070000000e90f2308f36cbfdfa7523f9b037a31ba5656f9836866837eae2c90372b8d07ee36312e866bd2e0c29488c6dcfc30c9e84fd9b40e6480d44e753a443ed568095000342a443f55e2b2289a6df7f2967dd17a3b8622e0b760466b297dd901601f7ef9e95d28f4ae819949dfdae6aa7d493c4b6cc3604cb9e2409f2b2d9777382b0fb635efd2c625879578b939578c6c865f16a5f8446ebd7096c3300"/196], 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_io_uring_setup(0x62ce, &(0x7f0000000780)={0x0, 0x3, 0x10100, 0x0, 0xffffffff}, 0x0, 0x0) 7.816059854s ago: executing program 2 (id=719): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182) ioctl$CEC_RECEIVE(r1, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x0, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xe}) 6.797145475s ago: executing program 1 (id=720): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000340)=[{0x28, 0x0, 0x0, 0xffefffff}, {0x6, 0x0, 0x0, 0x2}]}, 0x8) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x248741, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x8, 0x395, 0x5, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) 5.744308376s ago: executing program 5 (id=721): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100)="c10e0000", 0x4, 0x4000000, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000010a"], 0x14}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x8040}, 0x0) recvmmsg(r0, &(0x7f00000058c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 4.458515217s ago: executing program 0 (id=722): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x48}, 0x1, 0x0, 0x0, 0x14}, 0x4000080) 4.238680514s ago: executing program 5 (id=723): syz_open_dev$tty20(0xc, 0x4, 0x1) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) socket$kcm(0x21, 0x2, 0x2) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x5}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x16, 0x0, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x1, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.820382124s ago: executing program 2 (id=724): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000100000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_RMFB(r1, 0xc00464d0, &(0x7f0000000100)) 3.732281361s ago: executing program 0 (id=725): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 3.647806047s ago: executing program 3 (id=726): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0x11000) read(r0, &(0x7f0000032440)=""/102364, 0x18fdc) 3.515028525s ago: executing program 0 (id=727): r0 = openat$yama_ptrace_scope(0xffffff9c, 0x0, 0x2, 0x0) mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x8001, &(0x7f0000008e00)=0x9, 0x6a6f, 0x2) ioctl$F2FS_IOC_RESIZE_FS(r0, 0x4008f510, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000014c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000580)={0x13, 0x10, 0xfa00, {&(0x7f0000000bc0), r6, 0x1}}, 0x18) 3.444335923s ago: executing program 2 (id=728): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) connect$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x460, &(0x7f0000000480)={0x0, 0x40000020, 0x10, 0x2, 0x1ef}, &(0x7f0000000040)=0x0, &(0x7f0000000000)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r1 = socket(0x10, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000780)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev={0xfe, 0x80, '\x00', 0x24}, @remote, 0x9, 0x0, 0x1, 0x100, 0x4, 0x2930310}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x80, 0xfffffffc, 0xdc67}}) 3.336010032s ago: executing program 3 (id=729): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000002c0)=0x14) bind$ax25(r2, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 3.160214664s ago: executing program 1 (id=730): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x1, 0x7, 0x7, 0x9, 0x7}]}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000100)={0xb6, 0x0, 0x7}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.125733674s ago: executing program 2 (id=731): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') r0 = open(&(0x7f0000000140)='./file0\x00', 0x4801, 0x70) write$tcp_congestion(r0, &(0x7f00000000c0)='yeah\x00', 0x5) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) 3.077436039s ago: executing program 5 (id=732): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) sched_setscheduler(r0, 0x3, &(0x7f0000000100)=0x7ff) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000180)={0x2, &(0x7f0000000340)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}, {0x3ff, 0x1, 0x4, 0x5}]}) 2.864013776s ago: executing program 2 (id=733): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100)="c10e0000", 0x4, 0x4000000, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000010a"], 0x14}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x8040}, 0x0) recvmmsg(r0, &(0x7f00000058c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 2.687762769s ago: executing program 3 (id=734): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182) ioctl$CEC_RECEIVE(r1, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x0, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xe}) 2.552899816s ago: executing program 1 (id=735): bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x100000000001, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000000480)=""/102384, 0x18ff0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r1, 0x0, 0xa0028000}, 0x38) 1.876094585s ago: executing program 2 (id=736): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb011c1800000000000000000000000000000003000000005f00"], 0x0, 0x1b, 0x0, 0x1}, 0x28) socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000c00078008000640001000000500010006000000050005000200000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe0500030008"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) syz_open_dev$video(0x0, 0x485, 0x40000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r5, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) 875.244928ms ago: executing program 3 (id=737): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 791.423431ms ago: executing program 5 (id=738): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000100000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_RMFB(r1, 0xc00464d0, &(0x7f0000000100)) 584.253081ms ago: executing program 1 (id=739): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x3c, r0, 0x1, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}]}, @NL80211_ATTR_MAC={0xa}]}, 0x3c}}, 0x0) 489.721534ms ago: executing program 3 (id=740): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) mkdir(&(0x7f0000000440)='./file0\x00', 0x0) mount$nfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={[{'\x01\x00\x00\x00&'}], [{@audit}, {@audit}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@obj_role}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet(0x2, 0x2, 0x1) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 479.818578ms ago: executing program 5 (id=741): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) connect$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x460, &(0x7f0000000480)={0x0, 0x40000020, 0x10, 0x2, 0x1ef}, &(0x7f0000000040)=0x0, &(0x7f0000000000)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r1 = socket(0x10, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000780)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev={0xfe, 0x80, '\x00', 0x24}, @remote, 0x9, 0x0, 0x1, 0x100, 0x4, 0x2930310}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x80, 0xfffffffc, 0xdc67}}) 335.99896ms ago: executing program 1 (id=742): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) socket$inet(0x2, 0x3, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0) sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) close(r1) 298.735051ms ago: executing program 0 (id=743): syz_open_dev$tty20(0xc, 0x4, 0x1) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) socket$kcm(0x21, 0x2, 0x2) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x5}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x16, 0x0, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x1, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_RUN(r3, 0xae80, 0x0) 229.86025ms ago: executing program 5 (id=744): socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x804, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0) r6 = openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) readv(r6, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfdffa000) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r7, &(0x7f0000000000)="fa", 0xfffffdef) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r9, 0x0, 0x2, 0x0) fcntl$setstatus(r9, 0x4, 0x2000) vmsplice(r8, &(0x7f0000000180)=[{&(0x7f0000000080)="a1", 0x1}], 0x1, 0x8) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x18c6) sysinfo(0x0) setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, &(0x7f00000007c0)={'filter\x00', 0x7, 0x4, 0x3d8, 0x218, 0x218, 0x10c, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@arp={@local, @rand_addr=0x64010102, 0xffffffff, 0xff000000, 0x5, 0x0, {@mac, {[0x0, 0xff, 0x0, 0xff, 0xff]}}, {@empty, {[0x0, 0x0, 0xff]}}, 0x3, 0x7, 0x7fff, 0x0, 0x9, 0x1, 'ip6erspan0\x00', 'syz_tun\x00', {}, {}, 0x0, 0x2}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @private=0xa010101, @multicast2, 0x7}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @remote, @multicast2, 0x8, 0x1}}}, {{@uncond, 0xbc, 0xe0}, @unspec=@AUDIT={0x24, 'AUDIT\x00', 0x0, {0x1}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x424) ioctl$TFD_IOC_SET_TICKS(r1, 0x40085400, 0x0) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0xa0, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x74, 0x4, 0x0, 0x1, [{0x70, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x60, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x45, 0x3, "cd4b6abe42031763d02899c77f963d140d7a9d3ac869f3a860917523679abf4579f9cd6564e64066681fb945bfe585ab6933a6f6514a0eebad4e3537b11b37357f"}, @NFTA_TARGET_NAME={0xa, 0x1, 'HMARK\x00'}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xc8}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendto$inet6(r10, &(0x7f0000000080)="b3019c28", 0x4, 0x200080c4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) setsockopt$inet6_int(r10, 0x29, 0x33, &(0x7f0000000140)=0x10001, 0x4) 0s ago: executing program 0 (id=745): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000040)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0}, 0x20002800) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.248' (ED25519) to the list of known hosts. [ 81.674862][ T5821] cgroup: Unknown subsys name 'net' [ 81.831612][ T5821] cgroup: Unknown subsys name 'cpuset' [ 81.840957][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.534182][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.062702][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.098060][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.105871][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.108263][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.114190][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.135768][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.143990][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.145333][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.158902][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.159005][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.174852][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.177412][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.183582][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.198361][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.206154][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.214478][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.239625][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.249442][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.258297][ T5852] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.265077][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.265892][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.274050][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.279897][ T5852] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.305587][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.313814][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.031239][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 89.064424][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 89.082356][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 89.180130][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 89.451933][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 89.464820][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.472894][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.480456][ T5844] bridge_slave_0: entered allmulticast mode [ 89.488050][ T5844] bridge_slave_0: entered promiscuous mode [ 89.501780][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.509706][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.516892][ T5836] bridge_slave_0: entered allmulticast mode [ 89.525044][ T5836] bridge_slave_0: entered promiscuous mode [ 89.554653][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.563772][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.571475][ T5832] bridge_slave_0: entered allmulticast mode [ 89.580697][ T5832] bridge_slave_0: entered promiscuous mode [ 89.588464][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.595706][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.604007][ T5844] bridge_slave_1: entered allmulticast mode [ 89.611896][ T5844] bridge_slave_1: entered promiscuous mode [ 89.646262][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.653515][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.661096][ T5836] bridge_slave_1: entered allmulticast mode [ 89.668371][ T5836] bridge_slave_1: entered promiscuous mode [ 89.699376][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.706561][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.714108][ T5832] bridge_slave_1: entered allmulticast mode [ 89.721552][ T5832] bridge_slave_1: entered promiscuous mode [ 89.774437][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.781939][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.789408][ T5833] bridge_slave_0: entered allmulticast mode [ 89.796662][ T5833] bridge_slave_0: entered promiscuous mode [ 89.855930][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.865364][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.873059][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.880368][ T5833] bridge_slave_1: entered allmulticast mode [ 89.888864][ T5833] bridge_slave_1: entered promiscuous mode [ 89.898152][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.912084][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.929747][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.943896][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.955625][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.104257][ T5844] team0: Port device team_slave_0 added [ 90.116066][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.128900][ T5836] team0: Port device team_slave_0 added [ 90.149836][ T5832] team0: Port device team_slave_0 added [ 90.156141][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.163660][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.171688][ T5837] bridge_slave_0: entered allmulticast mode [ 90.180149][ T5837] bridge_slave_0: entered promiscuous mode [ 90.190122][ T5844] team0: Port device team_slave_1 added [ 90.196282][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.204408][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.211671][ T5837] bridge_slave_1: entered allmulticast mode [ 90.220402][ T5837] bridge_slave_1: entered promiscuous mode [ 90.231220][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.242498][ T5836] team0: Port device team_slave_1 added [ 90.266419][ T5832] team0: Port device team_slave_1 added [ 90.297987][ T5835] Bluetooth: hci1: command tx timeout [ 90.300860][ T5850] Bluetooth: hci2: command tx timeout [ 90.309174][ T5835] Bluetooth: hci3: command tx timeout [ 90.376281][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.383388][ T5850] Bluetooth: hci4: command tx timeout [ 90.389540][ T5850] Bluetooth: hci0: command tx timeout [ 90.389972][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.421951][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.449778][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.486529][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.493669][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.520464][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.542036][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.549242][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.575683][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.589294][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.596462][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.622846][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.636554][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.662156][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.669486][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.695792][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.709035][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.716037][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.742100][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.756381][ T5833] team0: Port device team_slave_0 added [ 90.766463][ T5833] team0: Port device team_slave_1 added [ 90.798501][ T5837] team0: Port device team_slave_0 added [ 90.842407][ T5837] team0: Port device team_slave_1 added [ 90.879997][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.886986][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.913036][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.993973][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.001073][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.027765][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.052195][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.059425][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.085589][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.119454][ T5836] hsr_slave_0: entered promiscuous mode [ 91.126116][ T5836] hsr_slave_1: entered promiscuous mode [ 91.149559][ T5832] hsr_slave_0: entered promiscuous mode [ 91.155933][ T5832] hsr_slave_1: entered promiscuous mode [ 91.162485][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.171572][ T5832] Cannot create hsr debugfs directory [ 91.185162][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.192304][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.218492][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.242880][ T5844] hsr_slave_0: entered promiscuous mode [ 91.249941][ T5844] hsr_slave_1: entered promiscuous mode [ 91.256167][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.263877][ T5844] Cannot create hsr debugfs directory [ 91.362048][ T5833] hsr_slave_0: entered promiscuous mode [ 91.368789][ T5833] hsr_slave_1: entered promiscuous mode [ 91.374837][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.382596][ T5833] Cannot create hsr debugfs directory [ 91.553871][ T5837] hsr_slave_0: entered promiscuous mode [ 91.561091][ T5837] hsr_slave_1: entered promiscuous mode [ 91.567719][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.575518][ T5837] Cannot create hsr debugfs directory [ 92.068652][ T1210] cfg80211: failed to load regulatory.db [ 92.101492][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.125867][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.138678][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.174675][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.243161][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.255274][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.273278][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.300826][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.378674][ T5850] Bluetooth: hci2: command tx timeout [ 92.381750][ T5835] Bluetooth: hci3: command tx timeout [ 92.384124][ T5852] Bluetooth: hci1: command tx timeout [ 92.400356][ T5844] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.420236][ T5844] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.458769][ T5844] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.458830][ T5850] Bluetooth: hci4: command tx timeout [ 92.471713][ T5852] Bluetooth: hci0: command tx timeout [ 92.481782][ T5844] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.610077][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.645384][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.661337][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.705109][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.764837][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.805213][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.838227][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.860350][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.883841][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.911702][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.930123][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.944079][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.951445][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.968791][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.990948][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.016449][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.023731][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.035654][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.043117][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.102149][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.109479][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.136824][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.173416][ T1334] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.180618][ T1334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.240131][ T1334] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.247430][ T1334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.380273][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.492495][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.528741][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.536009][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.603770][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.611207][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.744304][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.795593][ T5833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.925377][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.005292][ T1097] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.012599][ T1097] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.052788][ T1097] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.060073][ T1097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.098766][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.124384][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.241338][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.381438][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.440860][ T5844] veth0_vlan: entered promiscuous mode [ 94.448954][ T5836] veth0_vlan: entered promiscuous mode [ 94.466090][ T5852] Bluetooth: hci1: command tx timeout [ 94.471833][ T5852] Bluetooth: hci2: command tx timeout [ 94.474273][ T5850] Bluetooth: hci3: command tx timeout [ 94.495758][ T5844] veth1_vlan: entered promiscuous mode [ 94.527628][ T5836] veth1_vlan: entered promiscuous mode [ 94.543738][ T5852] Bluetooth: hci0: command tx timeout [ 94.543749][ T5850] Bluetooth: hci4: command tx timeout [ 94.614995][ T5832] veth0_vlan: entered promiscuous mode [ 94.664579][ T5832] veth1_vlan: entered promiscuous mode [ 94.704931][ T5836] veth0_macvtap: entered promiscuous mode [ 94.730175][ T5844] veth0_macvtap: entered promiscuous mode [ 94.756336][ T5844] veth1_macvtap: entered promiscuous mode [ 94.803773][ T5836] veth1_macvtap: entered promiscuous mode [ 94.848930][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.893500][ T5832] veth0_macvtap: entered promiscuous mode [ 94.904483][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.922113][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.946323][ T5832] veth1_macvtap: entered promiscuous mode [ 94.959316][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.974865][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.989249][ T5844] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.000778][ T5844] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.009727][ T5844] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.022626][ T5844] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.045268][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.054874][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.066587][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.076712][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.164171][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.215477][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.284637][ T5832] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.294077][ T5832] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.304852][ T5832] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.313978][ T5832] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.358392][ T1334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.366787][ T1334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.378265][ T5833] veth0_vlan: entered promiscuous mode [ 95.439024][ T5833] veth1_vlan: entered promiscuous mode [ 95.469668][ T1154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.476482][ T5837] veth0_vlan: entered promiscuous mode [ 95.485471][ T1154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.502312][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.514816][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.615564][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.645110][ T5837] veth1_vlan: entered promiscuous mode [ 95.679361][ T1334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.696704][ T5833] veth0_macvtap: entered promiscuous mode [ 95.708625][ T1334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.794833][ T5833] veth1_macvtap: entered promiscuous mode [ 96.001332][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.220785][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.489061][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.529533][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.537613][ T5852] Bluetooth: hci3: command tx timeout [ 96.537663][ T5852] Bluetooth: hci1: command tx timeout [ 96.546441][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.556022][ T5850] Bluetooth: hci2: command tx timeout [ 96.573304][ T5837] veth0_macvtap: entered promiscuous mode [ 96.618172][ T5850] Bluetooth: hci0: command tx timeout [ 96.618240][ T5852] Bluetooth: hci4: command tx timeout [ 96.625512][ T5960] netlink: 'syz.0.2': attribute type 6 has an invalid length. [ 96.661164][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.695529][ T5837] veth1_macvtap: entered promiscuous mode [ 96.751640][ T5833] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.764488][ T5833] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.774264][ T5833] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.811985][ T5833] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.091070][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.130353][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.209087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.219286][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.221083][ T5972] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8'. [ 98.229501][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 98.272999][ T5837] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.288071][ T5837] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.298787][ T5837] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.493140][ T5837] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.657432][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 100.307158][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 100.528136][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.536075][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.722608][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.722608][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.722632][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.732751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.739499][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 100.837914][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.866242][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.876754][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.147869][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.374420][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.382640][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.564123][ T6004] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.402851][ T6004] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 105.431451][ T6004] netlink: 28 bytes leftover after parsing attributes in process `syz.3.15'. [ 105.672713][ T6009] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 106.050747][ T6016] IPVS: set_ctl: invalid protocol: 108 255.255.255.255:20000 [ 106.465957][ T6020] IPVS: starting estimator thread 0... [ 106.950298][ T6032] netlink: 48 bytes leftover after parsing attributes in process `syz.3.18'. [ 107.045356][ T6029] IPVS: using max 23 ests per chain, 55200 per kthread [ 107.070494][ T6024] netlink: 28 bytes leftover after parsing attributes in process `syz.3.18'. [ 107.114694][ T6032] netlink: 32 bytes leftover after parsing attributes in process `syz.3.18'. [ 107.178478][ T5980] syz.2.9 (5980): drop_caches: 2 [ 107.407433][ T5890] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 107.600027][ T5890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.617277][ T5890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.637326][ T5890] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 107.657934][ T5890] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.680824][ T5890] usb 1-1: config 0 descriptor?? [ 108.131404][ T5890] pyra 0003:1E7D:2CF6.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0 [ 109.841759][ T5890] pyra 0003:1E7D:2CF6.0001: couldn't init struct pyra_device [ 109.850401][ T5890] pyra 0003:1E7D:2CF6.0001: couldn't install mouse [ 110.075600][ T5890] pyra 0003:1E7D:2CF6.0001: probe with driver pyra failed with error -71 [ 110.111086][ T5890] usb 1-1: USB disconnect, device number 2 [ 112.006995][ T6091] 9pnet_virtio: no channels available for device syz [ 114.308693][ T6104] hub 2-0:1.0: USB hub found [ 114.520914][ T6104] hub 2-0:1.0: 1 port detected [ 114.918184][ T6161] Zero length message leads to an empty skb [ 117.637373][ T978] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 117.713597][ T6191] process 'syz.3.55' launched './file1' with NULL argv: empty string added [ 118.054013][ T978] usb 3-1: Using ep0 maxpacket: 16 [ 118.074499][ T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.097844][ T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.158741][ T978] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 118.176381][ T6191] 9pnet_virtio: no channels available for device syz [ 118.248904][ T978] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 118.284215][ T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.328965][ T978] usb 3-1: config 0 descriptor?? [ 118.761476][ T978] input: HID 0955:7214 Haptics as /devices/virtual/input/input5 [ 118.918397][ T6200] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 118.928445][ T6200] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 118.947814][ T6200] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 119.482715][ T978] shield 0003:0955:7214.0002: Registered Thunderstrike controller [ 119.493142][ T978] shield 0003:0955:7214.0002: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 119.559360][ T5899] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 119.576627][ T978] usb 3-1: USB disconnect, device number 2 [ 119.645948][ T5899] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 119.692831][ T5899] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 119.708007][ T5841] thermal thermal_zone0: Temperature check failed (-19) [ 119.772526][ T5899] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 120.121062][ T6205] netlink: 'syz.2.60': attribute type 1 has an invalid length. [ 120.167476][ T6205] netlink: 224 bytes leftover after parsing attributes in process `syz.2.60'. [ 120.747881][ T6213] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 122.159317][ T6242] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 122.166110][ T6242] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 122.181233][ T6242] vhci_hcd vhci_hcd.0: Device attached [ 122.465334][ T6252] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 122.472094][ T6252] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 122.487284][ T6252] vhci_hcd vhci_hcd.0: Device attached [ 122.561608][ T6252] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(13) [ 122.567370][ T6020] usb 34-1: SetAddress Request (2) to port 0 [ 122.568250][ T6252] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 122.592305][ T6020] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd [ 122.638728][ T6262] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 122.665809][ T6252] vhci_hcd vhci_hcd.0: Device attached [ 122.690275][ T5899] vhci_hcd: vhci_device speed not set [ 122.757461][ T5899] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 122.767814][ T6262] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(21) [ 122.774459][ T6262] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 122.794843][ T6262] vhci_hcd vhci_hcd.0: Device attached [ 123.401527][ T6252] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(18) [ 123.408181][ T6252] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 123.473793][ T6252] vhci_hcd vhci_hcd.0: Device attached [ 123.475311][ T6262] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 123.528733][ T6262] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 123.617954][ T6242] input: syz1 as /devices/virtual/input/input6 [ 123.682320][ T6252] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 123.767334][ T6268] vhci_hcd vhci_hcd.0: pdev(1) rhport(5) sockfd(24) [ 123.774030][ T6268] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 123.883361][ T6243] vhci_hcd: connection reset by peer [ 123.911197][ T6268] vhci_hcd vhci_hcd.0: Device attached [ 123.942703][ T6153] vhci_hcd: stop threads [ 123.981235][ T6153] vhci_hcd: release socket [ 124.072700][ T6153] vhci_hcd: disconnect device [ 124.141733][ T6263] vhci_hcd: connection closed [ 124.142232][ T6270] vhci_hcd: connection closed [ 124.144032][ T6153] vhci_hcd: stop threads [ 124.147093][ T6255] vhci_hcd: connection reset by peer [ 124.157691][ T6265] vhci_hcd: connection closed [ 124.162019][ T6258] vhci_hcd: connection closed [ 124.180299][ T6153] vhci_hcd: release socket [ 124.234683][ T6276] 9pnet_virtio: no channels available for device syz [ 124.245841][ T6153] vhci_hcd: disconnect device [ 124.282657][ T6153] vhci_hcd: stop threads [ 124.300009][ T6153] vhci_hcd: release socket [ 124.317686][ T6153] vhci_hcd: disconnect device [ 124.344197][ T6153] vhci_hcd: stop threads [ 124.362494][ T6153] vhci_hcd: release socket [ 124.372406][ T6281] netlink: 16 bytes leftover after parsing attributes in process `syz.3.77'. [ 124.377727][ T6153] vhci_hcd: disconnect device [ 124.403378][ T6153] vhci_hcd: stop threads [ 124.428091][ T6153] vhci_hcd: release socket [ 124.454784][ T6153] vhci_hcd: disconnect device [ 124.505555][ T6153] vhci_hcd: stop threads [ 124.515835][ T6153] vhci_hcd: release socket [ 124.532819][ T6153] vhci_hcd: disconnect device [ 124.987367][ T6288] 9pnet_virtio: no channels available for device syz [ 125.090446][ T30] audit: type=1326 audit(1755362952.218:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6286 comm="syz.4.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f74f8ebe9 code=0x7fc00000 [ 125.120508][ T6292] netlink: 12 bytes leftover after parsing attributes in process `syz.1.80'. [ 125.131291][ T6292] nbd: illegal input index -458752 [ 126.946389][ T30] audit: type=1326 audit(1755362954.058:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6286 comm="syz.4.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9f74f2add9 code=0x7fc00000 [ 127.887336][ T5899] vhci_hcd: vhci_device speed not set [ 128.298176][ T6020] usb 34-1: device descriptor read/8, error -110 [ 128.947266][ T30] audit: type=1326 audit(1755362954.058:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6286 comm="syz.4.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f9f74f2ae9f code=0x7fc00000 [ 128.968786][ T30] audit: type=1326 audit(1755362954.058:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6286 comm="syz.4.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f9f74f8ebe9 code=0x7fc00000 [ 128.990123][ C0] vkms_vblank_simulate: vblank timer overrun [ 129.335733][ T6322] netlink: 'syz.4.88': attribute type 5 has an invalid length. [ 129.344777][ T6322] netlink: 24 bytes leftover after parsing attributes in process `syz.4.88'. [ 129.429439][ T6020] usb usb34-port1: attempt power cycle [ 129.430510][ T6323] input: syz1 as /devices/virtual/input/input7 [ 130.837180][ T5899] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 131.315774][ T6020] usb usb34-port1: unable to enumerate USB device [ 131.342478][ T5850] Bluetooth: hci4: command 0x0405 tx timeout [ 131.564473][ T5899] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 131.604607][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.654678][ T5899] usb 3-1: Product: syz [ 131.664200][ T5899] usb 3-1: Manufacturer: syz [ 131.687105][ T5899] usb 3-1: SerialNumber: syz [ 131.714710][ T5899] usb 3-1: config 0 descriptor?? [ 131.726892][ T6339] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.93' sets config #2047 [ 131.955876][ T5899] usb 3-1: USB disconnect, device number 3 [ 132.124668][ T6349] usb usb8: usbfs: process 6349 (syz.0.98) did not claim interface 0 before use [ 132.424372][ T30] audit: type=1800 audit(1755362959.538:6): pid=6348 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.97" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 133.048103][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.356304][ T6381] netlink: 68 bytes leftover after parsing attributes in process `syz.3.107'. [ 135.389895][ T6407] bond0: (slave macvlan2): Error -22 calling dev_set_mtu [ 135.541297][ T6409] futex_wake_op: syz.1.118 tries to shift op by -1; fix this program [ 136.422670][ T5852] Bluetooth: hci4: SCO packet for unknown connection handle 777 [ 136.926089][ T30] audit: type=1326 audit(1755362964.048:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6430 comm="syz.0.128" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb6db8ebe9 code=0x0 [ 140.111594][ T6464] netlink: 8 bytes leftover after parsing attributes in process `syz.3.132'. [ 142.211764][ T6473] netlink: 8 bytes leftover after parsing attributes in process `syz.0.135'. [ 142.394527][ T6473] IPVS: Error joining to the multicast group [ 142.700422][ T6485] Bluetooth: MGMT ver 1.23 [ 144.336120][ T6499] netlink: 4 bytes leftover after parsing attributes in process `syz.2.141'. [ 144.359489][ T6499] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 144.359489][ T6499] program syz.2.141 not setting count and/or reply_len properly [ 147.974731][ T6534] ieee802154 phy1 wpan1: encryption failed: -22 [ 149.188760][ T6540] 9pnet_virtio: no channels available for device syz [ 149.297489][ T6542] vivid-000: ================= START STATUS ================= [ 149.317243][ T6542] vivid-000: Test Pattern: 75% Colorbar [ 149.324126][ T6542] vivid-000: Fill Percentage of Frame: 100 [ 149.331089][ T6542] vivid-000: Horizontal Movement: No Movement [ 149.337395][ T6542] vivid-000: Vertical Movement: No Movement [ 149.394031][ T6542] vivid-000: OSD Text Mode: All [ 149.399268][ T6542] vivid-000: Show Border: false [ 149.433488][ T6541] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 149.446835][ T6542] vivid-000: Show Square: false [ 149.460067][ T6542] vivid-000: Sensor Flipped Horizontally: false [ 149.494777][ T6542] vivid-000: Sensor Flipped Vertically: false [ 149.536174][ T6542] vivid-000: Insert SAV Code in Image: false [ 149.674729][ T6542] vivid-000: Insert EAV Code in Image: false [ 149.703687][ T6542] vivid-000: Insert Video Guard Band: false [ 149.713427][ T6542] vivid-000: Reduced Framerate: false [ 149.727004][ T6542] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 149.781464][ T6542] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 149.838943][ T6542] vivid-000: Enable Capture Cropping: true [ 149.845214][ T6542] vivid-000: Enable Capture Composing: true [ 149.852396][ T6542] vivid-000: Enable Capture Scaler: true [ 149.878108][ T6542] vivid-000: Timestamp Source: End of Frame [ 149.932639][ T6542] vivid-000: Colorspace: sRGB [ 149.966282][ T6542] vivid-000: Transfer Function: Default [ 149.987209][ T6542] vivid-000: Y'CbCr Encoding: Default [ 150.019302][ T6542] vivid-000: HSV Encoding: Hue 0-179 [ 150.024769][ T6542] vivid-000: Quantization: Default [ 150.046033][ T6542] vivid-000: Apply Alpha To Red Only: false [ 150.097381][ T6542] vivid-000: Standard Aspect Ratio: 4x3 [ 150.143063][ T6551] tipc: Started in network mode [ 150.150104][ T6551] tipc: Node identity , cluster identity 4711 [ 150.156272][ T6542] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 150.177240][ T6551] tipc: Failed to obtain node identity [ 150.198088][ T6542] vivid-000: DV Timings: 640x480p59 inactive [ 150.217960][ T6542] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 150.257207][ T6551] tipc: Enabling of bearer rejected, failed to enable media [ 150.266114][ T6542] vivid-000: Maximum EDID Blocks: 2 [ 150.294837][ T6542] vivid-000: Limited RGB Range (16-235): false [ 150.326842][ T6542] vivid-000: Rx RGB Quantization Range: Automatic [ 150.384823][ T6542] vivid-000: Power Present: 0x00000001 [ 150.391947][ T6542] tpg source WxH: 320x240 (Y'CbCr) [ 150.398468][ T6542] tpg field: 1 [ 150.403239][ T6542] tpg crop: (0,0)/320x240 [ 150.409671][ T6542] tpg compose: (0,0)/320x240 [ 150.415587][ T6542] tpg colorspace: 8 [ 150.438670][ T6542] tpg transfer function: 0/0 [ 150.444388][ T6542] tpg Y'CbCr encoding: 0/0 [ 150.485027][ T6542] tpg quantization: 0/0 [ 150.535979][ T6554] syzkaller0: entered promiscuous mode [ 150.541801][ T6542] tpg RGB range: 0/2 [ 150.562593][ T6542] vivid-000: ================== END STATUS ================== [ 150.574467][ T6554] syzkaller0: entered allmulticast mode [ 152.402627][ T6570] kvm: MONITOR instruction emulated as NOP! [ 153.475840][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 153.485616][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 153.494479][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 153.504881][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 153.512694][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 154.679844][ T6600] 9pnet_virtio: no channels available for device syz [ 155.158464][ T6598] overlayfs: failed to resolve './file1': -2 [ 155.580379][ T5852] Bluetooth: hci1: command tx timeout [ 156.805857][ T6586] chnl_net:caif_netlink_parms(): no params data found [ 157.091146][ T6630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.183'. [ 157.463773][ T6637] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 157.470546][ T6637] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 157.479763][ T6637] vhci_hcd vhci_hcd.0: Device attached [ 157.495121][ T6586] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.515281][ T6637] input: syz1 as /devices/virtual/input/input8 [ 157.531730][ T6586] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.545513][ T6586] bridge_slave_0: entered allmulticast mode [ 157.556273][ T6586] bridge_slave_0: entered promiscuous mode [ 157.567612][ T6586] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.576999][ T6586] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.595150][ T6586] bridge_slave_1: entered allmulticast mode [ 157.623332][ T6586] bridge_slave_1: entered promiscuous mode [ 157.659892][ T5852] Bluetooth: hci1: command tx timeout [ 157.667966][ T6643] netlink: 68 bytes leftover after parsing attributes in process `syz.0.187'. [ 157.722921][ T6586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.740027][ T6586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.767356][ T5899] usb 36-1: SetAddress Request (2) to port 0 [ 157.805808][ T5899] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd [ 157.841415][ T6586] team0: Port device team_slave_0 added [ 157.885723][ T6586] team0: Port device team_slave_1 added [ 158.311874][ T6638] vhci_hcd: connection reset by peer [ 158.338061][ T12] vhci_hcd: stop threads [ 158.372841][ T12] vhci_hcd: release socket [ 158.396468][ T12] vhci_hcd: disconnect device [ 158.831422][ T6586] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 158.862111][ T6586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.931243][ T6586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.945053][ T6586] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.953775][ T6586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.986393][ T6586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 159.317446][ T5846] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 159.333492][ T6586] hsr_slave_0: entered promiscuous mode [ 159.359271][ T6671] comedi comedi3: das16m1: I/O port conflict (0x6,16) [ 159.423534][ T6586] hsr_slave_1: entered promiscuous mode [ 159.469416][ T6586] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 159.516869][ T6586] Cannot create hsr debugfs directory [ 159.537217][ T5846] usb 1-1: Using ep0 maxpacket: 16 [ 159.548994][ T5846] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 159.747186][ T5852] Bluetooth: hci1: command tx timeout [ 159.775929][ T5846] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 159.798975][ T5846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.816880][ T5846] usb 1-1: Product: syz [ 159.929346][ T5846] usb 1-1: Manufacturer: syz [ 159.975783][ T5846] usb 1-1: SerialNumber: syz [ 159.994381][ T5846] usb 1-1: config 0 descriptor?? [ 160.005544][ T5846] hub 1-1:0.0: bad descriptor, ignoring hub [ 160.013971][ T5846] hub 1-1:0.0: probe with driver hub failed with error -5 [ 160.033776][ T5846] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input9 [ 160.917508][ T5841] usb 1-1: USB disconnect, device number 3 [ 161.498837][ T6586] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 161.534844][ T6586] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 161.551298][ T6586] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 161.578101][ T6586] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 161.837308][ T5852] Bluetooth: hci1: command tx timeout [ 161.873916][ T6586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.064158][ T6586] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.163121][ T6153] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.170429][ T6153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.243871][ T6156] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.251322][ T6156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.457007][ T6696] netlink: 'syz.1.201': attribute type 3 has an invalid length. [ 162.557828][ T6696] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.201'. [ 162.682145][ T5852] Bluetooth: hci3: link tx timeout [ 162.688312][ T5852] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 162.938048][ T5899] usb 36-1: device descriptor read/8, error -110 [ 163.256475][ T6586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.419336][ T5899] usb usb36-port1: attempt power cycle [ 164.028875][ T5899] usb usb36-port1: unable to enumerate USB device [ 164.195943][ T6586] veth0_vlan: entered promiscuous mode [ 164.244252][ T6586] veth1_vlan: entered promiscuous mode [ 164.284275][ T6723] tipc: Failed to remove unknown binding: 66,1,1/0:3038843030/3038843032 [ 164.319652][ T6723] tipc: Failed to remove unknown binding: 66,1,1/0:3038843030/3038843032 [ 164.366889][ T6586] veth0_macvtap: entered promiscuous mode [ 164.413963][ T6586] veth1_macvtap: entered promiscuous mode [ 164.535857][ T6586] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.578887][ T6586] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.597690][ T6586] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.628876][ T6586] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.641797][ T6586] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.673856][ T6586] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.793054][ T5852] Bluetooth: hci3: command 0x0406 tx timeout [ 165.175566][ T6124] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.190926][ T6124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.360664][ T6153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.380149][ T6153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.772719][ T6746] 9pnet_fd: Insufficient options for proto=fd [ 167.166177][ T6748] syzkaller0: entered promiscuous mode [ 167.197126][ T6748] syzkaller0: entered allmulticast mode [ 168.325995][ T6667] Set syz1 is full, maxelem 65536 reached [ 168.938039][ T6775] netlink: 88 bytes leftover after parsing attributes in process `syz.0.221'. [ 171.349204][ T6795] 9pnet_virtio: no channels available for device syz [ 171.432493][ T5841] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 171.607270][ T5841] usb 2-1: Using ep0 maxpacket: 16 [ 173.551109][ T5841] usb 2-1: unable to get BOS descriptor or descriptor too short [ 173.560825][ T5841] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 173.591294][ T5841] usb 2-1: can't read configurations, error -71 [ 176.194277][ T6835] netlink: 84 bytes leftover after parsing attributes in process `syz.0.239'. [ 176.477715][ T6843] netlink: 12 bytes leftover after parsing attributes in process `syz.2.243'. [ 177.106069][ T6843] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 180.526804][ T6877] netlink: 12 bytes leftover after parsing attributes in process `syz.1.251'. [ 180.913576][ T30] audit: type=1326 audit(1755363008.008:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6880 comm="syz.0.254" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb6db8ebe9 code=0x0 [ 183.357602][ T5841] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 183.530560][ T5841] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 183.564371][ T5841] usb 1-1: config 0 has no interfaces? [ 183.593612][ T5841] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 183.652397][ T5841] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.681212][ T5841] usb 1-1: config 0 descriptor?? [ 184.078452][ T5841] usb 1-1: USB disconnect, device number 4 [ 184.131054][ T6925] orangefs_devreq_open: device cannot be opened in blocking mode [ 184.153894][ T6943] fuse: Bad value for 'fd' [ 184.536310][ T6943] netlink: 28 bytes leftover after parsing attributes in process `syz.3.276'. [ 184.566788][ T6943] netlink: 28 bytes leftover after parsing attributes in process `syz.3.276'. [ 184.641072][ T6950] block nbd5: not configured, cannot reconfigure [ 185.142894][ T6962] syzkaller0: entered promiscuous mode [ 185.172814][ T6962] syzkaller0: entered allmulticast mode [ 185.854346][ T6982] syz.1.288 uses obsolete (PF_INET,SOCK_PACKET) [ 190.236490][ T7018] 9pnet_virtio: no channels available for device syz [ 191.760462][ T7025] block device autoloading is deprecated and will be removed. [ 194.463202][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.680893][ T7068] 9pnet_virtio: no channels available for device syz [ 197.626387][ T7068] netlink: 8 bytes leftover after parsing attributes in process `syz.0.313'. [ 197.672632][ T7068] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 197.814802][ T7078] binder: 7073:7078 ioctl 4018620d 0 returned -22 [ 197.857860][ T7080] 9pnet_virtio: no channels available for device syz [ 198.086900][ T7088] random: crng reseeded on system resumption [ 198.875836][ T7098] netlink: 8 bytes leftover after parsing attributes in process `syz.0.320'. [ 200.526357][ T5852] Bluetooth: hci1: SCO packet for unknown connection handle 777 [ 200.683220][ T30] audit: type=1326 audit(1755363027.808:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7114 comm="syz.5.326" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c7f98ebe9 code=0x0 [ 200.834603][ T7113] syz.1.325 (7113) used greatest stack depth: 16856 bytes left [ 201.758794][ T7133] 9pnet_virtio: no channels available for device syz [ 201.876468][ T5852] Bluetooth: hci1: SCO packet for unknown connection handle 777 [ 202.318893][ T7146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.335'. [ 202.352492][ T7146] netlink: 14 bytes leftover after parsing attributes in process `syz.1.335'. [ 202.723229][ T7146] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.772029][ T7146] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.802689][ T7146] bond0 (unregistering): Released all slaves [ 203.218455][ T7165] netlink: 'syz.1.343': attribute type 10 has an invalid length. [ 203.244268][ T7165] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.253207][ T7165] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.278860][ T7166] netlink: 4 bytes leftover after parsing attributes in process `syz.1.343'. [ 203.304296][ T7163] netlink: 'syz.0.342': attribute type 4 has an invalid length. [ 203.319232][ T7166] bridge_slave_1: left allmulticast mode [ 203.325126][ T7166] bridge_slave_1: left promiscuous mode [ 203.334359][ T7166] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.372723][ T7166] bridge_slave_0: left allmulticast mode [ 203.383260][ T7166] bridge_slave_0: left promiscuous mode [ 203.394223][ T7166] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.332969][ T7180] sp0: Synchronizing with TNC [ 205.490729][ T7203] 9pnet_virtio: no channels available for device syz [ 205.995029][ T7217] openvswitch: netlink: Flow key attr not present in new flow. [ 206.151257][ T5841] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 206.379937][ T5841] usb 1-1: Using ep0 maxpacket: 8 [ 206.419101][ T5841] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 206.472577][ T5841] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 206.520442][ T5841] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 206.569370][ T5841] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 206.634170][ T5841] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 206.670591][ T5841] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.917385][ T7231] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 206.969783][ T5841] usb 1-1: GET_CAPABILITIES returned 0 [ 207.017302][ T5841] usbtmc 1-1:16.0: can't read capabilities [ 207.176370][ T5841] usb 1-1: USB disconnect, device number 5 [ 207.476034][ T7240] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 207.529107][ T7240] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 209.253818][ T7263] netlink: 8 bytes leftover after parsing attributes in process `syz.3.373'. [ 209.415377][ T5841] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 209.616228][ T5841] usb 1-1: Using ep0 maxpacket: 16 [ 209.667875][ T5841] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 209.727948][ T5841] usb 1-1: config 0 has no interfaces? [ 209.790852][ T5841] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 209.857157][ T5841] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.884389][ T5841] usb 1-1: Product: syz [ 209.907120][ T5841] usb 1-1: Manufacturer: syz [ 209.918438][ T5841] usb 1-1: SerialNumber: syz [ 209.985552][ T5841] usb 1-1: config 0 descriptor?? [ 211.978753][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 211.985541][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 212.101375][ T5841] usb 1-1: USB disconnect, device number 6 [ 212.767147][ T7263] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.775106][ T7263] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.958863][ T7263] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.981799][ T7263] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.113332][ T7263] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.126507][ T7263] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.138791][ T7263] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.147834][ T7263] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.525026][ T7322] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.735711][ T7322] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.053755][ T7343] overlayfs: empty lowerdir [ 214.854574][ T7338] netlink: 8 bytes leftover after parsing attributes in process `syz.3.391'. [ 215.078926][ T7322] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.119660][ T7338] lo: entered promiscuous mode [ 215.124943][ T7338] lo: entered allmulticast mode [ 215.141617][ T7338] tunl0: entered promiscuous mode [ 215.146899][ T7338] tunl0: entered allmulticast mode [ 215.153114][ T7353] netlink: 8 bytes leftover after parsing attributes in process `syz.1.393'. [ 215.168535][ T7338] gre0: entered promiscuous mode [ 215.173664][ T7338] gre0: entered allmulticast mode [ 215.190138][ T7338] gretap0: entered promiscuous mode [ 215.195432][ T7338] gretap0: entered allmulticast mode [ 215.204378][ T7338] erspan0: entered promiscuous mode [ 215.209710][ T7338] erspan0: entered allmulticast mode [ 215.217961][ T7338] ip_vti0: entered promiscuous mode [ 215.223429][ T7338] ip_vti0: entered allmulticast mode [ 215.250287][ T7338] ip6_vti0: entered promiscuous mode [ 215.256937][ T7338] ip6_vti0: entered allmulticast mode [ 215.270272][ T7338] sit0: entered promiscuous mode [ 215.276006][ T7338] sit0: entered allmulticast mode [ 215.312046][ T7338] ip6tnl0: entered promiscuous mode [ 215.319918][ T7338] ip6tnl0: entered allmulticast mode [ 215.470319][ T7338] ip6gre0: entered promiscuous mode [ 215.477854][ T7338] ip6gre0: entered allmulticast mode [ 216.276533][ T7338] syz_tun: entered promiscuous mode [ 216.283769][ T7338] syz_tun: entered allmulticast mode [ 216.296201][ T7338] ip6gretap0: entered promiscuous mode [ 216.304483][ T7338] ip6gretap0: entered allmulticast mode [ 216.317821][ T7338] bridge0: entered promiscuous mode [ 216.323111][ T7338] bridge0: entered allmulticast mode [ 216.330346][ T7338] vcan0: entered promiscuous mode [ 216.335457][ T7338] vcan0: entered allmulticast mode [ 216.341995][ T7338] bond0: entered promiscuous mode [ 216.347381][ T7338] bond_slave_0: entered promiscuous mode [ 216.353533][ T7338] bond_slave_1: entered promiscuous mode [ 216.360300][ T7338] bond0: entered allmulticast mode [ 216.365614][ T7338] bond_slave_0: entered allmulticast mode [ 216.376940][ T7338] bond_slave_1: entered allmulticast mode [ 216.385222][ T7338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.401414][ T7338] team0: entered promiscuous mode [ 216.406695][ T7338] team_slave_0: entered promiscuous mode [ 216.413606][ T7338] team_slave_1: entered promiscuous mode [ 216.419781][ T7338] team0: entered allmulticast mode [ 216.425026][ T7338] team_slave_0: entered allmulticast mode [ 216.431071][ T7338] team_slave_1: entered allmulticast mode [ 216.438450][ T7338] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.446385][ T7338] dummy0: entered promiscuous mode [ 216.454318][ T7338] dummy0: entered allmulticast mode [ 216.463519][ T7338] nlmon0: entered promiscuous mode [ 216.471063][ T7338] nlmon0: entered allmulticast mode [ 216.481297][ T7338] caif0: entered promiscuous mode [ 216.486395][ T7338] caif0: entered allmulticast mode [ 216.491771][ T7338] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 216.578957][ T7322] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.622866][ T7353] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 216.632047][ T7353] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 216.642310][ T7353] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 216.651360][ T7353] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 216.967513][ T6156] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.325295][ T7367] syzkaller1: entered promiscuous mode [ 217.331053][ T7367] syzkaller1: entered allmulticast mode [ 217.339469][ T7367] program syz.2.399 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 217.349567][ T7367] nfs: Unknown parameter 'ntext' [ 217.816901][ T6156] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.928456][ T7380] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 217.940879][ T7380] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 218.903435][ T7322] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.321072][ T6156] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.425578][ T7390] netlink: 36 bytes leftover after parsing attributes in process `syz.1.406'. [ 219.436641][ T7390] netlink: 16 bytes leftover after parsing attributes in process `syz.1.406'. [ 219.446487][ T7390] netlink: 36 bytes leftover after parsing attributes in process `syz.1.406'. [ 219.527923][ T7390] netlink: 36 bytes leftover after parsing attributes in process `syz.1.406'. [ 219.534483][ T6156] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.692835][ T7322] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.769074][ T7322] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.877385][ T7322] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.220282][ T6156] bridge_slave_1: left allmulticast mode [ 220.237100][ T6156] bridge_slave_1: left promiscuous mode [ 220.255363][ T6156] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.329439][ T7414] 9pnet_virtio: no channels available for device syz [ 221.093811][ T6156] bridge_slave_0: left allmulticast mode [ 221.143553][ T6156] bridge_slave_0: left promiscuous mode [ 221.153923][ T6156] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.587223][ T6020] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 222.769185][ T6020] usb 3-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb [ 222.791523][ T6020] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201 [ 222.820802][ T6020] usb 3-1: Product: syz [ 222.825124][ T6020] usb 3-1: Manufacturer: syz [ 222.854964][ T6020] usb 3-1: SerialNumber: syz [ 222.870494][ T6020] usb 3-1: config 0 descriptor?? [ 222.889975][ T6020] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state. [ 222.941394][ T6020] dvb-usb: bulk message failed: -22 (2/0) [ 223.388150][ T6020] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 223.916850][ T6020] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB) [ 223.933079][ T6020] usb 3-1: media controller created [ 223.958980][ T6020] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 223.982057][ T6020] cxusb: set interface failed [ 223.986817][ T6020] dvb-usb: bulk message failed: -22 (1/0) [ 224.053842][ T6020] DVB: Unable to find symbol mt352_attach() [ 224.076473][ T6020] dvb-usb: bulk message failed: -22 (5/0) [ 224.092200][ T6020] zl10353_read_register: readreg error (reg=127, ret==-121) [ 224.106507][ T6020] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB' [ 224.238432][ T6156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 224.284082][ T7474] netlink: 'syz.1.428': attribute type 10 has an invalid length. [ 224.296378][ T6156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 224.350964][ T6156] bond0 (unregistering): Released all slaves [ 224.397300][ T6020] rc_core: IR keymap rc-dvico-mce not found [ 224.426810][ T6020] Registered IR keymap rc-empty [ 224.472204][ T6020] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0 [ 224.565774][ T6020] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input11 [ 224.601257][ T6020] dvb-usb: schedule remote query interval to 100 msecs. [ 224.657217][ T6020] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected. [ 224.707404][ T7474] syz_tun: entered promiscuous mode [ 224.744977][ T6020] usb 3-1: USB disconnect, device number 4 [ 224.907556][ T6020] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected. [ 225.830262][ T6156] hsr_slave_0: left promiscuous mode [ 225.846121][ T6156] hsr_slave_1: left promiscuous mode [ 225.894207][ T6156] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 225.950856][ T6156] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 226.024726][ T6156] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 226.043563][ T6156] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 226.155228][ T6156] veth1_macvtap: left promiscuous mode [ 226.193092][ T6156] veth0_macvtap: left promiscuous mode [ 226.229558][ T6156] veth1_vlan: left promiscuous mode [ 226.257242][ T6156] veth0_vlan: left promiscuous mode [ 228.548438][ T6156] team0 (unregistering): Port device team_slave_1 removed [ 228.637498][ T6156] team0 (unregistering): Port device team_slave_0 removed [ 228.641225][ T5850] Bluetooth: hci4: unexpected event for opcode 0x0c12 [ 229.384533][ T7509] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.714179][ T7509] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.156409][ T7525] netlink: 4 bytes leftover after parsing attributes in process `syz.5.450'. [ 230.257194][ T7526] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 230.257194][ T7526] program syz.5.450 not setting count and/or reply_len properly [ 230.751640][ T7509] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.271033][ T7533] program syz.2.451 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 231.281662][ T7533] nfs: Unknown parameter 'ntext' [ 231.715942][ T7509] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.335662][ T7509] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.443969][ T7509] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.559609][ T7509] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.680371][ T7509] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.769404][ T5850] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 232.784353][ T5850] Bluetooth: hci4: Injecting HCI hardware error event [ 232.792990][ T5850] Bluetooth: hci4: hardware error 0x00 [ 233.115751][ T7558] netlink: 12 bytes leftover after parsing attributes in process `syz.3.459'. [ 234.119869][ T7571] netlink: 24 bytes leftover after parsing attributes in process `syz.5.462'. [ 234.950744][ T5850] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 235.437222][ T978] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 235.597173][ T978] usb 2-1: Using ep0 maxpacket: 8 [ 235.610185][ T978] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 235.630025][ T978] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 235.703379][ T978] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 235.754197][ T978] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 235.777163][ T978] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 235.852014][ T978] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 235.892153][ T978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.144542][ T978] usb 2-1: GET_CAPABILITIES returned 0 [ 236.150684][ T978] usbtmc 2-1:16.0: can't read capabilities [ 236.644094][ T978] usb 2-1: USB disconnect, device number 4 [ 237.334493][ T7594] netlink: 20 bytes leftover after parsing attributes in process `syz.1.468'. [ 237.922966][ T7601] ======================================================= [ 237.922966][ T7601] WARNING: The mand mount option has been deprecated and [ 237.922966][ T7601] and is ignored by this kernel. Remove the mand [ 237.922966][ T7601] option from the mount to silence this warning. [ 237.922966][ T7601] ======================================================= [ 237.971352][ T7604] overlayfs: overlapping lowerdir path [ 238.278998][ T5850] Bluetooth: hci3: unexpected event 0x09 length: 6 > 3 [ 238.464956][ T7619] comedi comedi0: adq12b: I/O port conflict (0x2,16) [ 238.687223][ T7630] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode active-backup(1) [ 239.312814][ T7657] loop6: detected capacity change from 0 to 7 [ 239.341501][ T7657] Dev loop6: unable to read RDB block 7 [ 239.350186][ T7657] loop6: AHDI p3 [ 239.354102][ T7657] loop6: partition table partially beyond EOD, truncated [ 239.633474][ T7666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.491'. [ 240.617258][ T44] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 241.260334][ T44] usb 2-1: Using ep0 maxpacket: 8 [ 241.445202][ T7713] capability: warning: `syz.5.502' uses 32-bit capabilities (legacy support in use) [ 241.614048][ T7715] ªªªªª»: renamed from hsr0 (while UP) [ 241.685086][ T7716] netlink: 201660 bytes leftover after parsing attributes in process `syz.5.502'. [ 244.063056][ T44] usb 2-1: device descriptor read/all, error -71 [ 244.424103][ T7727] netlink: 36 bytes leftover after parsing attributes in process `syz.1.506'. [ 247.104930][ T7776] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 247.111701][ T7776] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 247.185985][ T7776] vhci_hcd vhci_hcd.0: Device attached [ 247.310763][ T7777] vhci_hcd: connection closed [ 247.348926][ T6156] vhci_hcd: stop threads [ 247.406333][ T6156] vhci_hcd: release socket [ 247.436282][ T6156] vhci_hcd: disconnect device [ 247.467202][ T5846] usb 36-1: enqueue for inactive port 0 [ 248.010979][ T5846] usb usb36-port1: attempt power cycle [ 248.618103][ T5846] usb usb36-port1: unable to enumerate USB device [ 249.257525][ T5852] Bluetooth: hci3: command 0x0406 tx timeout [ 255.219476][ T7895] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 256.007741][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.353086][ T5850] Bluetooth: hci1: link tx timeout [ 256.359263][ T5850] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 258.377393][ T5852] Bluetooth: hci1: command 0x0406 tx timeout [ 259.562808][ T5850] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 260.449753][ T7977] netlink: 8 bytes leftover after parsing attributes in process `syz.5.580'. [ 261.179308][ T30] audit: type=1800 audit(1755363088.288:10): pid=7986 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.581" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 261.507146][ T5850] Bluetooth: hci1: command 0x0406 tx timeout [ 262.671515][ T7977] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.680145][ T7977] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.507181][ T978] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 263.642432][ T7977] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 263.655531][ T7977] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 263.679189][ T978] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 263.695589][ T978] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 263.735430][ T978] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 263.752409][ T978] usb 2-1: config 0 interface 0 has no altsetting 0 [ 263.763562][ T978] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 263.775171][ T978] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 263.786594][ T978] usb 2-1: config 0 interface 0 has no altsetting 0 [ 263.797921][ T978] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 263.813838][ T978] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 263.824828][ T978] usb 2-1: config 0 interface 0 has no altsetting 0 [ 263.836503][ T978] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 263.848545][ T7977] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.857965][ T978] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 263.860916][ T7977] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.869142][ T978] usb 2-1: config 0 interface 0 has no altsetting 0 [ 263.884754][ T7977] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.892887][ T978] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 263.894135][ T7977] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.902820][ T978] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 263.923693][ T978] usb 2-1: config 0 interface 0 has no altsetting 0 [ 263.933912][ T978] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 263.943210][ T978] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 263.954385][ T978] usb 2-1: config 0 interface 0 has no altsetting 0 [ 263.967849][ T978] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 263.977501][ T978] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 263.988703][ T978] usb 2-1: config 0 interface 0 has no altsetting 0 [ 263.999707][ T978] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 264.009166][ T978] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 264.020509][ T978] usb 2-1: config 0 interface 0 has no altsetting 0 [ 264.049202][ T978] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 264.058927][ T978] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 264.147318][ T978] usb 2-1: Product: syz [ 264.151646][ T978] usb 2-1: Manufacturer: syz [ 264.165850][ T978] usb 2-1: SerialNumber: syz [ 264.176785][ T978] usb 2-1: config 0 descriptor?? [ 264.212738][ T978] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 265.690968][ T5846] usb 2-1: USB disconnect, device number 7 [ 266.041137][ T5846] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 266.274221][ T8021] netlink: 16 bytes leftover after parsing attributes in process `syz.2.591'. [ 266.875139][ T8031] ptrace attach of "./syz-executor exec"[5832] was attempted by "./syz-executor exec"[8031] [ 266.924918][ T8032] capability: warning: `syz.5.593' uses deprecated v2 capabilities in a way that may be insecure [ 268.319364][ T8046] lo speed is unknown, defaulting to 1000 [ 268.337748][ T8046] lo speed is unknown, defaulting to 1000 [ 268.352350][ T8046] lo speed is unknown, defaulting to 1000 [ 269.122602][ T8046] infiniband sz1: set active [ 269.127634][ T8046] infiniband sz1: added lo [ 269.165717][ T8046] RDS/IB: sz1: added [ 269.170464][ T8046] smc: adding ib device sz1 with port count 1 [ 269.176830][ T8046] smc: ib device sz1 port 1 has pnetid [ 269.185664][ T8046] lo speed is unknown, defaulting to 1000 [ 269.332584][ T8046] lo speed is unknown, defaulting to 1000 [ 269.477098][ T8046] lo speed is unknown, defaulting to 1000 [ 269.617986][ T8046] lo speed is unknown, defaulting to 1000 [ 269.758871][ T8046] lo speed is unknown, defaulting to 1000 [ 269.959527][ T5846] lo speed is unknown, defaulting to 1000 [ 270.004857][ T5846] lo speed is unknown, defaulting to 1000 [ 272.030728][ T8069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.607'. [ 273.747685][ T8097] sg_write: process 406 (syz.3.613) changed security contexts after opening file descriptor, this is not allowed. [ 273.797046][ T5850] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 274.465387][ T8119] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 274.472062][ T8119] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 274.481495][ T8119] vhci_hcd vhci_hcd.0: Device attached [ 274.615515][ T8103] syzkaller0: entered promiscuous mode [ 274.630062][ T8103] syzkaller0: entered allmulticast mode [ 274.690929][ T978] vhci_hcd: vhci_device speed not set [ 274.757213][ T5899] usb 2-1: new low-speed USB device number 8 using dummy_hcd [ 274.807196][ T978] usb 35-1: new full-speed USB device number 3 using vhci_hcd [ 274.939650][ T5899] usb 2-1: config 0 has no interfaces? [ 274.965359][ T5899] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 274.993990][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.029311][ T5899] usb 2-1: config 0 descriptor?? [ 275.257437][ T8120] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 275.292672][ T1097] vhci_hcd: stop threads [ 275.312639][ T1097] vhci_hcd: release socket [ 275.330873][ T1097] vhci_hcd: disconnect device [ 275.841868][ T8143] netlink: 'syz.3.620': attribute type 20 has an invalid length. [ 276.996526][ T8150] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (44 ns). Using initial count to start timer. [ 278.316435][ T8157] netlink: 8 bytes leftover after parsing attributes in process `syz.2.623'. [ 279.967189][ T978] vhci_hcd: vhci_device speed not set [ 281.691931][ T8119] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR [ 281.762877][ T5899] usb 2-1: USB disconnect, device number 8 [ 281.865389][ T8157] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 281.958513][ T1210] lo speed is unknown, defaulting to 1000 [ 282.227432][ T5899] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 282.397226][ T5899] usb 6-1: Using ep0 maxpacket: 16 [ 283.035806][ T5899] usb 6-1: unable to get BOS descriptor or descriptor too short [ 283.045332][ T5899] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 283.058646][ T5899] usb 6-1: can't read configurations, error -71 [ 283.400305][ T8209] syzkaller0: entered promiscuous mode [ 283.427891][ T8209] syzkaller0: entered allmulticast mode [ 283.535360][ T8217] warning: `syz.3.632' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 286.493708][ T5850] Bluetooth: hci3: unexpected event 0x09 length: 6 > 3 [ 288.636583][ T8258] IPv6: sit1: Disabled Multicast RS [ 288.708036][ T8258] sit1: entered allmulticast mode [ 289.588975][ T8283] netlink: 'syz.0.657': attribute type 1 has an invalid length. [ 289.765292][ T8283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.657'. [ 289.910838][ T8289] 9pnet_virtio: no channels available for device syz [ 291.202557][ T8297] Can't find ip_set type hash:net, [ 291.246073][ T8301] syzkaller0: entered promiscuous mode [ 291.252252][ T8301] syzkaller0: entered allmulticast mode [ 292.366763][ T8308] netlink: 8 bytes leftover after parsing attributes in process `syz.1.664'. [ 293.627270][ T978] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 293.777483][ T978] usb 6-1: Using ep0 maxpacket: 16 [ 293.800196][ T978] usb 6-1: unable to get BOS descriptor or descriptor too short [ 293.827114][ T978] usb 6-1: config 15 has an invalid interface number: 174 but max is 1 [ 293.844716][ T978] usb 6-1: config 15 has an invalid interface number: 5 but max is 1 [ 293.867607][ T978] usb 6-1: config 15 has an invalid interface descriptor of length 2, skipping [ 293.876805][ T978] usb 6-1: config 15 has no interface number 0 [ 293.914278][ T978] usb 6-1: config 15 has no interface number 1 [ 293.921083][ T978] usb 6-1: config 15 interface 174 altsetting 1 bulk endpoint 0x8 has invalid maxpacket 32 [ 293.951556][ T978] usb 6-1: config 15 interface 174 altsetting 1 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 293.986397][ T978] usb 6-1: config 15 interface 174 altsetting 1 has a duplicate endpoint with address 0xC, skipping [ 294.011441][ T978] usb 6-1: config 15 interface 174 altsetting 1 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 294.044218][ T978] usb 6-1: config 15 interface 174 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87 [ 294.065491][ T978] usb 6-1: config 15 interface 5 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 294.090655][ T978] usb 6-1: config 15 interface 5 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 294.124871][ T978] usb 6-1: config 15 interface 5 altsetting 128 has an invalid descriptor for endpoint zero, skipping [ 294.144740][ T978] usb 6-1: config 15 interface 5 altsetting 128 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 294.174651][ T978] usb 6-1: config 15 interface 174 has no altsetting 0 [ 294.191305][ T978] usb 6-1: config 15 interface 5 has no altsetting 0 [ 294.219601][ T978] usb 6-1: language id specifier not provided by device, defaulting to English [ 294.250771][ T978] usb 6-1: New USB device found, idVendor=1199, idProduct=6859, bcdDevice=fd.7d [ 294.262922][ T978] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.284665][ T978] usb 6-1: Product: syz [ 294.301535][ T978] usb 6-1: Manufacturer: syz [ 294.306206][ T978] usb 6-1: SerialNumber: syz [ 294.332430][ T8312] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 297.653375][ T978] sierra 6-1:15.174: Sierra USB modem converter detected [ 297.672325][ T978] usb 6-1: Sierra USB modem converter now attached to ttyUSB0 [ 297.793419][ T978] usb 6-1: Sierra USB modem converter now attached to ttyUSB1 [ 297.948469][ T978] sierra 6-1:15.5: Sierra USB modem converter detected [ 297.999517][ T978] usb 6-1: Sierra USB modem converter now attached to ttyUSB2 [ 298.021316][ T8345] netlink: 12 bytes leftover after parsing attributes in process `syz.3.675'. [ 298.040577][ T978] usb 6-1: USB disconnect, device number 4 [ 298.089345][ T978] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 298.130225][ T978] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1 [ 298.156740][ T978] sierra 6-1:15.174: device disconnected [ 298.180399][ T8348] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 298.193170][ T978] sierra ttyUSB2: Sierra USB modem converter now disconnected from ttyUSB2 [ 298.232179][ T978] sierra 6-1:15.5: device disconnected [ 298.263530][ T8348] kvm: pic: non byte read [ 298.305907][ T8348] kvm: pic: non byte read [ 298.333659][ T8348] kvm: pic: non byte read [ 298.360422][ T8348] kvm: pic: level sensitive irq not supported [ 298.366464][ T8348] kvm: pic: non byte read [ 298.398641][ T8348] kvm: pic: non byte read [ 298.417377][ T8348] kvm: pic: non byte read [ 298.443673][ T8348] kvm: pic: level sensitive irq not supported [ 298.444451][ T8348] kvm: pic: non byte read [ 298.512103][ T8348] kvm: pic: non byte read [ 298.539254][ T8348] kvm: pic: level sensitive irq not supported [ 298.540056][ T8348] kvm: pic: non byte read [ 298.595472][ T8348] kvm: pic: non byte read [ 298.638357][ T8348] kvm: pic: single mode not supported [ 298.638385][ T8348] kvm: pic: level sensitive irq not supported [ 298.686641][ T8348] kvm: pic: single mode not supported [ 298.693292][ T8348] kvm: pic: level sensitive irq not supported [ 298.760671][ T8348] kvm: pic: single mode not supported [ 298.766942][ T8348] kvm: pic: level sensitive irq not supported [ 298.818418][ T8348] kvm: pic: single mode not supported [ 298.825005][ T8348] kvm: pic: level sensitive irq not supported [ 299.074992][ T8360] overlayfs: failed to resolve './file1': -2 [ 301.186850][ T8406] overlayfs: failed to resolve './file1': -2 [ 304.582487][ T8454] 9pnet_virtio: no channels available for device syz [ 304.609930][ T8451] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (44 ns). Using initial count to start timer. [ 309.261646][ T8493] netlink: 8 bytes leftover after parsing attributes in process `syz.1.717'. [ 309.377214][ T8493] dlm: plock device version mismatch: kernel (1.2.0), user (4207673345.1574799195.3139252685) [ 309.429687][ T5846] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 309.620555][ T5846] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 309.648685][ T5846] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 309.697288][ T5846] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 309.783372][ T5846] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 309.856548][ T5846] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 309.942686][ T5846] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 309.963590][ T5846] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 310.051926][ T5846] usb 6-1: Product: syz [ 310.060694][ T5846] usb 6-1: Manufacturer: syz [ 310.102958][ T5846] cdc_wdm 6-1:1.0: skipping garbage [ 310.110340][ T5846] cdc_wdm 6-1:1.0: skipping garbage [ 310.120439][ T5846] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 310.126764][ T5846] cdc_wdm 6-1:1.0: Unknown control protocol [ 311.083596][ T1210] usb 6-1: USB disconnect, device number 5 [ 313.568846][ T8511] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (44 ns). Using initial count to start timer. [ 313.874895][ T8465] Set syz1 is full, maxelem 65536 reached [ 313.949706][ T8516] overlayfs: failed to resolve './file0': -2 [ 314.522839][ T8532] 9pnet_virtio: no channels available for device syz [ 314.622702][ T8534] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 314.968472][ T30] audit: type=1326 audit(1755363142.098:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8536 comm="syz.5.732" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5c7f98ebe9 code=0x0 [ 316.933576][ T8560] overlayfs: failed to resolve './file0': -2 [ 317.347144][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.854109][ T8582] syz_tun: entered allmulticast mode [ 317.933415][ T8582] BUG: assuming non migratable context at ./include/linux/filter.h:703 [ 317.955236][ T8582] in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 8582, name: syz.0.745 [ 318.005447][ T8582] 3 locks held by syz.0.745/8582: [ 318.011164][ T8582] #0: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: ip_mroute_setsockopt+0x107/0xf60 [ 318.021858][ T8582] #1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: ipmr_mfc_add+0x11b/0x2850 [ 318.135916][ T8582] #2: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: nf_hook+0x9d/0x380 [ 318.175527][ T8582] CPU: 1 UID: 0 PID: 8582 Comm: syz.0.745 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 318.175550][ T8582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 318.175558][ T8582] Call Trace: [ 318.175565][ T8582] [ 318.175571][ T8582] dump_stack_lvl+0x189/0x250 [ 318.175593][ T8582] ? __pfx_dump_stack_lvl+0x10/0x10 [ 318.175612][ T8582] ? print_lock_name+0xde/0x100 [ 318.175632][ T8582] __cant_migrate+0x238/0x2e0 [ 318.175650][ T8582] ? __pfx___cant_migrate+0x10/0x10 [ 318.175673][ T8582] nf_hook_run_bpf+0x8f/0x1f0 [ 318.175686][ T8582] ? __pfx_ipt_do_table+0x10/0x10 [ 318.175701][ T8582] ? __pfx_nf_hook_run_bpf+0x10/0x10 [ 318.175713][ T8582] ? iptable_mangle_hook+0x189/0x4c0 [ 318.175731][ T8582] ? nf_hook+0x9d/0x380 [ 318.175740][ T8582] ? nf_nat_ipv4_out+0x2f7/0x4e0 [ 318.175754][ T8582] ? __pfx_nf_hook_run_bpf+0x10/0x10 [ 318.175767][ T8582] nf_hook_slow+0xc5/0x220 [ 318.175787][ T8582] nf_hook+0x217/0x380 [ 318.175801][ T8582] ? nf_hook+0x9d/0x380 [ 318.175812][ T8582] ? __pfx_nf_hook+0x10/0x10 [ 318.175828][ T8582] ? __pfx_ip_mc_finish_output+0x10/0x10 [ 318.175845][ T8582] ? skb_clone+0x246/0x3a0 [ 318.175859][ T8582] ip_mc_output+0x22d/0x590 [ 318.175869][ T8582] ? __pfx_ip_mc_finish_output+0x10/0x10 [ 318.175884][ T8582] ? ipmr_queue_xmit+0x1460/0x16f0 [ 318.175896][ T8582] ipmr_queue_xmit+0xf12/0x16f0 [ 318.175920][ T8582] ? __pfx_ipmr_queue_xmit+0x10/0x10 [ 318.175934][ T8582] ? __pfx_ipmr_forward_finish+0x10/0x10 [ 318.175961][ T8582] ipmr_mfc_add+0x1f63/0x2850 [ 318.175984][ T8582] ? ipmr_mfc_add+0x11b/0x2850 [ 318.176005][ T8582] ? __pfx_ipmr_mfc_add+0x10/0x10 [ 318.176022][ T8582] ? __might_fault+0xb0/0x130 [ 318.176054][ T8582] ip_mroute_setsockopt+0xcf1/0xf60 [ 318.176085][ T8582] ? __pfx_ip_mroute_setsockopt+0x10/0x10 [ 318.176109][ T8582] ? __pfx_futex_wait+0x10/0x10 [ 318.176134][ T8582] do_ip_setsockopt+0xf11/0x2d00 [ 318.176153][ T8582] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 318.176180][ T8582] ? __fget_files+0x2a/0x420 [ 318.176198][ T8582] ip_setsockopt+0x66/0x110 [ 318.176211][ T8582] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 318.176228][ T8582] do_sock_setsockopt+0x179/0x1b0 [ 318.176250][ T8582] __x64_sys_setsockopt+0x13f/0x1b0 [ 318.176271][ T8582] do_syscall_64+0xfa/0x3b0 [ 318.176284][ T8582] ? lockdep_hardirqs_on+0x9c/0x150 [ 318.176297][ T8582] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.176309][ T8582] ? clear_bhb_loop+0x60/0xb0 [ 318.176324][ T8582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.176336][ T8582] RIP: 0033:0x7fcb6db8ebe9 [ 318.176348][ T8582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.176358][ T8582] RSP: 002b:00007fcb6e9bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 318.176373][ T8582] RAX: ffffffffffffffda RBX: 00007fcb6ddb5fa0 RCX: 00007fcb6db8ebe9 [ 318.176382][ T8582] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000008 [ 318.176389][ T8582] RBP: 00007fcb6dc11e19 R08: 000000000000003c R09: 0000000000000000 [ 318.176397][ T8582] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 318.176404][ T8582] R13: 00007fcb6ddb6038 R14: 00007fcb6ddb5fa0 R15: 00007fffe4c0d9a8 [ 318.176426][ T8582] [ 318.499345][ T8581] syz_tun: left allmulticast mode [ 318.691406][ T8577] x_tables: ip_tables: HMARK.0 target: invalid size 64 (kernel) != (user) 72 [ 320.943442][ T8557] Set syz1 is full, maxelem 65536 reached