last executing test programs: 11.509038828s ago: executing program 4 (id=1139): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120141014813442024040075ee6901020301090224000100001000090498070296d1ca000905060200020d0006090582020002"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="200104"], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) 9.21464507s ago: executing program 0 (id=1148): socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x32d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 8.850105156s ago: executing program 2 (id=1152): timer_create(0x2, &(0x7f0000000000)={0x0, 0x3c, 0x4, @thr={&(0x7f0000000100)="7de85c95e713b7eb49038e7e1d59787322b645143b1cb5c5a0d05e9d42347b341fc989f7f096e17b9780c10dac3a27d546e411c0c877ed909df28433c665d5b9d887b565cc11d3bfb4a9af1fdeab19b7f6260ae9f5a35a4f378e140ad72bb0b6a173ea84ff7c69821d55b031", 0x0}}, &(0x7f0000000080)=0x0) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYRES64=r0], 0x48) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x200102) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/ipv6_route\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) unshare(0x22020600) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000140)="0cc452530ee50959ff9d06", 0xb, 0x40000, &(0x7f000005ffe4)={0xa, 0x4e23, 0xeffffffd, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)}, 0x0) socket$qrtr(0x2a, 0x2, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004000}, 0x24040840) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x4001, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x10123, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x44) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="700000000108010400000000000000000500000654000480080001400000007f080001400000000208000140fffffffb08000140ffffbcca08000140000000070800014000000009080001400000000408000140000000d006000240000d000000000000000000000000002200000000"], 0x70}, 0x1, 0x0, 0x0, 0x4080}, 0x4004000) sendmsg$IPSET_CMD_SAVE(r6, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001b00)={&(0x7f0000001ac0)={0xfffffffffffffe8b, 0x8, 0x6, 0x301, 0x0, 0x0, {0x3, 0x0, 0x8}}, 0x1c}, 0x1, 0x0, 0x0, 0x24048048}, 0x4040) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'\x00', 0x5}) ioctl$TUNSETPERSIST(r8, 0x400454c9, 0x1) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="240000002a000b0000000000ffdbdf2509000000080002000400010008003b", @ANYRESHEX=r4, @ANYRES16=r2], 0x24}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) 8.786317156s ago: executing program 0 (id=1154): waitid(0x0, 0x0, 0x0, 0x4, 0x0) syz_usb_connect$uac1(0x0, 0x9c, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8a, 0x3, 0x1, 0x6, 0xb0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0x7}, [@output_terminal={0x9, 0x24, 0x3, 0x4, 0x302, 0x3, 0x6, 0xd6}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x1, 0x1, 0x2, 0x9, "2ab6"}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x2, 0x40, 0x5, {0x7, 0x25, 0x1, 0x80, 0x31, 0xb}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x8, 0x0, 0x1}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x28, 0x2, 0x8, 0x3, "9e8fe9f34818656ee5"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x2, 0x2, 0x69, {0x7, 0x25, 0x1, 0x0, 0x3, 0x3}}}}}}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0}) 8.682845758s ago: executing program 2 (id=1156): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x62040200) 6.36825653s ago: executing program 2 (id=1157): accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000007"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0xc, 0x3, "e4edf2b75cc7c0a3"}, @NFTA_MATCH_REV={0x8}, @NFTA_MATCH_NAME={0xc, 0x1, 'pkttype\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe8}}, 0x0) 6.36760034s ago: executing program 4 (id=1158): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000) 6.286846641s ago: executing program 2 (id=1161): openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x60600, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000200), 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd74) r3 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x14, 0x126, 0x0, r2}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x1c, 0x3, 0x1, 0x301, 0x0, 0x0, {0x0, 0x0, 0xb}, [@CTA_ZONE={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0x8800) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x4fc, 0x0, &(0x7f0000000180)=0x0, &(0x7f0000000240)) r8 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x41, 0x0) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r8, 0x80083314, 0x0) r9 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x200, 0x80) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000040)={0x0, 0x5, {}, {0xee00}, 0x7, 0x7ff}) r11 = getgid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=0xc) write$P9_RSTATu(r9, &(0x7f0000000100)={0x81, 0x7d, 0x1, {{0x0, 0x5e, 0x7, 0x480, {0x10, 0x1, 0x4}, 0x4040000, 0x73, 0x3ff, 0x1, 0xe, '/dev/snapshot\x00', 0xe, '/dev/snapshot\x00', 0xe, '/dev/snapshot\x00', 0x1, '$'}, 0xe, '/dev/snapshot\x00', r10, r11, r12}}, 0x81) syz_io_uring_submit(r7, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x3516, 0x46f, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) 6.186391853s ago: executing program 4 (id=1162): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'netdevsim0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x400c840}, 0x20048054) 6.143046983s ago: executing program 4 (id=1163): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r3) sendmsg$IEEE802154_LIST_PHY(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)={0x14, r4, 0x30b}, 0x14}, 0x1, 0x0, 0x0, 0x14}, 0x20000004) 6.100404824s ago: executing program 1 (id=1164): ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x4}, 0xfffffffe}) memfd_create(0x0, 0x4) r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000001b00), 0x2, 0x0) ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, &(0x7f00000003c0)={0x2, 0x0, @start}) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000", 0x15) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0)={0x1d, r3, 0x0, {}, 0x1}, 0x18) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x1, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x40}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001c0001"], 0x14}}, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=[@dstopts={{0x50, 0x29, 0x37, {0x8, 0x6, '\x00', [@ra={0x5, 0x2, 0x18}, @hao={0xc9, 0x10, @mcast2}, @calipso={0x7, 0x8, {0x0, 0x0, 0xf, 0x4}}, @calipso={0x7, 0x10, {0x3, 0x2, 0x2, 0x4d1, [0x2]}}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@dev={0xfe, 0x80, '\x00', 0x12}, r3}}}, @rthdrdstopts={{0x30, 0x29, 0x37, {0x29, 0x2, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x5, 0x7, [0x810]}}]}}}, @rthdr={{0x18, 0x29, 0x39, {0x29, 0x0, 0x1, 0x3}}}], 0xc0}}], 0x1, 0x888) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r6, 0x11c, 0x3, 0x0, &(0x7f0000000000)) 6.047097055s ago: executing program 4 (id=1166): timer_create(0x2, &(0x7f0000000000)={0x0, 0x3c, 0x4, @thr={&(0x7f0000000100)="7de85c95e713b7eb49038e7e1d59787322b645143b1cb5c5a0d05e9d42347b341fc989f7f096e17b9780c10dac3a27d546e411c0c877ed909df28433c665d5b9d887b565cc11d3bfb4a9af1fdeab19b7f6260ae9f5a35a4f378e140ad72bb0b6a173ea84ff7c69821d55b031", 0x0}}, &(0x7f0000000080)=0x0) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYRES64=r0], 0x48) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x200102) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/ipv6_route\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) unshare(0x22020600) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000140)="0cc452530ee50959ff9d06", 0xb, 0x40000, &(0x7f000005ffe4)={0xa, 0x4e23, 0xeffffffd, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)}, 0x0) socket$qrtr(0x2a, 0x2, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004000}, 0x24040840) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x4001, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x10123, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x44) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="700000000108010400000000000000000500000654000480080001400000007f080001400000000208000140fffffffb08000140ffffbcca08000140000000070800014000000009080001400000000408000140000000d006000240000d000000000000000000000000002200000000"], 0x70}, 0x1, 0x0, 0x0, 0x4080}, 0x4004000) sendmsg$IPSET_CMD_SAVE(r6, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001b00)={&(0x7f0000001ac0)={0xfffffffffffffe8b, 0x8, 0x6, 0x301, 0x0, 0x0, {0x3, 0x0, 0x8}}, 0x1c}, 0x1, 0x0, 0x0, 0x24048048}, 0x4040) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'\x00', 0x5}) ioctl$TUNSETPERSIST(r8, 0x400454c9, 0x1) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="240000002a000b0000000000ffdbdf2509000000080002000400010008003b", @ANYRESHEX=r4, @ANYRES16=r2], 0x24}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) 5.135865718s ago: executing program 0 (id=1167): openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x25, &(0x7f0000000040)={&(0x7f0000000580)=@newtaction={0xa4, 0x30, 0x200, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x4, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_METALST]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xf, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x7, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmmsg$inet6(r4, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3ab706204ee39c9dae21a1718ee351ebc92d2f0d482a863ae5c0b4d768ffe745af2c53a083d9b761b", 0xfff7}], 0x1}}], 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = dup(0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r5, 0xc01064c8, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 5.135335678s ago: executing program 3 (id=1168): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) mkdir(0x0, 0x0) rmdir(0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) socket(0x10, 0x3, 0x0) clock_gettime(0x0, &(0x7f0000002740)) 4.859371711s ago: executing program 3 (id=1169): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r2}, 0x18) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bridge0\x00'}) r3 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x16fa, 0x800, 0x4, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000140)=0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) r9 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r11, @ANYBLOB="0900000400e1ff060000000c000180060001000a000000"], 0x20}, 0x1, 0x0, 0x0, 0x20008814}, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r9, 0x40405514, &(0x7f0000000200)={0x9}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r9, 0xc1105511, &(0x7f0000000040)={0x9}) ioctl$KVM_SET_NESTED_STATE(r8, 0x4080aebf, &(0x7f0000005700)={{0x3f00, 0x0, 0x80, {0xd000, 0x80a0000}}, "cb31455c9e9d288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97af85a08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adb41456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d03ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e259ce021216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e50100cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d744bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf40334f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e1549d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4061d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa710c3e20fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362eb5bf86fce896dbc2a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca433d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4800d900727628d54b44db7ac700d8d664f7eeae43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b5511ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x80) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_CLOSE={0x13, 0xd, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0xc671f70bf7822a43}) io_uring_enter(r3, 0x3516, 0x0, 0x4, 0x0, 0x0) 4.858051742s ago: executing program 1 (id=1170): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x62040200) 1.764911125s ago: executing program 1 (id=1171): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x5, 0x7}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 1.506251719s ago: executing program 3 (id=1172): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000) 1.38742605s ago: executing program 0 (id=1173): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) umount2(0x0, 0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0x7005, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000001280)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eab556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b785ebd8ff0930b", 0x62}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 1.205009913s ago: executing program 2 (id=1174): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x9, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f00000021c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0xe) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, r2, 0x2, 0x0, @void}, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) 1.188231243s ago: executing program 1 (id=1175): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'netdevsim0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x400c840}, 0x20048054) 930.375577ms ago: executing program 1 (id=1176): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r3) sendmsg$IEEE802154_LIST_PHY(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)={0x14, r4, 0x30b}, 0x14}, 0x1, 0x0, 0x0, 0x14}, 0x20000004) 493.384843ms ago: executing program 0 (id=1177): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc000000000000000005000000000000ac1414bb00000000000000000000000000000400100000000a0062003b000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000048000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x4000) 455.675603ms ago: executing program 2 (id=1178): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = socket$unix(0x1, 0x2, 0x0) connect$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) writev(r3, &(0x7f00000008c0)=[{&(0x7f0000000580)='`', 0x1}], 0x1) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x26) recvmmsg(r2, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0) 450.867223ms ago: executing program 1 (id=1179): add_key$user(&(0x7f0000000200), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) dup(0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) syz_usb_connect(0x0, 0x1cb, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002300)=ANY=[@ANYBLOB="b702000000001700bfa300000000000007030000f0ffffff720af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee2922bd165a5a68488e010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7f22b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab6692422a47e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d74bf0a305790c9d644735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f535447cc0facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf00000048d2570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f09f4db033e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e7f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec50f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754d98b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8cf632c2604eab3a62a28611da1cae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412e1bdebae06edb51a134301b4627d4927287daf9dcae6720334862f3a18094f1edd9e3503379815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2f09e99f4ab5546ba1e5ad6a329f24e73a9c38eec34bd4dcc1609f6150e2de72f6599a2310c3841f4bb7f39cabc82c9fdfff5587ed4fa84090635fa3445c4cc54478b2f98320944ac7cb1c4e414556f7b0b763a00a84327cec7e11b3470f0384b27bbfdd8b2472497e7fe8c5df7e0a00641872472efa21c9ad3979e642dcc85c17ca8e084aa9689b83426e2fdaa01f500000000000000000000f9fd84fa991466ff749afe900d02281b2bb60d458340c4f68ec34835760ceca945bf181a000000c000000000b4a76515564ae189de7c1765f0ff68a0388ca8dd2aa831d0e01f0d7ce74401a58cef60e63e97a50c18de54121ce66380224ab7b9c0d4710f2347bad2c9b3e41cc738c1092728687f33e5cdb077223dc82c2137b4e3ba6791a2cd764e654f904c9505b7c5e3b2897072e747534952dcda50cde3e4deb6ebf85a04c3e415112b01eed6515c845a8a20519cd21787d560e9d8283fa8ff0c17b63ba06577c26678ff45420a1f85df47dbfc44e534f71aae5693fb5df61c5096219091ce0cd8e1e2e79bf9d37779e52007c66a00e6ded1499ed3892ed1544d1577906b52e16c734d4aec07dd15faa768c97298be87dd34ce704ffe3da8b46708cf972de4f31c0705ac933db80bdcfcb35c0d4620d4ec270ff7c9ce1b78994dd2b28b9d1c5c469d4c1a61781dce2f1b54d6138bd3f7df9e9ca613bec407c1b8d1bd0c7cb9d76eebf2f17c"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xc463f262, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) r2 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000040)={0x1d, r3, 0x2, {0x2, 0xff, 0x2}, 0xfe}, 0x18) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r2) syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, {}, {0x6}, {0x0, 0xa}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 367.376375ms ago: executing program 3 (id=1180): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000000)={0x3, {{0xa, 0x4e24, 0x1, @mcast2, 0x7fff}}, {{0xa, 0x0, 0x9, @empty, 0x5fff}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xa}, 0x3}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9) 278.344126ms ago: executing program 0 (id=1181): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120141014813442024040075ee6901020301090224000100001000090498070296d1ca000905060200020d0006090582020002"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="200104"], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000600)={0x1c, &(0x7f0000000540)={0x20, 0x3, 0x4, "99362f17"}, 0x0, 0x0}) 254.652836ms ago: executing program 4 (id=1182): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f00000001c0)=0x3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000900)={'\x00', 0x3, 0x3d, 0x2, 0x800402, 0x7}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r7 = dup(r6) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000000)={0x29, @empty, 0x4e24, 0x3, 'lblcr\x00', 0x3, 0x10000, 0x76}, 0x2c) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x90, r1, 0x205, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x51, 0xe, {{{}, {}, @device_b, @broadcast, @from_mac=@device_b}, 0x0, @default, 0x5d7f, @void, @val={0x1, 0x1, [{0xc}]}, @val={0x3, 0x1, 0xab}, @void, @val={0x6, 0x2, 0x3f16}, @void, @void, @val={0x2a, 0x1, {0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x10, 0x1, 0x6, 0x0, {0x9, 0xc9, 0x0, 0x7, 0x0, 0x1, 0x0, 0x2, 0x1}, 0x8, 0xb, 0x4}}, @void, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xffffffff}]}, 0x90}}, 0x0) 198.026757ms ago: executing program 3 (id=1183): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) syz_io_uring_setup(0x10d, &(0x7f00000004c0)={0x0, 0x2b7a, 0x400, 0x2, 0x4}, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b7040000000000008500000033"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r7}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000340)={@random="6ea88d319b8c", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x43, 0x4e22, 0x8}}}}}, 0x0) 0s ago: executing program 3 (id=1184): ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x4}, 0xfffffffe}) memfd_create(0x0, 0x4) r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000001b00), 0x2, 0x0) ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, &(0x7f00000003c0)={0x2, 0x0, @start}) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000", 0x15) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0)={0x1d, r3, 0x0, {}, 0x1}, 0x18) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x1, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x40}}, 0x0) kernel console output (not intermixed with test programs): HANGE): veth0_virt_wifi: link becomes ready [ 76.932441][ T4251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.954232][ T4266] device veth0_vlan entered promiscuous mode [ 76.965875][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.975420][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.986481][ T4259] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.009125][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.023610][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.031853][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 77.048656][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.074878][ T4266] device veth1_vlan entered promiscuous mode [ 77.148531][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.157878][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.173594][ T4252] device veth0_vlan entered promiscuous mode [ 77.193353][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.202348][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.216360][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.227804][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.246161][ T4251] device veth0_vlan entered promiscuous mode [ 77.274682][ T4252] device veth1_vlan entered promiscuous mode [ 77.295341][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.313885][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.323656][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.345160][ T4251] device veth1_vlan entered promiscuous mode [ 77.373531][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.385122][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.395506][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.406522][ T4266] device veth0_macvtap entered promiscuous mode [ 77.424053][ T4266] device veth1_macvtap entered promiscuous mode [ 77.488915][ T4317] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.498423][ T4317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.508415][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.526361][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.535107][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.542840][ T4255] Bluetooth: hci3: command 0x040f tx timeout [ 77.549643][ T4268] Bluetooth: hci4: command 0x040f tx timeout [ 77.557403][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.565466][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.574294][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.583722][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.592756][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.601986][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.611807][ T4252] device veth0_macvtap entered promiscuous mode [ 77.622124][ T4251] device veth0_macvtap entered promiscuous mode [ 77.627128][ T4268] Bluetooth: hci0: command 0x040f tx timeout [ 77.634427][ T4268] Bluetooth: hci1: command 0x040f tx timeout [ 77.641606][ T4255] Bluetooth: hci2: command 0x040f tx timeout [ 77.652470][ T4266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.668724][ T4266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.681088][ T4266] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.692150][ T4266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.704193][ T4266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.715899][ T4266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.729516][ T4251] device veth1_macvtap entered promiscuous mode [ 77.749532][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.758793][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.767264][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.775287][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.784387][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.794902][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.803667][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.813611][ T4252] device veth1_macvtap entered promiscuous mode [ 77.822024][ T4266] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.831079][ T4266] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.840063][ T4266] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.849286][ T4266] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.877310][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.885465][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.896246][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.909329][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.932054][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.944547][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.954918][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.967911][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.980166][ T4252] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.991464][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.002456][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.012722][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.026481][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.038376][ T4252] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.045935][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.056416][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.066002][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.075109][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.083963][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.093132][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.107326][ T4251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.118111][ T4251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.129509][ T4251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.140085][ T4251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.152743][ T4251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.164759][ T4251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.176273][ T4251] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.207056][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.215599][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.231056][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.242307][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.253662][ T4259] device veth0_vlan entered promiscuous mode [ 78.265787][ T4252] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.281235][ T4252] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.292455][ T4252] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.302418][ T4252] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.315726][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.325079][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.341501][ T4259] device veth1_vlan entered promiscuous mode [ 78.350640][ T4251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.361528][ T4251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.372696][ T4251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.383196][ T4251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.393335][ T4251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.403967][ T4251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.416105][ T4251] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.435725][ T4251] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.444579][ T4251] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.460748][ T4251] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.474803][ T4251] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.494573][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.523275][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.533725][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.614095][ T4259] device veth0_macvtap entered promiscuous mode [ 78.625877][ T4259] device veth1_macvtap entered promiscuous mode [ 78.660267][ T4259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.676192][ T4259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.693422][ T4259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.704580][ T4259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.721687][ T4259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.734479][ T4259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.754905][ T4259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.772595][ T4259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.784599][ T4259] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.809309][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.826420][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.844510][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.854675][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 78.865055][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.874873][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.898061][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.898572][ T4259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.920067][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.933883][ T4259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.945322][ T4259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.962281][ T4259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.973357][ T4259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.991635][ T4259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.003243][ T4259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.020116][ T4259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.041098][ T4259] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.057982][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.067516][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.075590][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.107234][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.195833][ T4317] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.208306][ T4259] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.225938][ T4259] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.238438][ T4317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.242405][ T4259] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.254546][ T4259] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.293122][ T4314] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.295463][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.315286][ T4314] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.327357][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.471190][ T4305] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.533278][ T4305] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.559478][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.580467][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.594669][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.627099][ T4268] Bluetooth: hci4: command 0x0419 tx timeout [ 79.633178][ T4268] Bluetooth: hci3: command 0x0419 tx timeout [ 79.697061][ T4268] Bluetooth: hci1: command 0x0419 tx timeout [ 79.704559][ T4271] Bluetooth: hci0: command 0x0419 tx timeout [ 79.710984][ T4255] Bluetooth: hci2: command 0x0419 tx timeout [ 79.723437][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.737626][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.782020][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.810128][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.862930][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.893422][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.939190][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 80.016505][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.066987][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.079502][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 80.343913][ T4349] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6'. [ 80.647954][ T4349] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 80.840480][ T4349] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 81.109096][ T4349] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 81.155508][ T4349] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 81.280097][ T27] audit: type=1326 audit(1746490703.810:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4353 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 81.344936][ T27] audit: type=1326 audit(1746490703.810:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4353 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 81.384349][ T4354] Bluetooth: MGMT ver 1.22 [ 81.404449][ T27] audit: type=1326 audit(1746490703.810:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4353 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 81.529852][ T27] audit: type=1326 audit(1746490703.810:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4353 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 81.636914][ T27] audit: type=1326 audit(1746490703.810:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4353 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 81.721457][ T27] audit: type=1326 audit(1746490703.810:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4353 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 81.806516][ T27] audit: type=1326 audit(1746490703.810:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4353 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 81.906858][ T27] audit: type=1326 audit(1746490703.810:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4353 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 81.974851][ T27] audit: type=1326 audit(1746490703.840:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4353 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 82.050151][ T27] audit: type=1326 audit(1746490703.860:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4353 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 82.388086][ T4377] Zero length message leads to an empty skb [ 82.570022][ T4382] loop1: detected capacity change from 0 to 764 [ 82.636452][ T4385] ======================================================= [ 82.636452][ T4385] WARNING: The mand mount option has been deprecated and [ 82.636452][ T4385] and is ignored by this kernel. Remove the mand [ 82.636452][ T4385] option from the mount to silence this warning. [ 82.636452][ T4385] ======================================================= [ 82.704188][ T4382] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 83.811005][ T4388] syz.2.20 uses obsolete (PF_INET,SOCK_PACKET) [ 83.856883][ T4391] netlink: 64 bytes leftover after parsing attributes in process `syz.3.21'. [ 84.452183][ T4410] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 84.645930][ T4412] loop2: detected capacity change from 0 to 256 [ 85.284494][ T4428] loop2: detected capacity change from 0 to 764 [ 85.340991][ T4428] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 87.411737][ T7] cfg80211: failed to load regulatory.db [ 87.557531][ T27] kauditd_printk_skb: 99 callbacks suppressed [ 87.557549][ T27] audit: type=1326 audit(1746490710.080:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4444 comm="syz.4.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 87.693596][ T27] audit: type=1326 audit(1746490710.140:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4444 comm="syz.4.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 87.747931][ T4451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.40'. [ 88.034691][ T4457] loop3: detected capacity change from 0 to 256 [ 88.088318][ T27] audit: type=1804 audit(1746490710.620:113): pid=4457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.43" name="/newroot/5/file0/file0" dev="loop3" ino=1048596 res=1 errno=0 [ 88.856510][ T4474] 9pnet_fd: Insufficient options for proto=fd [ 89.487145][ T27] audit: type=1326 audit(1746490712.010:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4468 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 89.561130][ T27] audit: type=1326 audit(1746490712.010:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4468 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 89.654121][ T4488] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 89.697295][ T27] audit: type=1326 audit(1746490712.010:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4468 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 90.440100][ T27] audit: type=1326 audit(1746490712.010:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4468 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 90.581034][ T27] audit: type=1326 audit(1746490712.010:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4468 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 90.652144][ T27] audit: type=1326 audit(1746490712.010:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4468 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 90.783922][ T27] audit: type=1326 audit(1746490712.010:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4468 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 92.233904][ T4526] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 93.353429][ T4540] loop3: detected capacity change from 0 to 256 [ 93.517735][ T4547] netlink: 4 bytes leftover after parsing attributes in process `syz.2.73'. [ 93.527059][ T27] kauditd_printk_skb: 189 callbacks suppressed [ 93.527073][ T27] audit: type=1804 audit(1746490716.050:310): pid=4540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.71" name="/newroot/11/file0/file0" dev="loop3" ino=1048597 res=1 errno=0 [ 93.565965][ T4546] netlink: 80 bytes leftover after parsing attributes in process `syz.1.72'. [ 93.868885][ T27] audit: type=1326 audit(1746490716.400:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 93.897246][ T27] audit: type=1326 audit(1746490716.400:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90a2f8d2d0 code=0x7ffc0000 [ 93.981626][ T27] audit: type=1326 audit(1746490716.400:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f90a2f8e56b code=0x7ffc0000 [ 94.006169][ T27] audit: type=1326 audit(1746490716.400:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f90a2f8e56b code=0x7ffc0000 [ 94.042178][ T27] audit: type=1326 audit(1746490716.400:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f90a2f8e56b code=0x7ffc0000 [ 94.065435][ T27] audit: type=1326 audit(1746490716.400:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f90a2f8e56b code=0x7ffc0000 [ 94.092052][ T27] audit: type=1326 audit(1746490716.420:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f90a2f85927 code=0x7ffc0000 [ 94.120916][ T27] audit: type=1326 audit(1746490716.420:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90a2f2ab39 code=0x7ffc0000 [ 94.146286][ T27] audit: type=1326 audit(1746490716.420:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 94.299583][ T4565] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 95.106941][ T4570] 9pnet_fd: Insufficient options for proto=fd [ 95.312485][ T4578] loop2: detected capacity change from 0 to 256 [ 95.535471][ T4581] netlink: 80 bytes leftover after parsing attributes in process `syz.1.88'. [ 96.392695][ T4587] netlink: 64 bytes leftover after parsing attributes in process `syz.2.90'. [ 96.749390][ T4599] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 97.457159][ T4299] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 97.627124][ T4299] usb 2-1: device descriptor read/64, error -71 [ 97.926877][ T4299] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 97.962115][ T4622] netlink: 4 bytes leftover after parsing attributes in process `syz.0.111'. [ 98.014140][ T4620] loop3: detected capacity change from 0 to 128 [ 98.158120][ T4449] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 98.207233][ T4299] usb 2-1: device descriptor read/64, error -71 [ 98.338633][ T4299] usb usb2-port1: attempt power cycle [ 98.903124][ T4299] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 98.969148][ T27] kauditd_printk_skb: 244 callbacks suppressed [ 98.969163][ T27] audit: type=1326 audit(1746490721.500:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4600 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fde24d8e56b code=0x7ffc0000 [ 98.969503][ T4299] usb 2-1: device descriptor read/8, error -71 [ 99.004866][ T27] audit: type=1326 audit(1746490721.520:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4600 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fde24d8e56b code=0x7ffc0000 [ 99.044915][ T4630] netlink: 80 bytes leftover after parsing attributes in process `syz.0.103'. [ 99.221820][ T4632] netlink: 64 bytes leftover after parsing attributes in process `syz.2.104'. [ 99.317551][ T4640] netlink: 4 bytes leftover after parsing attributes in process `syz.4.106'. [ 99.327063][ T4299] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 99.357876][ T27] audit: type=1326 audit(1746490721.890:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4600 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fde24d8e56b code=0x7ffc0000 [ 99.365415][ T4299] usb 2-1: device descriptor read/8, error -71 [ 99.419634][ T27] audit: type=1326 audit(1746490721.910:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4600 comm="syz.1.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fde24d8e56b code=0x7ffc0000 [ 99.516664][ T4649] loop3: detected capacity change from 0 to 2048 [ 99.527122][ T4299] usb usb2-port1: unable to enumerate USB device [ 99.565258][ T4649] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 99.673640][ T4649] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.107: bg 0: block 234: padding at end of block bitmap is not set [ 99.695762][ T4649] EXT4-fs (loop3): Remounting filesystem read-only [ 100.470494][ T4667] loop2: detected capacity change from 0 to 256 [ 100.499615][ T27] audit: type=1804 audit(1746490723.030:568): pid=4667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.114" name="/newroot/28/file0/file0" dev="loop2" ino=1048599 res=1 errno=0 [ 100.601891][ T4670] netlink: 4 bytes leftover after parsing attributes in process `syz.2.115'. [ 101.025848][ T4677] netlink: 72 bytes leftover after parsing attributes in process `syz.4.117'. [ 101.239540][ T4683] netlink: 64 bytes leftover after parsing attributes in process `syz.2.120'. [ 101.255253][ T27] audit: type=1326 audit(1746490723.780:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4680 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0a68585927 code=0x7ffc0000 [ 101.334875][ T27] audit: type=1326 audit(1746490723.810:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4680 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0a6852ab39 code=0x7ffc0000 [ 101.424256][ T27] audit: type=1326 audit(1746490723.810:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4680 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0a68585927 code=0x7ffc0000 [ 101.482145][ T27] audit: type=1326 audit(1746490723.810:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4680 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0a6852ab39 code=0x7ffc0000 [ 101.511719][ T27] audit: type=1326 audit(1746490723.810:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4680 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 101.602198][ T4697] loop4: detected capacity change from 0 to 256 [ 102.057226][ T4708] netlink: 72 bytes leftover after parsing attributes in process `syz.0.131'. [ 102.359575][ T4714] loop4: detected capacity change from 0 to 128 [ 102.506938][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 102.568830][ T4719] netlink: 64 bytes leftover after parsing attributes in process `syz.2.136'. [ 103.839626][ T4742] mmap: syz.0.143 (4742) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 104.420228][ T4749] loop4: detected capacity change from 0 to 2048 [ 104.582937][ T4749] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 104.718242][ T4761] netlink: 64 bytes leftover after parsing attributes in process `syz.3.149'. [ 104.829143][ T4749] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.146: bg 0: block 234: padding at end of block bitmap is not set [ 104.892265][ T4766] netlink: 72 bytes leftover after parsing attributes in process `syz.3.151'. [ 104.932414][ T4749] EXT4-fs (loop4): Remounting filesystem read-only [ 106.753255][ T4788] netlink: 4 bytes leftover after parsing attributes in process `syz.0.160'. [ 106.829510][ T4790] netlink: 64 bytes leftover after parsing attributes in process `syz.1.161'. [ 106.952816][ T4796] netlink: 72 bytes leftover after parsing attributes in process `syz.1.164'. [ 107.348822][ T4259] EXT4-fs (loop4): unmounting filesystem. [ 108.598023][ T4829] netlink: 72 bytes leftover after parsing attributes in process `syz.4.178'. [ 108.668525][ T4831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.177'. [ 108.711427][ T27] kauditd_printk_skb: 66 callbacks suppressed [ 108.711442][ T27] audit: type=1326 audit(1746490731.240:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.2.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 108.837871][ T27] audit: type=1326 audit(1746490731.290:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.2.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 108.904686][ T27] audit: type=1326 audit(1746490731.290:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.2.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 108.994842][ T27] audit: type=1326 audit(1746490731.290:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.2.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 109.002028][ T4843] loop3: detected capacity change from 0 to 256 [ 109.069166][ T27] audit: type=1326 audit(1746490731.290:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.2.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 109.169119][ T27] audit: type=1326 audit(1746490731.290:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.2.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 109.236863][ T27] audit: type=1326 audit(1746490731.290:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.2.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 109.320647][ T27] audit: type=1326 audit(1746490731.290:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.2.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 109.346848][ T4852] loop4: detected capacity change from 0 to 2048 [ 109.419125][ T27] audit: type=1326 audit(1746490731.290:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.2.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 109.470719][ T4852] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 109.570675][ T27] audit: type=1326 audit(1746490731.290:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4834 comm="syz.2.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 109.811999][ T4852] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.184: bg 0: block 234: padding at end of block bitmap is not set [ 109.868059][ T4852] EXT4-fs (loop4): Remounting filesystem read-only [ 110.722222][ T4877] netlink: 4 bytes leftover after parsing attributes in process `syz.3.193'. [ 110.759666][ T4875] netlink: 72 bytes leftover after parsing attributes in process `syz.2.192'. [ 110.938565][ T4885] loop2: detected capacity change from 0 to 256 [ 110.996948][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.005316][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.013906][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.022221][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.054251][ T4887] fuse: Unknown parameter 'user_i00000000000000000000' [ 114.438015][ T4259] EXT4-fs (loop4): unmounting filesystem. [ 114.470780][ T4912] netlink: 28 bytes leftover after parsing attributes in process `syz.2.206'. [ 114.548241][ T4912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.206'. [ 115.005158][ T4923] fuse: Unknown parameter 'user_i00000000000000000000' [ 116.046830][ T4299] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 116.382159][ T4299] usb 2-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 116.394028][ T4299] usb 2-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 116.404940][ T4932] loop4: detected capacity change from 0 to 256 [ 116.414882][ T4299] usb 2-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 116.463928][ T27] kauditd_printk_skb: 32 callbacks suppressed [ 116.463942][ T27] audit: type=1804 audit(1746490738.990:682): pid=4932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.212" name="/newroot/37/file0/file0" dev="loop4" ino=1048603 res=1 errno=0 [ 116.472564][ T4299] usb 2-1: config 1 interface 0 has no altsetting 0 [ 116.566342][ T4299] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 116.599016][ T4299] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.626821][ T4299] usb 2-1: Product: ᕨ臭滹ꨜ㱂敳ꓞ鵡嗵엚穈獜᥉惾ꃋ怙峬ښ偬딠珋㰸㵯移鞣ꦠ僝嬱퐴꟡⯜悩畷Ꮜኮ笘彑ﳰ禖昍극ૻ䶾諎쯴좷噵햳ꆛ嬁镼ꃺ圐鋵麙睪⯱䆱䤭譙㑨씞剹よ萦䱢譁愳퉩걪 [ 116.702700][ T4299] usb 2-1: SerialNumber: syz [ 116.931197][ T4924] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 116.938844][ T4924] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 118.752901][ T4954] loop4: detected capacity change from 0 to 2048 [ 118.792287][ T4959] netlink: 4 bytes leftover after parsing attributes in process `syz.0.220'. [ 118.849544][ T4954] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 118.994172][ T4954] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.218: bg 0: block 234: padding at end of block bitmap is not set [ 119.021660][ T4954] EXT4-fs (loop4): Remounting filesystem read-only [ 119.532254][ T4299] usb 2-1: bad CDC descriptors [ 119.572411][ T4299] usb 2-1: USB disconnect, device number 6 [ 119.763903][ T27] audit: type=1326 audit(1746490742.290:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 119.817032][ T27] audit: type=1326 audit(1746490742.320:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 119.864986][ T27] audit: type=1326 audit(1746490742.320:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4975 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 119.986878][ T27] audit: type=1326 audit(1746490742.330:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 120.014067][ T27] audit: type=1326 audit(1746490742.330:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 120.041248][ T27] audit: type=1326 audit(1746490742.330:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 120.069669][ T27] audit: type=1326 audit(1746490742.330:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 120.094181][ T27] audit: type=1326 audit(1746490742.330:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 120.116205][ T27] audit: type=1326 audit(1746490742.330:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 120.990110][ T4987] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 121.100341][ T4995] netlink: 28 bytes leftover after parsing attributes in process `syz.0.235'. [ 121.120266][ T4995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.235'. [ 121.354095][ T5002] loop3: detected capacity change from 0 to 256 [ 121.540967][ T27] kauditd_printk_skb: 23 callbacks suppressed [ 121.540981][ T27] audit: type=1326 audit(1746490744.030:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 121.636265][ T27] audit: type=1326 audit(1746490744.030:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 121.661858][ T4259] EXT4-fs (loop4): unmounting filesystem. [ 121.750514][ T27] audit: type=1326 audit(1746490744.030:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 121.860624][ T27] audit: type=1326 audit(1746490744.030:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 121.954521][ T27] audit: type=1326 audit(1746490744.030:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 122.004702][ T27] audit: type=1326 audit(1746490744.040:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ffbf3585927 code=0x7ffc0000 [ 122.037521][ T5020] netlink: 4 bytes leftover after parsing attributes in process `syz.2.242'. [ 122.154591][ T27] audit: type=1326 audit(1746490744.040:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbf352ab39 code=0x7ffc0000 [ 122.177293][ T27] audit: type=1326 audit(1746490744.040:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 122.235786][ T27] audit: type=1326 audit(1746490744.040:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 122.267984][ T27] audit: type=1326 audit(1746490744.040:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5003 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 123.096674][ T5028] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 123.246587][ T5033] netlink: 28 bytes leftover after parsing attributes in process `syz.4.248'. [ 123.266968][ T5033] netlink: 4 bytes leftover after parsing attributes in process `syz.4.248'. [ 123.512228][ T5043] loop3: detected capacity change from 0 to 256 [ 123.971910][ T5054] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 124.932931][ T5063] netlink: 28 bytes leftover after parsing attributes in process `syz.1.262'. [ 124.988570][ T5063] netlink: 4 bytes leftover after parsing attributes in process `syz.1.262'. [ 125.276579][ T5083] netlink: 4 bytes leftover after parsing attributes in process `syz.3.268'. [ 125.427976][ T5086] fuse: Invalid rootmode [ 125.546597][ T5085] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 126.218703][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.652884][ T5107] loop4: detected capacity change from 0 to 2048 [ 128.294104][ T5107] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 128.596868][ T27] kauditd_printk_skb: 122 callbacks suppressed [ 128.596886][ T27] audit: type=1326 audit(1746490751.070:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5118 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 128.746853][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 128.757060][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 128.774593][ T5123] fuse: Invalid rootmode [ 128.881309][ T27] audit: type=1326 audit(1746490751.070:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5118 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 129.249246][ T27] audit: type=1326 audit(1746490751.070:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5118 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 129.331046][ T5127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.284'. [ 129.348701][ T4259] EXT4-fs (loop4): unmounting filesystem. [ 129.555692][ T27] audit: type=1326 audit(1746490751.070:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5118 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 129.578763][ T27] audit: type=1326 audit(1746490751.070:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5118 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 129.601037][ T27] audit: type=1326 audit(1746490751.100:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5118 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f90a2f85927 code=0x7ffc0000 [ 129.613522][ T5127] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 129.623295][ T27] audit: type=1326 audit(1746490751.100:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5118 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90a2f2ab39 code=0x7ffc0000 [ 129.654817][ T27] audit: type=1326 audit(1746490751.100:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5118 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 129.677855][ T27] audit: type=1326 audit(1746490751.100:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5118 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 129.726824][ T27] audit: type=1326 audit(1746490751.100:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5118 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 129.748718][ T5127] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 129.826964][ T5130] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 130.062718][ T5133] netlink: 12 bytes leftover after parsing attributes in process `syz.4.290'. [ 130.114200][ T5140] netlink: 4 bytes leftover after parsing attributes in process `syz.4.290'. [ 130.433695][ T5152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.288'. [ 130.522361][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 130.636943][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 130.937070][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 131.429731][ T5155] fuse: Bad value for 'fd' [ 131.955360][ T5163] fuse: Invalid rootmode [ 132.594053][ T5167] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 132.661865][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.671634][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.122179][ T5181] 8021q: adding VLAN 0 to HW filter on device bond1 [ 133.175920][ T5184] netlink: 4 bytes leftover after parsing attributes in process `syz.2.306'. [ 133.232273][ T5189] fuse: Bad value for 'fd' [ 134.286637][ T5184] bond1 (unregistering): Released all slaves [ 134.565745][ T5208] netlink: 4 bytes leftover after parsing attributes in process `syz.0.313'. [ 134.569985][ T27] kauditd_printk_skb: 63 callbacks suppressed [ 134.570000][ T27] audit: type=1326 audit(1746490757.090:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5207 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 134.612635][ T27] audit: type=1326 audit(1746490757.130:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5207 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 134.639702][ T27] audit: type=1326 audit(1746490757.130:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5207 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 134.683457][ T27] audit: type=1326 audit(1746490757.130:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5207 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 134.711190][ T27] audit: type=1326 audit(1746490757.130:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5207 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 134.765482][ T27] audit: type=1326 audit(1746490757.130:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5207 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 134.810385][ T27] audit: type=1326 audit(1746490757.130:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5207 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 134.843135][ T27] audit: type=1326 audit(1746490757.130:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5207 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 134.878457][ T27] audit: type=1326 audit(1746490757.130:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5207 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 134.918593][ T27] audit: type=1326 audit(1746490757.130:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5207 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 134.958048][ T5214] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 135.217545][ T5222] fuse: Unknown parameter '00000000000000000000' [ 136.107293][ T5229] fuse: Bad value for 'fd' [ 137.108884][ T5236] 8021q: adding VLAN 0 to HW filter on device bond1 [ 137.134327][ T5236] netlink: 4 bytes leftover after parsing attributes in process `syz.4.325'. [ 137.632709][ T5236] bond1 (unregistering): Released all slaves [ 138.021822][ T5254] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 138.025859][ T5256] netlink: 4 bytes leftover after parsing attributes in process `syz.4.332'. [ 138.242144][ T5262] loop4: detected capacity change from 0 to 128 [ 138.341953][ T5266] fuse: Unknown parameter '00000000000000000000' [ 138.931853][ T5267] netlink: 4 bytes leftover after parsing attributes in process `syz.2.333'. [ 139.155724][ T5273] fuse: Unknown parameter '0x0000000000000009' [ 139.996338][ T5279] xt_hashlimit: max too large, truncated to 1048576 [ 140.584741][ T5295] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 140.724840][ T27] kauditd_printk_skb: 38 callbacks suppressed [ 140.724855][ T27] audit: type=1326 audit(1746490763.250:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5300 comm="syz.2.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 140.779855][ T27] audit: type=1326 audit(1746490763.280:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5300 comm="syz.2.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 140.826942][ T27] audit: type=1326 audit(1746490763.280:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5300 comm="syz.2.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 141.015988][ T5311] fuse: Unknown parameter '00000000000000000000' [ 141.911665][ T5318] process 'syz.4.352' launched './file0' with NULL argv: empty string added [ 142.220787][ T5324] fuse: Unknown parameter '0x0000000000000009' [ 143.233910][ T5336] netlink: 4 bytes leftover after parsing attributes in process `syz.4.357'. [ 143.411433][ T5339] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 143.737274][ T5345] 8021q: adding VLAN 0 to HW filter on device bond1 [ 143.749319][ T5345] netlink: 4 bytes leftover after parsing attributes in process `syz.1.361'. [ 144.105077][ T5345] bond1 (unregistering): Released all slaves [ 144.197824][ T5356] fuse: Unknown parameter 'user00000000000000000000' [ 144.572911][ T5359] loop4: detected capacity change from 0 to 512 [ 144.778781][ T5359] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.366: casefold flag without casefold feature [ 144.938807][ T5359] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.366: couldn't read orphan inode 15 (err -117) [ 144.981437][ T5359] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 145.216924][ T27] audit: type=1326 audit(1746490767.680:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 145.331113][ T5371] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 145.334635][ T27] audit: type=1326 audit(1746490767.680:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 146.268235][ T5375] fuse: Unknown parameter '0x0000000000000009' [ 146.448390][ T27] audit: type=1326 audit(1746490767.680:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 146.576825][ T14] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 146.592611][ T27] audit: type=1326 audit(1746490767.690:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 146.602907][ T5379] tipc: Started in network mode [ 146.619657][ T5379] tipc: Node identity ac14140f, cluster identity 4711 [ 146.627952][ T5379] tipc: New replicast peer: 0.0.255.255 [ 146.643992][ T5379] tipc: Enabled bearer , priority 10 [ 146.689899][ T27] audit: type=1326 audit(1746490767.690:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 146.721745][ T27] audit: type=1326 audit(1746490767.690:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 146.750553][ T27] audit: type=1326 audit(1746490767.690:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 146.774602][ T14] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 146.794694][ T14] usb 5-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 146.798091][ T27] audit: type=1326 audit(1746490767.690:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ffbf3585927 code=0x7ffc0000 [ 146.818481][ T27] audit: type=1326 audit(1746490767.690:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbf352ab39 code=0x7ffc0000 [ 146.876772][ T14] usb 5-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 146.907412][ T27] audit: type=1326 audit(1746490767.690:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 146.920306][ T14] usb 5-1: config 1 interface 0 has no altsetting 0 [ 146.965895][ T27] audit: type=1326 audit(1746490767.690:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 146.972018][ T14] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 147.021008][ T5384] loop3: detected capacity change from 0 to 164 [ 147.022842][ T14] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.040007][ T14] usb 5-1: Product: ᕨ臭滹ꨜ㱂敳ꓞ鵡嗵엚穈獜᥉惾ꃋ怙峬ښ偬딠珋㰸㵯移鞣ꦠ僝嬱퐴꟡⯜悩畷Ꮜኮ笘彑ﳰ禖昍극ૻ䶾諎쯴좷噵햳ꆛ嬁镼ꃺ圐鋵麙睪⯱䆱䤭譙㑨씞剹よ萦䱢譁愳퉩걪 [ 147.063685][ T14] usb 5-1: SerialNumber: syz [ 147.064888][ T27] audit: type=1326 audit(1746490767.690:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5362 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 147.081535][ T5373] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 147.098401][ T5373] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 147.126028][ T5384] +}[@: attempt to access beyond end of device [ 147.126028][ T5384] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 147.141499][ T5384] +}[@: attempt to access beyond end of device [ 147.141499][ T5384] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 147.387753][ T14] usb 5-1: bad CDC descriptors [ 147.407337][ T14] usb 5-1: USB disconnect, device number 2 [ 147.433906][ T4259] EXT4-fs (loop4): unmounting filesystem. [ 147.490401][ T5401] fuse: Unknown parameter 'user00000000000000000000' [ 147.760518][ T7] tipc: Node number set to 2886997007 [ 148.216847][ T5404] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 148.490635][ T5411] fuse: Unknown parameter '0x0000000000000009' [ 149.304214][ T5420] netlink: 8 bytes leftover after parsing attributes in process `syz.3.389'. [ 149.318995][ T5420] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 149.330744][ T5420] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 149.935497][ T5438] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 150.421018][ T5445] fuse: Unknown parameter 'user00000000000000000000' [ 151.060845][ T5452] fuse: Unknown parameter '0x0000000000000009' [ 151.861766][ T5459] loop4: detected capacity change from 0 to 512 [ 151.869552][ T5459] EXT4-fs: Ignoring removed nobh option [ 151.886235][ T5459] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 152.041755][ T5459] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #16: comm syz.4.404: corrupted inode contents [ 152.092906][ T5459] EXT4-fs (loop4): Remounting filesystem read-only [ 152.106824][ T5459] EXT4-fs error (device loop4): ext4_dirty_inode:6118: inode #16: comm syz.4.404: mark_inode_dirty error [ 152.141896][ T5459] EXT4-fs (loop4): Remounting filesystem read-only [ 152.164688][ T5459] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #16: comm syz.4.404: corrupted inode contents [ 152.179712][ T27] kauditd_printk_skb: 118 callbacks suppressed [ 152.179726][ T27] audit: type=1107 audit(1746490774.710:1101): pid=5467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 152.192047][ T5459] EXT4-fs (loop4): Remounting filesystem read-only [ 152.215603][ T5459] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.404: mark_inode_dirty error [ 152.232586][ T27] audit: type=1326 audit(1746490774.760:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 152.262055][ T5459] EXT4-fs (loop4): Remounting filesystem read-only [ 152.287111][ T5459] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #16: comm syz.4.404: corrupted inode contents [ 152.316321][ T5474] loop3: detected capacity change from 0 to 2048 [ 152.322758][ T5459] EXT4-fs (loop4): Remounting filesystem read-only [ 152.322803][ T5459] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 152.338662][ T5459] EXT4-fs (loop4): Remounting filesystem read-only [ 152.345388][ T27] audit: type=1326 audit(1746490774.760:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 152.348500][ T5459] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #16: comm syz.4.404: corrupted inode contents [ 152.385778][ T27] audit: type=1326 audit(1746490774.790:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 152.424739][ T27] audit: type=1326 audit(1746490774.790:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 152.446997][ T5459] EXT4-fs (loop4): Remounting filesystem read-only [ 152.453551][ T5459] EXT4-fs error (device loop4): ext4_truncate:4312: inode #16: comm syz.4.404: mark_inode_dirty error [ 152.490937][ T5459] EXT4-fs (loop4): Remounting filesystem read-only [ 152.510330][ T5478] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 152.520869][ T5459] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 152.528517][ T27] audit: type=1326 audit(1746490774.790:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 152.554879][ T5483] netlink: 8 bytes leftover after parsing attributes in process `syz.1.412'. [ 152.558443][ T5459] EXT4-fs (loop4): Remounting filesystem read-only [ 152.567245][ T5474] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 152.587475][ T5483] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 152.604962][ T5483] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 152.619806][ T5459] EXT4-fs (loop4): 1 truncate cleaned up [ 152.633267][ T5459] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 152.641169][ T27] audit: type=1326 audit(1746490774.790:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 152.642839][ T5459] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.701120][ T27] audit: type=1326 audit(1746490774.790:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 152.723910][ T5459] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 152.734439][ T5459] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 152.744556][ T5459] EXT4-fs error (device loop4): ext4_acquire_dquot:6802: comm syz.4.404: Failed to acquire dquot type 1 [ 152.759126][ T5459] EXT4-fs (loop4): Remounting filesystem read-only [ 152.802762][ T4259] EXT4-fs (loop4): unmounting filesystem. [ 152.816285][ T4432] EXT4-fs error (device loop4): ext4_release_dquot:6838: comm kworker/u4:10: Failed to release dquot type 1 [ 152.836316][ T4432] EXT4-fs (loop4): Remounting filesystem read-only [ 152.911969][ T5488] fuse: Unknown parameter 'user_i00000000000000000000' [ 153.992803][ T5504] netlink: 4 bytes leftover after parsing attributes in process `syz.1.416'. [ 154.038012][ T5505] netlink: 8 bytes leftover after parsing attributes in process `syz.4.418'. [ 154.639656][ T5518] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 155.001241][ T5524] syz.4.425[5524] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 155.001407][ T5524] syz.4.425[5524] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 155.045728][ T5526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.427'. [ 155.091405][ T5526] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 155.101350][ T5526] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 155.212749][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 155.441277][ T5539] capability: warning: `syz.4.431' uses deprecated v2 capabilities in a way that may be insecure [ 156.374272][ T5548] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 156.796872][ T5564] syz.1.441[5564] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 156.797010][ T5564] syz.1.441[5564] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 156.824390][ T5565] netlink: 4 bytes leftover after parsing attributes in process `syz.0.437'. [ 157.812144][ T5574] loop3: detected capacity change from 0 to 2048 [ 157.843226][ T5577] IPv6: NLM_F_CREATE should be specified when creating new route [ 157.923632][ T5574] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 158.072031][ T5574] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.442: bg 0: block 234: padding at end of block bitmap is not set [ 158.131799][ T5574] EXT4-fs (loop3): Remounting filesystem read-only [ 158.839330][ T5614] syz.1.455[5614] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 158.839430][ T5614] syz.1.455[5614] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 160.785037][ T27] kauditd_printk_skb: 59 callbacks suppressed [ 160.785053][ T27] audit: type=1326 audit(1746490783.310:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.1.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 160.839817][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 160.976199][ T27] audit: type=1326 audit(1746490783.360:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.1.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 161.065055][ T27] audit: type=1326 audit(1746490783.370:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.1.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 161.163637][ T5638] fuse: Unknown parameter 'user_id00000000000000000000' [ 161.483779][ T27] audit: type=1326 audit(1746490783.370:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.1.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 161.867135][ T27] audit: type=1326 audit(1746490783.370:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.1.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 162.043606][ T5645] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 162.095460][ T27] audit: type=1326 audit(1746490783.380:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.1.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 162.228389][ T5647] fuse: Unknown parameter 'fd0x0000000000000009' [ 162.435907][ T27] audit: type=1326 audit(1746490783.380:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.1.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 162.798503][ T27] audit: type=1326 audit(1746490783.380:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.1.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 163.009596][ T27] audit: type=1326 audit(1746490783.380:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.1.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 163.030171][ T5651] netlink: 8 bytes leftover after parsing attributes in process `syz.4.470'. [ 163.033230][ T27] audit: type=1326 audit(1746490783.380:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.1.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 163.084236][ T5651] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 163.126832][ T5651] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 163.158448][ T5659] loop3: detected capacity change from 0 to 2048 [ 163.227848][ T5659] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 164.404520][ T5681] fuse: Unknown parameter 'user_id00000000000000000000' [ 165.293460][ T5687] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 165.864241][ T5699] netlink: 8 bytes leftover after parsing attributes in process `syz.4.487'. [ 165.883909][ T5699] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 165.901189][ T5699] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 166.008456][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 166.008483][ T27] audit: type=1326 audit(1746490788.540:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5702 comm="syz.0.489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eb498e969 code=0x7ffc0000 [ 166.067873][ T27] audit: type=1326 audit(1746490788.570:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5702 comm="syz.0.489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f8eb498e969 code=0x7ffc0000 [ 166.072201][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 166.132820][ T27] audit: type=1326 audit(1746490788.570:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5702 comm="syz.0.489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eb498e969 code=0x7ffc0000 [ 166.218765][ T27] audit: type=1326 audit(1746490788.570:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5702 comm="syz.0.489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f8eb498e969 code=0x7ffc0000 [ 166.277664][ T27] audit: type=1326 audit(1746490788.570:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5702 comm="syz.0.489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eb498e969 code=0x7ffc0000 [ 166.332879][ T27] audit: type=1326 audit(1746490788.590:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5702 comm="syz.0.489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f8eb498e969 code=0x7ffc0000 [ 166.368297][ T5712] netlink: 20 bytes leftover after parsing attributes in process `syz.0.492'. [ 166.383787][ T5716] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 166.396797][ T27] audit: type=1326 audit(1746490788.590:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5702 comm="syz.0.489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eb498e969 code=0x7ffc0000 [ 166.521016][ T27] audit: type=1326 audit(1746490788.590:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5702 comm="syz.0.489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eb498e969 code=0x7ffc0000 [ 166.584631][ T27] audit: type=1326 audit(1746490788.590:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5702 comm="syz.0.489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f8eb498e969 code=0x7ffc0000 [ 167.343255][ T27] audit: type=1326 audit(1746490788.590:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5702 comm="syz.0.489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eb498e969 code=0x7ffc0000 [ 167.551711][ T5725] fuse: Unknown parameter 'user_id00000000000000000000' [ 168.541900][ T5744] netlink: 'syz.3.506': attribute type 1 has an invalid length. [ 168.586910][ T5744] 8021q: adding VLAN 0 to HW filter on device bond1 [ 168.600244][ T5750] netlink: 4 bytes leftover after parsing attributes in process `syz.3.506'. [ 168.669898][ T5754] netlink: 8 bytes leftover after parsing attributes in process `syz.0.509'. [ 168.815291][ T5750] bond1 (unregistering): Released all slaves [ 168.880170][ T5758] netlink: 'syz.2.510': attribute type 1 has an invalid length. [ 168.905893][ T5754] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 168.919062][ T5754] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 168.935891][ T5761] 9pnet_fd: Insufficient options for proto=fd [ 168.964722][ T5758] 8021q: adding VLAN 0 to HW filter on device bond1 [ 168.994292][ T5759] netlink: 4 bytes leftover after parsing attributes in process `syz.2.510'. [ 169.571913][ T5759] bond1 (unregistering): Released all slaves [ 170.977490][ T5804] netlink: 'syz.3.527': attribute type 1 has an invalid length. [ 171.017672][ T5804] 8021q: adding VLAN 0 to HW filter on device bond1 [ 171.025793][ T5803] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 171.048077][ T5804] netlink: 4 bytes leftover after parsing attributes in process `syz.3.527'. [ 172.030460][ T5822] hub 9-0:1.0: USB hub found [ 172.035809][ T5822] hub 9-0:1.0: 1 port detected [ 172.043537][ T5804] bond1 (unregistering): Released all slaves [ 172.184727][ T5830] loop4: detected capacity change from 0 to 2048 [ 172.556446][ T27] kauditd_printk_skb: 70 callbacks suppressed [ 172.556461][ T27] audit: type=1326 audit(1746490795.080:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.1.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 172.619017][ T27] audit: type=1326 audit(1746490795.080:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.1.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 172.632435][ T5846] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 172.656813][ T27] audit: type=1326 audit(1746490795.080:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.1.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 172.716032][ T27] audit: type=1326 audit(1746490795.080:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.1.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 172.765249][ T27] audit: type=1326 audit(1746490795.080:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.1.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 172.994771][ T27] audit: type=1326 audit(1746490795.120:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.1.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 173.277682][ T5858] netlink: 4 bytes leftover after parsing attributes in process `syz.4.546'. [ 173.340692][ T27] audit: type=1326 audit(1746490795.120:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.1.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 173.441137][ T5858] netlink: 4 bytes leftover after parsing attributes in process `syz.4.546'. [ 173.626776][ T27] audit: type=1326 audit(1746490795.120:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.1.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 173.756047][ T5865] 9pnet_fd: Insufficient options for proto=fd [ 173.796145][ T27] audit: type=1326 audit(1746490795.180:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.4.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 173.894832][ T27] audit: type=1326 audit(1746490795.180:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.4.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 174.220335][ T5876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.556'. [ 174.229781][ T5876] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 174.246249][ T5876] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 176.280905][ T5905] device syzkaller0 entered promiscuous mode [ 176.700423][ T5907] 9pnet_fd: Insufficient options for proto=fd [ 177.914461][ T27] kauditd_printk_skb: 60 callbacks suppressed [ 177.914476][ T27] audit: type=1326 audit(1746490800.440:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5933 comm="syz.2.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 178.016846][ T27] audit: type=1326 audit(1746490800.470:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5933 comm="syz.2.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=244 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 178.048413][ T27] audit: type=1326 audit(1746490800.470:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5933 comm="syz.2.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 178.202982][ T5946] netlink: 8 bytes leftover after parsing attributes in process `syz.2.576'. [ 179.677362][ T5932] netlink: 'syz.1.568': attribute type 27 has an invalid length. [ 179.740648][ T5924] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 179.753436][ T5924] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 179.760577][ T5924] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 179.781565][ T5924] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 179.798355][ T5924] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 179.804475][ T5924] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 179.831231][ T5924] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 179.843683][ T5924] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 179.857036][ T5924] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 179.864833][ T5924] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 179.882301][ T5924] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 179.888545][ T5924] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 179.895985][ T5924] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 179.902349][ T5924] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 179.909935][ T5924] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 181.062568][ T5932] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.071804][ T5932] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.614776][ T5932] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 181.663128][ T5932] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 181.774578][ T5932] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.783603][ T4271] Bluetooth: hci1: command 0x0c1a tx timeout [ 181.796085][ T5932] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.805662][ T5932] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.819196][ T5932] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.856947][ T4271] Bluetooth: hci2: command 0x0c1a tx timeout [ 181.856956][ T4255] Bluetooth: hci0: command 0x0c1a tx timeout [ 181.936881][ T4271] Bluetooth: hci4: command 0x0c1a tx timeout [ 181.936892][ T4268] Bluetooth: hci3: command 0x0c1a tx timeout [ 182.014438][ T5937] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 182.049084][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.094074][ T5937] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.105096][ T5937] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 182.121216][ T5942] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.571'. [ 182.137511][ T5946] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 182.155032][ T5946] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 182.180044][ T5988] netlink: 28 bytes leftover after parsing attributes in process `syz.4.582'. [ 182.199398][ T5988] netlink: 'syz.4.582': attribute type 7 has an invalid length. [ 182.217188][ T5988] netlink: 4 bytes leftover after parsing attributes in process `syz.4.582'. [ 182.245442][ T5988] device team0 entered promiscuous mode [ 182.261846][ T5988] device team_slave_0 entered promiscuous mode [ 182.300092][ T27] audit: type=1326 audit(1746490804.830:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 182.324153][ T5988] device team_slave_1 entered promiscuous mode [ 182.343094][ T5988] device bond0 entered promiscuous mode [ 182.352619][ T5988] device bond_slave_0 entered promiscuous mode [ 182.361195][ T5994] binfmt_misc: register: failed to install interpreter file ./bus [ 182.368528][ T5988] device bond_slave_1 entered promiscuous mode [ 182.387373][ T27] audit: type=1326 audit(1746490804.860:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 182.414946][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 182.464318][ T27] audit: type=1326 audit(1746490804.860:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 182.539830][ T27] audit: type=1326 audit(1746490804.860:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 182.596852][ T27] audit: type=1326 audit(1746490804.870:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 182.648839][ T27] audit: type=1326 audit(1746490804.870:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 182.741717][ T27] audit: type=1326 audit(1746490804.940:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 182.943492][ T6014] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 183.857459][ T4271] Bluetooth: hci1: command 0x0406 tx timeout [ 183.936915][ T4271] Bluetooth: hci0: command 0x0406 tx timeout [ 183.950841][ T4271] Bluetooth: hci2: command 0x0406 tx timeout [ 184.012316][ T6028] random: crng reseeded on system resumption [ 184.017531][ T4271] Bluetooth: hci4: command 0x0406 tx timeout [ 184.024441][ T4271] Bluetooth: hci3: command 0x0406 tx timeout [ 184.668567][ T6047] fuse: Unknown parameter '0xffffffffffffffff' [ 186.549276][ T6063] netlink: 8 bytes leftover after parsing attributes in process `syz.2.610'. [ 186.671107][ T6069] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 186.776840][ T6069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.613'. [ 186.784600][ T6075] syz.3.616[6075] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 186.786360][ T6075] syz.3.616[6075] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 186.880102][ T6069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.613'. [ 186.975891][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 186.975906][ T27] audit: type=1326 audit(1746490809.500:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 187.022895][ T27] audit: type=1326 audit(1746490809.550:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 187.090757][ T27] audit: type=1326 audit(1746490809.550:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 187.170197][ T27] audit: type=1326 audit(1746490809.550:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 187.258575][ T27] audit: type=1326 audit(1746490809.550:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 187.299425][ T6092] netlink: 8 bytes leftover after parsing attributes in process `syz.4.623'. [ 187.326029][ T27] audit: type=1326 audit(1746490809.570:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 187.349029][ T27] audit: type=1326 audit(1746490809.580:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 187.371482][ T27] audit: type=1326 audit(1746490809.580:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 187.396596][ T6092] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 187.408107][ T27] audit: type=1326 audit(1746490809.590:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 187.441296][ T6092] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 187.441644][ T6069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.613'. [ 187.459489][ T27] audit: type=1326 audit(1746490809.590:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 188.373445][ T6104] netlink: 4 bytes leftover after parsing attributes in process `syz.3.626'. [ 189.098277][ T6130] device macvlan1 entered promiscuous mode [ 189.151565][ T6130] device ipvlan0 entered promiscuous mode [ 189.195585][ T6130] device ipvlan0 left promiscuous mode [ 189.238236][ T6130] device macvlan1 left promiscuous mode [ 189.311685][ T6136] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 190.762224][ T6169] syz.1.644[6169] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 190.762375][ T6169] syz.1.644[6169] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.233498][ T6199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.649'. [ 191.482579][ T6206] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 191.712517][ T6221] syz.1.657[6221] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.712625][ T6221] syz.1.657[6221] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.829979][ T6215] netlink: 28 bytes leftover after parsing attributes in process `syz.1.657'. [ 191.916961][ T6215] netlink: 28 bytes leftover after parsing attributes in process `syz.1.657'. [ 192.085257][ T6231] syz.0.660[6231] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 192.085396][ T6231] syz.0.660[6231] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 193.060500][ T6248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.667'. [ 193.094611][ T6242] netlink: 52 bytes leftover after parsing attributes in process `syz.3.664'. [ 193.117909][ T6242] unsupported nlmsg_type 40 [ 193.209616][ T27] kauditd_printk_skb: 47 callbacks suppressed [ 193.209630][ T27] audit: type=1326 audit(1746490815.740:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.4.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 193.244054][ T6248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.667'. [ 193.276182][ T27] audit: type=1326 audit(1746490815.770:1398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.4.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 193.340633][ T27] audit: type=1326 audit(1746490815.770:1399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.4.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 193.384083][ T6248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.667'. [ 193.402999][ T27] audit: type=1326 audit(1746490815.770:1400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.4.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 193.451091][ T27] audit: type=1326 audit(1746490815.770:1401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.4.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 193.507784][ T27] audit: type=1326 audit(1746490815.770:1402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.4.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 193.540313][ T6263] netlink: 28 bytes leftover after parsing attributes in process `syz.4.671'. [ 193.551902][ T6263] netlink: 4 bytes leftover after parsing attributes in process `syz.4.671'. [ 193.561454][ T27] audit: type=1326 audit(1746490815.770:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.4.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 193.621874][ T6265] Driver unsupported XDP return value 0 on prog (id 229) dev N/A, expect packet loss! [ 193.625366][ T27] audit: type=1326 audit(1746490815.770:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.4.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 193.716032][ T27] audit: type=1326 audit(1746490815.770:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.4.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 193.761002][ T27] audit: type=1326 audit(1746490815.770:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.4.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f0a6858e969 code=0x7ffc0000 [ 194.103530][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.110011][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.700853][ T6321] 9pnet_fd: Insufficient options for proto=fd [ 195.713149][ T6316] nftables ruleset with unbound set [ 196.217003][ T4255] Bluetooth: hci4: command 0x0406 tx timeout [ 196.223110][ T4255] Bluetooth: hci1: command 0x0406 tx timeout [ 196.226957][ T4271] Bluetooth: hci3: command 0x0406 tx timeout [ 196.230886][ T4255] Bluetooth: hci2: command 0x0406 tx timeout [ 196.235742][ T4271] Bluetooth: hci0: command 0x0406 tx timeout [ 196.335813][ T6333] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 197.407005][ T128] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 197.688235][ T128] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 197.779156][ T128] usb 5-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 197.812251][ T128] usb 5-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 197.849732][ T6370] netlink: 'syz.2.713': attribute type 16 has an invalid length. [ 197.851349][ T128] usb 5-1: config 1 interface 0 has no altsetting 0 [ 197.857832][ T6370] netlink: 'syz.2.713': attribute type 3 has an invalid length. [ 197.873226][ T6370] netlink: 58290 bytes leftover after parsing attributes in process `syz.2.713'. [ 197.897688][ T128] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 197.923770][ T128] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.959784][ T128] usb 5-1: SerialNumber: syz [ 197.988220][ T6359] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 197.995562][ T6359] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 198.184524][ T6380] device macvlan1 entered promiscuous mode [ 198.201637][ T6380] device ipvlan0 entered promiscuous mode [ 198.227476][ T6377] xt_CT: No such helper "pptp" [ 198.228920][ T6380] device ipvlan0 left promiscuous mode [ 198.261996][ T6380] device macvlan1 left promiscuous mode [ 198.335177][ T6386] netlink: 8 bytes leftover after parsing attributes in process `syz.1.720'. [ 198.359764][ T6386] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 198.378623][ T6386] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 199.123235][ T6394] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.532509][ T6394] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.886042][ T6394] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.908872][ T128] usb 5-1: bad CDC descriptors [ 199.926949][ T128] usb 5-1: USB disconnect, device number 3 [ 200.061013][ T6394] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.139805][ T6420] netlink: 4 bytes leftover after parsing attributes in process `syz.2.730'. [ 200.282936][ T6394] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.342120][ T6394] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.372508][ T6394] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.413779][ T6394] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.437271][ T6434] netlink: 8 bytes leftover after parsing attributes in process `syz.0.737'. [ 200.457260][ T6434] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 200.473776][ T6434] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 200.536656][ T27] kauditd_printk_skb: 54 callbacks suppressed [ 200.536671][ T27] audit: type=1326 audit(1746490823.060:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6437 comm="syz.3.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 200.617883][ T27] audit: type=1326 audit(1746490823.100:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6437 comm="syz.3.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 200.654134][ T27] audit: type=1326 audit(1746490823.120:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6437 comm="syz.3.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 200.703998][ T27] audit: type=1326 audit(1746490823.130:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6437 comm="syz.3.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 200.726640][ T27] audit: type=1326 audit(1746490823.130:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6437 comm="syz.3.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 200.750209][ T27] audit: type=1326 audit(1746490823.130:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6437 comm="syz.3.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2f8e969 code=0x7ffc0000 [ 200.940996][ T27] audit: type=1326 audit(1746490823.470:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.1.741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 200.982814][ T27] audit: type=1326 audit(1746490823.490:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.1.741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 201.038996][ T27] audit: type=1326 audit(1746490823.490:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.1.741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 201.063645][ T27] audit: type=1326 audit(1746490823.500:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.1.741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fde24d8e969 code=0x7ffc0000 [ 203.056719][ C1] sched: RT throttling activated [ 203.322179][ T6476] netlink: 16 bytes leftover after parsing attributes in process `syz.3.752'. [ 205.051824][ T6535] 9pnet_fd: Insufficient options for proto=fd [ 206.905241][ T27] kauditd_printk_skb: 65 callbacks suppressed [ 206.905256][ T27] audit: type=1326 audit(1746490829.430:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 206.996399][ T27] audit: type=1326 audit(1746490829.470:1537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 207.051165][ T27] audit: type=1326 audit(1746490829.480:1538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 207.119653][ T27] audit: type=1326 audit(1746490829.480:1539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 207.162022][ T27] audit: type=1326 audit(1746490829.480:1540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 207.192514][ T27] audit: type=1326 audit(1746490829.480:1541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 207.253178][ T27] audit: type=1326 audit(1746490829.480:1542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 207.356584][ T27] audit: type=1326 audit(1746490829.480:1543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 207.408474][ T27] audit: type=1326 audit(1746490829.480:1544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 207.432123][ T27] audit: type=1326 audit(1746490829.480:1545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6559 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbf358e969 code=0x7ffc0000 [ 207.579931][ T6587] 9pnet_fd: Insufficient options for proto=fd [ 209.176816][ T126] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 209.242344][ T6630] 9pnet_fd: Insufficient options for proto=fd [ 209.389276][ T126] usb 2-1: config 2 has an invalid interface number: 86 but max is 0 [ 209.401785][ T126] usb 2-1: config 2 has no interface number 0 [ 209.415593][ T126] usb 2-1: config 2 interface 86 has no altsetting 0 [ 209.466620][ T126] usb 2-1: New USB device found, idVendor=1286, idProduct=1fa4, bcdDevice=bb.2e [ 209.477569][ T126] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.485675][ T126] usb 2-1: Product: syz [ 209.490221][ T126] usb 2-1: Manufacturer: syz [ 209.494907][ T126] usb 2-1: SerialNumber: syz [ 209.525758][ T6637] device bridge0 entered promiscuous mode [ 209.539326][ T6637] bridge0: port 3(macsec1) entered blocking state [ 209.546949][ T6637] bridge0: port 3(macsec1) entered disabled state [ 209.587553][ T6637] device bridge0 left promiscuous mode [ 209.780930][ T126] mvusb_mdio: probe of 2-1:2.86 failed with error -5 [ 209.811391][ T126] usb 2-1: USB disconnect, device number 7 [ 211.985504][ T6662] syz.1.821[6662] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 211.985670][ T6662] syz.1.821[6662] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 213.299546][ T6664] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 213.899952][ T6675] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 214.044181][ T6678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.825'. [ 217.458064][ T4271] Bluetooth: hci4: command 0x0405 tx timeout [ 217.616474][ T52] block nbd0: Attempted send on invalid socket [ 217.623112][ T52] I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 217.721970][ T52] block nbd0: Attempted send on invalid socket [ 217.728351][ T52] I/O error, dev nbd0, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 217.738275][ T6706] Mount JFS Failure: -5 [ 217.743095][ T6706] jfs_mount failed w/return code = -5 [ 219.457604][ T6714] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 223.950523][ T6755] netlink: 8 bytes leftover after parsing attributes in process `syz.4.850'. [ 229.210940][ T6797] netlink: 4 bytes leftover after parsing attributes in process `syz.4.864'. [ 231.866495][ T6837] overlayfs: missing 'lowerdir' [ 232.844865][ T6849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.876'. [ 233.193101][ T6851] netlink: 20 bytes leftover after parsing attributes in process `syz.0.879'. [ 238.380280][ T6895] netlink: 20 bytes leftover after parsing attributes in process `syz.2.892'. [ 238.758662][ T6906] netlink: 'syz.4.897': attribute type 1 has an invalid length. [ 238.902419][ T6912] cgroup: No subsys list or none specified [ 241.422747][ T6923] netlink: 'syz.2.902': attribute type 2 has an invalid length. [ 242.832769][ T5966] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 243.998441][ T5966] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 244.040275][ T5966] usb 5-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 244.055068][ T5966] usb 5-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 244.105747][ T5966] usb 5-1: config 1 interface 0 has no altsetting 0 [ 244.285608][ T5966] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 244.490697][ T5966] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.633138][ T5966] usb 5-1: Product: ᕨ臭滹ꨜ㱂敳ꓞ鵡嗵엚穈獜᥉惾ꃋ怙峬ښ偬딠珋㰸㵯移鞣ꦠ僝嬱퐴꟡⯜悩畷Ꮜኮ笘彑ﳰ禖昍극ૻ䶾諎쯴좷噵햳ꆛ [ 244.682230][ T5966] usb 5-1: SerialNumber: syz [ 244.726490][ T5966] usb 5-1: can't set config #1, error -71 [ 244.811486][ T6964] netlink: 'syz.1.911': attribute type 1 has an invalid length. [ 244.900956][ T6964] 8021q: adding VLAN 0 to HW filter on device bond1 [ 244.917862][ T5966] usb 5-1: USB disconnect, device number 4 [ 246.811707][ T6997] ieee802154 phy0 wpan0: encryption failed: -22 [ 247.301442][ T5966] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 247.414312][ T7013] netlink: 'syz.3.924': attribute type 1 has an invalid length. [ 248.994247][ T7013] 8021q: adding VLAN 0 to HW filter on device bond1 [ 249.124574][ T7021] netlink: 8 bytes leftover after parsing attributes in process `syz.3.927'. [ 249.136536][ T7021] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 249.152016][ T7021] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 249.326776][ T4341] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 249.616841][ T4341] usb 2-1: Using ep0 maxpacket: 32 [ 249.633183][ T4341] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 249.684122][ T4341] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 250.183133][ T4341] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 250.336182][ T7033] netlink: 4 bytes leftover after parsing attributes in process `syz.2.932'. [ 250.365691][ T4341] usb 2-1: Product: syz [ 250.375894][ T4341] usb 2-1: Manufacturer: syz [ 250.396131][ T4341] usb 2-1: SerialNumber: syz [ 250.443547][ T7036] netlink: 20 bytes leftover after parsing attributes in process `syz.0.931'. [ 250.477607][ T4341] usb 2-1: config 0 descriptor?? [ 250.483343][ T7019] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 250.493622][ T7036] netlink: 20 bytes leftover after parsing attributes in process `syz.0.931'. [ 250.503973][ T7036] netlink: 4 bytes leftover after parsing attributes in process `syz.0.931'. [ 250.508888][ T4341] hub 2-1:0.0: bad descriptor, ignoring hub [ 250.651374][ T4341] hub: probe of 2-1:0.0 failed with error -5 [ 252.069797][ T4341] usb 2-1: USB disconnect, device number 8 [ 252.215912][ T7057] 9pnet_fd: Insufficient options for proto=fd [ 253.647333][ T5966] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 253.926009][ T5966] usb 3-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 253.999015][ T5966] usb 3-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 254.122059][ T5966] usb 3-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 254.152026][ T7059] overlayfs: missing 'lowerdir' [ 254.178713][ T5966] usb 3-1: config 1 interface 0 has no altsetting 0 [ 254.216049][ T5966] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 254.276341][ T5966] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.279819][ T7077] device syzkaller0 entered promiscuous mode [ 254.295975][ T5966] usb 3-1: Product: ᕨ臭滹ꨜ㱂敳ꓞ鵡嗵엚穈獜᥉惾ꃋ怙峬ښ偬딠珋㰸㵯移鞣ꦠ僝嬱퐴꟡⯜悩畷Ꮜኮ笘彑ﳰ禖昍극ૻ䶾諎쯴좷噵햳ꆛ [ 254.322292][ T5966] usb 3-1: SerialNumber: syz [ 254.327130][ T4268] Bluetooth: hci3: Malformed Event: 0x02 [ 254.350708][ T7078] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 254.358183][ T7078] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 255.538964][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.545415][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.716892][ T128] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 255.926797][ T5966] usb 3-1: bad CDC descriptors [ 255.940602][ T5966] usb 3-1: USB disconnect, device number 3 [ 255.960042][ T128] usb 1-1: config 1 interface 0 has no altsetting 0 [ 255.976135][ T128] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 255.991063][ T128] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.009465][ T128] usb 1-1: Product: syz [ 256.015167][ T128] usb 1-1: Manufacturer: syz [ 256.034105][ T128] usb 1-1: SerialNumber: syz [ 256.682336][ T128] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 257.000665][ T7107] 9pnet_fd: Insufficient options for proto=fd [ 258.527348][ T128] usb 1-1: USB disconnect, device number 2 [ 258.612040][ T128] usblp0: removed [ 259.838484][ T7122] netlink: 8 bytes leftover after parsing attributes in process `syz.1.957'. [ 260.715551][ T7115] device syzkaller1 entered promiscuous mode [ 260.729214][ T7122] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 260.756830][ T7122] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 262.087453][ T128] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 262.299254][ T128] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 262.361449][ T128] usb 5-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 262.405187][ T128] usb 5-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 262.463434][ T128] usb 5-1: config 1 interface 0 has no altsetting 0 [ 262.502427][ T128] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 262.521492][ T128] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.530059][ T128] usb 5-1: Product: ᕨ臭滹ꨜ㱂敳ꓞ鵡嗵엚穈獜᥉惾ꃋ怙峬ښ偬딠珋㰸㵯移鞣ꦠ僝嬱퐴꟡⯜悩畷Ꮜኮ笘彑ﳰ禖昍극ૻ䶾諎쯴좷噵햳ꆛ嬁镼ꃺ圐鋵麙睪⯱䆱䤭譙㑨씞剹よ萦䱢譁愳퉩걪 [ 262.553305][ T128] usb 5-1: SerialNumber: syz [ 262.562797][ T7139] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 262.570229][ T7139] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 262.622206][ T7151] device syzkaller0 entered promiscuous mode [ 263.928632][ T128] usb 5-1: bad CDC descriptors [ 263.937309][ T128] usb 5-1: USB disconnect, device number 5 [ 268.960207][ T7202] netlink: 8 bytes leftover after parsing attributes in process `syz.2.982'. [ 269.259988][ T7206] autofs4:pid:7206:autofs_fill_super: called with bogus options [ 274.285600][ T7265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'. [ 279.141390][ T7337] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 279.888025][ T7364] 9pnet_fd: Insufficient options for proto=fd [ 280.601510][ T7376] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 280.870985][ T7369] lo speed is unknown, defaulting to 1000 [ 280.910024][ T7369] lo speed is unknown, defaulting to 1000 [ 280.964506][ T7379] IPVS: Error connecting to the multicast addr [ 280.991093][ T7369] lo speed is unknown, defaulting to 1000 [ 281.016799][ T7369] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 281.122873][ T7369] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 281.678797][ T7369] lo speed is unknown, defaulting to 1000 [ 281.685957][ T7369] lo speed is unknown, defaulting to 1000 [ 281.840726][ T7369] lo speed is unknown, defaulting to 1000 [ 281.899232][ T7369] lo speed is unknown, defaulting to 1000 [ 281.921535][ T7369] lo speed is unknown, defaulting to 1000 [ 285.277095][ T126] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 285.390137][ T7415] lo speed is unknown, defaulting to 1000 [ 285.462856][ T7420] syz.3.1058[7420] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 285.463000][ T7420] syz.3.1058[7420] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 285.466830][ T126] usb 5-1: Using ep0 maxpacket: 32 [ 285.525618][ T126] usb 5-1: config 0 has an invalid interface number: 152 but max is 0 [ 285.560043][ T126] usb 5-1: config 0 has no interface number 0 [ 285.585588][ T126] usb 5-1: config 0 interface 152 has no altsetting 0 [ 285.612664][ T7428] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1059'. [ 285.612830][ T126] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 285.676859][ T126] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.701808][ T126] usb 5-1: Product: syz [ 285.719211][ T126] usb 5-1: Manufacturer: syz [ 285.723894][ T126] usb 5-1: SerialNumber: syz [ 285.756338][ T126] usb 5-1: config 0 descriptor?? [ 285.766538][ T126] smsc75xx v1.0.0 [ 286.395182][ T126] smsc75xx 5-1:0.152 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 286.598759][ T126] smsc75xx 5-1:0.152 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 286.999649][ T7415] netlink: 'syz.0.1056': attribute type 1 has an invalid length. [ 287.066074][ T7415] netlink: 'syz.0.1056': attribute type 2 has an invalid length. [ 287.135221][ T7415] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1056'. [ 287.354062][ T126] smsc75xx 5-1:0.152 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 287.586572][ T126] smsc75xx 5-1:0.152 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 287.596365][ T126] smsc75xx 5-1:0.152 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 287.607464][ T126] smsc75xx: probe of 5-1:0.152 failed with error -71 [ 287.617490][ T126] usb 5-1: USB disconnect, device number 6 [ 288.137461][ T7454] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1064'. [ 288.146565][ T7454] netlink: 'syz.3.1064': attribute type 5 has an invalid length. [ 288.154425][ T7454] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1064'. [ 288.189177][ T7454] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 256 - 0 [ 288.197470][ T7454] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 256 - 0 [ 288.205684][ T7454] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 256 - 0 [ 288.213897][ T7454] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 256 - 0 [ 288.222493][ T7454] device geneve2 entered promiscuous mode [ 289.006568][ T5966] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 289.447029][ T5966] usb 2-1: Using ep0 maxpacket: 8 [ 289.458818][ T5966] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 289.490408][ T5966] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.506336][ T5966] usb 2-1: Product: syz [ 289.518450][ T5966] usb 2-1: Manufacturer: syz [ 289.524232][ T5966] usb 2-1: SerialNumber: syz [ 289.538113][ T5966] usb 2-1: config 0 descriptor?? [ 289.548754][ T5966] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244) [ 289.806961][ T5968] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 290.463635][ T7473] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1073'. [ 290.473278][ T7473] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 290.483325][ T7473] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 290.591150][ T5968] usb 1-1: Using ep0 maxpacket: 8 [ 290.600093][ T5968] usb 1-1: config index 0 descriptor too short (expected 5924, got 36) [ 290.640159][ T5968] usb 1-1: config 250 has an invalid interface number: 228 but max is -1 [ 290.656308][ T5968] usb 1-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 290.674499][ T5968] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 290.684228][ T5968] usb 1-1: config 250 has no interface number 0 [ 290.690752][ T5968] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 290.701073][ T5968] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 290.713170][ T5968] usb 1-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 290.742715][ T5968] usb 1-1: config 250 interface 228 has no altsetting 0 [ 290.777468][ T5968] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 290.796944][ T5968] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 290.805872][ T5968] usb 1-1: Product: syz [ 290.815485][ T5968] usb 1-1: SerialNumber: syz [ 290.837705][ T5966] radio-usb-si4713: probe of 2-1:0.0 failed with error -71 [ 290.852892][ T5968] hub 1-1:250.228: bad descriptor, ignoring hub [ 290.864282][ T5966] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 290.880818][ T5968] hub: probe of 1-1:250.228 failed with error -5 [ 290.901503][ T5966] usb 2-1: USB disconnect, device number 9 [ 291.921594][ T5968] usblp 1-1:250.228: usblp0: USB Unidirectional printer dev 3 if 228 alt 255 proto 1 vid 0x0525 pid 0xD292 [ 292.457155][ T5968] usb 1-1: USB disconnect, device number 3 [ 293.370500][ T5968] usblp0: removed [ 295.171131][ T7523] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1086'. [ 297.034385][ T7531] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 297.207983][ T7536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1089'. [ 299.169374][ T7558] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1098'. [ 300.662530][ T7558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 300.711416][ T7558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 301.615042][ T7558] bond0 (unregistering): Released all slaves [ 301.717624][ T7564] device bpq0 entered promiscuous mode [ 301.737436][ T7564] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 301.920080][ T7577] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 302.066986][ T7583] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1106'. [ 302.206931][ T5966] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 302.940132][ T5966] usb 2-1: config 0 has no interfaces? [ 302.963263][ T5966] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 303.029029][ T5966] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.073096][ T5966] usb 2-1: Product: syz [ 303.094664][ T5966] usb 2-1: Manufacturer: syz [ 303.116543][ T5966] usb 2-1: SerialNumber: syz [ 303.281002][ T5966] usb 2-1: config 0 descriptor?? [ 304.520452][ T4341] usb 2-1: USB disconnect, device number 10 [ 305.744023][ T7612] syz.0.1115[7612] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 305.744184][ T7612] syz.0.1115[7612] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.402775][ T7672] syz.3.1130[7672] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.506150][ T7672] syz.3.1130[7672] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.630846][ T5966] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 312.346910][ T5966] usb 1-1: Using ep0 maxpacket: 32 [ 312.354386][ T5966] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 312.379678][ T5966] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 312.403928][ T5966] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 312.432286][ T5966] usb 1-1: config 1 has no interface number 0 [ 312.475187][ T5966] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 312.536888][ T5966] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 312.569473][ T5966] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 312.615572][ T5966] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.673917][ T5966] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 312.863202][ T5966] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 313.266744][ T126] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 313.294679][ T5966] usb 1-1: USB disconnect, device number 4 [ 313.313173][ T5966] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 313.498527][ T126] usb 4-1: Using ep0 maxpacket: 32 [ 313.507068][ T126] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 313.527456][ T126] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 313.546905][ T126] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 313.557608][ T126] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.580413][ T126] usb 4-1: config 0 descriptor?? [ 314.436936][ T5966] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 314.552578][ T7714] syz.0.1142[7714] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 314.552725][ T7714] syz.0.1142[7714] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 314.696726][ T5966] usb 5-1: Using ep0 maxpacket: 32 [ 314.773781][ T5966] usb 5-1: config 0 has an invalid interface number: 152 but max is 0 [ 314.802506][ T5966] usb 5-1: config 0 has no interface number 0 [ 314.823979][ T5966] usb 5-1: config 0 interface 152 has no altsetting 0 [ 314.848718][ T5966] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 314.901782][ T5966] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.916609][ T5966] usb 5-1: Product: syz [ 314.925540][ T5966] usb 5-1: Manufacturer: syz [ 314.930318][ T5966] usb 5-1: SerialNumber: syz [ 314.942030][ T5966] usb 5-1: config 0 descriptor?? [ 314.954516][ T5966] smsc75xx v1.0.0 [ 316.126482][ T4341] usb 4-1: USB disconnect, device number 2 [ 316.245384][ T5966] smsc75xx 5-1:0.152 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 316.280213][ T5966] smsc75xx 5-1:0.152 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 317.118276][ T7755] lo speed is unknown, defaulting to 1000 [ 318.820976][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.823520][ T5966] smsc75xx 5-1:0.152 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71 [ 318.827489][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.845743][ T128] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 318.853873][ T5966] smsc75xx 5-1:0.152 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71 [ 318.865195][ T5966] smsc75xx 5-1:0.152 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 318.877887][ T5966] smsc75xx: probe of 5-1:0.152 failed with error -71 [ 318.887925][ T5966] usb 5-1: USB disconnect, device number 7 [ 318.929537][ T7762] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.038988][ T128] usb 1-1: unable to get BOS descriptor or descriptor too short [ 319.068883][ T128] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 319.111800][ T128] usb 1-1: config 1 has no interface number 1 [ 319.132125][ T128] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 319.174664][ T128] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 319.194077][ T128] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.221061][ T128] usb 1-1: Product: syz [ 319.225294][ T128] usb 1-1: Manufacturer: syz [ 319.601540][ T128] usb 1-1: SerialNumber: syz [ 320.011635][ T128] usb 1-1: can't set config #1, error -71 [ 320.022206][ T128] usb 1-1: USB disconnect, device number 5 [ 321.282805][ T7769] random: crng reseeded on system resumption [ 323.196249][ T7795] lo speed is unknown, defaulting to 1000 [ 324.654023][ T7805] netlink: 'syz.0.1173': attribute type 2 has an invalid length. [ 324.952363][ T7828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1179'. [ 325.094244][ T7835] syz.3.1183[7835] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 325.094344][ T7835] syz.3.1183[7835] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 325.166360][ T7831] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 325.221114][ T126] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 325.235098][ T7831] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 325.265111][ T7836] ------------[ cut here ]------------ [ 325.271179][ T7836] WARNING: CPU: 1 PID: 7836 at arch/x86/kvm/x86.c:11209 kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 325.281523][ T7836] Modules linked in: [ 325.285472][ T7836] CPU: 1 PID: 7836 Comm: syz.4.1182 Not tainted 6.1.137-syzkaller #0 [ 325.293606][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 325.304017][ T7836] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 325.310556][ T7836] Code: e8 77 6d c2 00 e9 4e ef ff ff 44 89 f9 80 e1 07 38 c1 0f 8c db e5 ff ff 4c 89 ff e8 3c 6d c2 00 e9 ce e5 ff ff e8 52 fa 70 00 <0f> 0b e9 da fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c ae eb [ 325.330254][ T7836] RSP: 0018:ffffc9000d48fc48 EFLAGS: 00010283 [ 325.336359][ T7836] RAX: ffffffff810fc94e RBX: ffff888079778000 RCX: 0000000000080000 [ 325.344420][ T7836] RDX: ffffc9000ea9a000 RSI: 0000000000000abe RDI: 0000000000000abf [ 325.352512][ T7836] RBP: ffff88801de44000 R08: dffffc0000000000 R09: fffffbfff2117078 [ 325.360947][ T7836] R10: fffffbfff2117078 R11: 1ffffffff2117077 R12: ffff8880797782ec [ 325.369140][ T7836] R13: ffff8880797780d8 R14: dffffc0000000000 R15: 0000000000000000 [ 325.377166][ T7836] FS: 00007f0a683de6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 325.386119][ T7836] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 325.392776][ T7836] CR2: 000055555f7cb808 CR3: 0000000056463000 CR4: 00000000003526e0 [ 325.400839][ T7836] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 325.408879][ T7836] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 325.416893][ T7836] Call Trace: [ 325.420194][ T7836] [ 325.423155][ T7836] ? mutex_lock_nested+0x10/0x10 [ 325.428173][ T7836] ? kvm_arch_vcpu_ioctl_run+0x139/0x2390 [ 325.433917][ T7836] kvm_vcpu_ioctl+0x887/0xb80 [ 325.438634][ T7836] ? xa_release+0x50/0x50 [ 325.443003][ T7836] ? __fget_files+0x28/0x4d0 [ 325.447674][ T7836] ? bpf_lsm_file_ioctl+0x5/0x10 [ 325.452680][ T7836] ? security_file_ioctl+0x7c/0xa0 [ 325.457850][ T7836] ? xa_release+0x50/0x50 [ 325.462200][ T7836] __se_sys_ioctl+0xfa/0x170 [ 325.466874][ T7836] do_syscall_64+0x4c/0xa0 [ 325.471318][ T7836] ? clear_bhb_loop+0x45/0xa0 [ 325.476042][ T7836] ? clear_bhb_loop+0x45/0xa0 [ 325.480774][ T7836] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 325.486724][ T7836] RIP: 0033:0x7f0a6858e969 [ 325.491198][ T7836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.510961][ T7836] RSP: 002b:00007f0a683de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 325.519532][ T7836] RAX: ffffffffffffffda RBX: 00007f0a687b6080 RCX: 00007f0a6858e969 [ 325.527571][ T7836] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 325.535568][ T7836] RBP: 00007f0a68610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 325.544125][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 325.552146][ T7836] R13: 0000000000000000 R14: 00007f0a687b6080 R15: 00007ffc605c9f88 [ 325.560193][ T7836] [ 325.563229][ T7836] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 325.570513][ T7836] CPU: 1 PID: 7836 Comm: syz.4.1182 Not tainted 6.1.137-syzkaller #0 [ 325.578586][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 325.588671][ T7836] Call Trace: [ 325.591987][ T7836] [ 325.594958][ T7836] dump_stack_lvl+0x168/0x22e [ 325.599650][ T7836] ? memcpy+0x3c/0x60 [ 325.603662][ T7836] ? show_regs_print_info+0x12/0x12 [ 325.608881][ T7836] ? load_image+0x3b0/0x3b0 [ 325.613417][ T7836] panic+0x2c9/0x710 [ 325.617327][ T7836] ? bpf_jit_dump+0xd0/0xd0 [ 325.621848][ T7836] __warn+0x2f8/0x4f0 [ 325.625853][ T7836] ? kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 325.631680][ T7836] ? kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 325.637501][ T7836] report_bug+0x2ba/0x4f0 [ 325.641841][ T7836] ? kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 325.647668][ T7836] handle_bug+0x3a/0x70 [ 325.651827][ T7836] exc_invalid_op+0x16/0x40 [ 325.656336][ T7836] asm_exc_invalid_op+0x16/0x20 [ 325.661195][ T7836] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 325.667630][ T7836] Code: e8 77 6d c2 00 e9 4e ef ff ff 44 89 f9 80 e1 07 38 c1 0f 8c db e5 ff ff 4c 89 ff e8 3c 6d c2 00 e9 ce e5 ff ff e8 52 fa 70 00 <0f> 0b e9 da fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c ae eb [ 325.687254][ T7836] RSP: 0018:ffffc9000d48fc48 EFLAGS: 00010283 [ 325.693318][ T7836] RAX: ffffffff810fc94e RBX: ffff888079778000 RCX: 0000000000080000 [ 325.701286][ T7836] RDX: ffffc9000ea9a000 RSI: 0000000000000abe RDI: 0000000000000abf [ 325.709281][ T7836] RBP: ffff88801de44000 R08: dffffc0000000000 R09: fffffbfff2117078 [ 325.717275][ T7836] R10: fffffbfff2117078 R11: 1ffffffff2117077 R12: ffff8880797782ec [ 325.725249][ T7836] R13: ffff8880797780d8 R14: dffffc0000000000 R15: 0000000000000000 [ 325.733248][ T7836] ? kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 325.739088][ T7836] ? kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 325.744891][ T7836] ? mutex_lock_nested+0x10/0x10 [ 325.749857][ T7836] ? kvm_arch_vcpu_ioctl_run+0x139/0x2390 [ 325.755581][ T7836] kvm_vcpu_ioctl+0x887/0xb80 [ 325.760295][ T7836] ? xa_release+0x50/0x50 [ 325.764644][ T7836] ? __fget_files+0x28/0x4d0 [ 325.769260][ T7836] ? bpf_lsm_file_ioctl+0x5/0x10 [ 325.774202][ T7836] ? security_file_ioctl+0x7c/0xa0 [ 325.779339][ T7836] ? xa_release+0x50/0x50 [ 325.783675][ T7836] __se_sys_ioctl+0xfa/0x170 [ 325.788272][ T7836] do_syscall_64+0x4c/0xa0 [ 325.792690][ T7836] ? clear_bhb_loop+0x45/0xa0 [ 325.797378][ T7836] ? clear_bhb_loop+0x45/0xa0 [ 325.802055][ T7836] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 325.807960][ T7836] RIP: 0033:0x7f0a6858e969 [ 325.812371][ T7836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.831975][ T7836] RSP: 002b:00007f0a683de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 325.840388][ T7836] RAX: ffffffffffffffda RBX: 00007f0a687b6080 RCX: 00007f0a6858e969 [ 325.848366][ T7836] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 325.856432][ T7836] RBP: 00007f0a68610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 325.864500][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 325.872489][ T7836] R13: 0000000000000000 R14: 00007f0a687b6080 R15: 00007ffc605c9f88 [ 325.880470][ T7836] [ 325.883819][ T7836] Kernel Offset: disabled [ 325.888218][ T7836] Rebooting in 86400 seconds..