last executing test programs: 12.405034195s ago: executing program 3 (id=2278): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0x4, 0x8}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r2 = dup(0xffffffffffffffff) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140), 0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 12.185417906s ago: executing program 2 (id=2279): sched_setaffinity(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404}, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss={0x2, 0x1}, @window, @timestamp, @sack_perm, @timestamp, @timestamp, @sack_perm], 0x2000000000000024) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r3, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6) 11.553615728s ago: executing program 4 (id=2282): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB], 0x0, 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffb, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket(0x1b, 0x3, 0x8) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2400) write$UHID_INPUT(r4, &(0x7f0000001040)={0x7, {"a2e3ad21ed0d52f91b5d330987f70e06d038e7ff7fc6e5539b0d47078b089b34073b68090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a97370614060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000000) 10.340671282s ago: executing program 4 (id=2284): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[{0x10000000, 0x1, 0xa, 0xb}, {0x1, 0x2, 0x13, 0x2}, {0x5, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r4, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) close(r4) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f00000023c0)=""/241, 0x1115000, 0x0, 0x0, 0x2}, 0x1c) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000300)='mounts\x00') mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000002380)=ANY=[@ANYBLOB="7472616e733d76697274696f2c64656275673d3078163030303030303030303030303030372c0001da5280833471f915c7"]) read$FUSE(r6, &(0x7f0000000340)={0x2020}, 0x2020) r7 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "1600", 0x18, 0x2b, 0x0, @private1, @local, {[@hopopts={0x87}], {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0) 10.168977663s ago: executing program 2 (id=2285): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_setup(0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a500000005000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) listen(r0, 0x0) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="04040a0000000000005467920034db81e7abdddc259aee6063e57dfee0dab3"], 0xd) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, 0x0, 0x0) 9.210257886s ago: executing program 4 (id=2286): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="64000000020605000a0000000000000000000009100003806269746d61703a706f72740005000400000000000900020073797a30000a0000050005000000000005000100060000001c000780080006409effff7d06000440fe20000006000540"], 0x64}}, 0x0) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x34, 0x5, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x8040}, 0x4040) 9.009936757s ago: executing program 4 (id=2288): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) socket(0x15, 0x800, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x85, &(0x7f0000000840)=""/133}]}) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0x1fffe000000}) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) ioctl$vim2m_VIDIOC_DQBUF(0xffffffffffffffff, 0xc044565d, &(0x7f0000000280)=@multiplanar_overlay={0x10000008, 0x2, 0x4, 0x2000, 0x673, {0x0, 0xea60}, {0x3, 0xc, 0x4, 0xf, 0x1, 0x1, "f15f6306"}, 0xeff, 0x3, {0x0}, 0x4}) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0) socket$kcm(0x29, 0x7, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 8.104578491s ago: executing program 2 (id=2289): socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, @dev={0xfe, 0x80, '\x00', 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046}) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'veth1_to_bridge\x00'}) 7.665199092s ago: executing program 3 (id=2290): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), r2) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r3, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4004080}, 0x40) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) bind$isdn_base(r1, 0x0, 0x0) r4 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x7f36, 0x10100, 0x0, 0x1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) socket$nl_route(0x10, 0x3, 0x0) ioctl$VIDIOC_G_INPUT(0xffffffffffffffff, 0x80045626, &(0x7f0000004140)) syz_open_dev$video4linux(&(0x7f00000041c0), 0x0, 0x90000) 7.664903942s ago: executing program 2 (id=2291): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000bdd918d36e6a6844efadd67dafc64400", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x48) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_uring_setup(0x177f, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000937000/0x2000)=nil, 0x2000, 0x1, 0x100010, 0xffffffffffffffff, 0x2000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000003f00)='ns/net\x00') ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000779000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x2000, 0x2}) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x0, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="dea0dfff1c25ad349d6da999f6835171837a5697e96c0c8330dcd03f4a57509d34ef8d4d9525c665cfd62461c626a933"], &(0x7f00000000c0)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x100, 0x3b, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='contention_begin\x00', r4}, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x3c1, 0x3, 0x298, 0x104, 0x2b8, 0x182, 0x0, 0x0, 0x1d0, 0x3a8, 0x3a8, 0x1d0, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xdc, 0x104, 0x0, {0x0, 0x1800}, [@common=@unspec=@statistic={{0x38}, {0xfffc}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@mcast2, @remote, [], [], 'macsec0\x00', 'netdevsim0\x00'}, 0x0, 0xa4, 0xcc}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x2f4) r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r6, &(0x7f0000000100)={{0x3, @default, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]}, 0x48) r7 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc) bind$ax25(r7, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) close(r7) mkdir(&(0x7f0000000440)='./file1\x00', 0xbd) syz_open_procfs(0x0, &(0x7f0000000200)='net/tcp6\x00') mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') openat$cgroup_root(0xffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) 5.907548829s ago: executing program 3 (id=2294): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000600)={0x1ec, r1, 0x31d, 0x0, 0x0, {}, [@HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x19, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x1ec}}, 0x44048008) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) lseek(r4, 0x1, 0x0) r5 = socket(0x10, 0x80002, 0x0) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r7) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x2f, 0x42, 0x40, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r8, 0x0, 0xa00369a4}, 0x38) r9 = syz_open_procfs(r6, &(0x7f0000000040)='statm\x00') syz_usb_disconnect(0xffffffffffffffff) r10 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000180), 0x20000000, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r11, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r11, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x401f, 0x3}) close_range(r10, 0xffffffffffffffff, 0x0) preadv(r9, &(0x7f0000000440)=[{&(0x7f00000041c0)=""/4096, 0x1000}], 0x1, 0x1e, 0x20704513) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYRESOCT=r1, @ANYRES32=r3, @ANYBLOB="e35d22ede2222d8adf7c6c3db68c30e07db9", @ANYRES16=0x0, @ANYBLOB="bae54628d6c5849f872cf083d165aa18a0df0b775d31fa58d0a332ffd940d3ca5472136eef4cf34d1beb3190588be9c4f4142c72880846d7bf21d08be026a5545499e51fc05e03a74e792560e1b6b0b5a250739f409956eca4faed52589b2212f54fcf36eeb38b3f0cb5f8959ef239", @ANYRESHEX], 0x1c}}, 0x0) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r13 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev(r13, &(0x7f0000000240)=[{&(0x7f0000000800)='9', 0x1}], 0x1f) ioctl$SNAPSHOT_FREE(r13, 0x3305) mount(&(0x7f00000001c0)=@nullb, &(0x7f0000000280)='./bus\x00', &(0x7f0000000000)='omfs\x00', 0x8004, 0x0) read$FUSE(r12, &(0x7f0000001680)={0x2020}, 0x2020) 5.40554048s ago: executing program 1 (id=2297): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[{0x10000000, 0x1, 0xa, 0xb}, {0x1, 0x2, 0x13, 0x2}, {0x5, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r4, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) close(r4) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f00000023c0)=""/241, 0x1115000, 0x0, 0x0, 0x2}, 0x1c) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 4.400460724s ago: executing program 1 (id=2298): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="64000000020605000a0000000000000000000009100003806269746d61703a706f72740005000400000000000900020073797a30000a0000050005000000000005000100060000001c000780080006409effff7d06000440fe20000006000540"], 0x64}}, 0x0) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x34, 0x5, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x8040}, 0x4040) 4.184501255s ago: executing program 4 (id=2300): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r5, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x4c) sendmsg$RDMA_NLDEV_CMD_RES_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001580)=ANY=[@ANYBLOB="1000000009148307"], 0x10}, 0x1, 0xffffff7f00000000, 0x0, 0x20008000}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000700), r3) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r6, 0x29, 0x39, &(0x7f0000000000)=ANY=[@ANYBLOB="00020201"], 0x18) sendmmsg$inet6(r6, &(0x7f0000003a00)=[{{&(0x7f0000000580)={0xa, 0x20, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000700)="cd", 0x1}], 0x1}}], 0x1, 0xc0c0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001800)={0x3c, 0x0, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x7, 0x3, 0x1ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) 4.136088715s ago: executing program 1 (id=2301): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x8, 0x0, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000100)) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="93630100200501001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x4c}}, 0x0) 3.951076716s ago: executing program 4 (id=2302): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0) socket$kcm(0x29, 0x7, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, &(0x7f00000011c0)=""/4072, &(0x7f0000001180)=0xfe8) socket(0x28, 0x2, 0x1) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc8, 0x2}}}, 0x7) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1ff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc2c45513, &(0x7f0000000040)={{0x2, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0x2, 0x0, 0x0, 0x0, 0xfffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8bd5]}) socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r2, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) write$tun(0xffffffffffffffff, &(0x7f0000000440)={@val, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef) socket(0x22, 0x800, 0x0) io_setup(0x3, 0x0) syz_usb_connect(0x5, 0x6a, 0x0, 0x0) r3 = socket(0x28, 0x5, 0x0) recvmmsg$unix(r3, &(0x7f00000035c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000200), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r4, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x20, 0x1, 0x1, 0x301, 0x0, 0x0, {0x7}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x369}]}]}, 0x20}}, 0x80) 3.791351286s ago: executing program 0 (id=2303): r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000008c0)) r2 = epoll_create1(0x0) openat$audio1(0xffffff9c, &(0x7f0000000040), 0xbfaafea3a8346deb, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000130000000000000000000000fc00000000000000000000000000000000000000000000000000000000000000000000000000000000000010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001030000000000000000fc0100000000000000000000000000003ed300000000000000000000000000000000000000000000020010"], 0xb8}}, 0x0) r4 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0) kcmp(r4, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r6, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) prlimit64(0x0, 0x6, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000000)) shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ff6000/0x2000)=nil) 3.789427136s ago: executing program 1 (id=2304): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), r2) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r3, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4004080}, 0x40) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) bind$isdn_base(r1, 0x0, 0x0) r4 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x7f36, 0x10100, 0x0, 0x1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) socket$nl_route(0x10, 0x3, 0x0) ioctl$VIDIOC_G_INPUT(0xffffffffffffffff, 0x80045626, &(0x7f0000004140)) syz_open_dev$video4linux(&(0x7f00000041c0), 0x0, 0x90000) 3.691486416s ago: executing program 2 (id=2305): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42}, 0x10) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="020306001b000000000000000000000004000b000000000000000000000000000000000000000000000000000000000005000600000000000a0000000000000100000000000000000000000000000000000000000000000004000400000080000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000fe"], 0xd8}}, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000f0000000c00078008000200f7000000"], 0x20}, 0x1, 0x0, 0x0, 0x4008090}, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) dup3(r3, r6, 0x80000) 3.472237158s ago: executing program 3 (id=2306): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) syz_open_dev$I2C(0x0, 0x0, 0x0) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r3, &(0x7f0000000040)={0x24, @long={0x3, 0xffff, {0xaaaaaaaaaaaa0202}}}, 0x14) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mq_open(0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x80000000001}) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) 2.73038415s ago: executing program 0 (id=2307): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00'], 0x68}}, 0x0) 2.436943491s ago: executing program 2 (id=2308): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@dellink={0x20, 0x11, 0x101, 0x500, 0x0, {0x0, 0x0, 0x0, r2}}, 0x20}}, 0x0) 1.677131584s ago: executing program 3 (id=2309): read$msr(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000080), 0x10) sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x48}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$nl_route_sched(r2, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) openat$vcs(0xffffff9c, &(0x7f0000000140), 0x183000, 0x0) listen(r3, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000000c0)=0x7, 0x4) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r4, &(0x7f0000000040), 0x0, 0x801, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000240)={0xffffffffffffffff}) close_range(r6, 0xffffffffffffffff, 0x0) 1.665953564s ago: executing program 1 (id=2310): socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8000}, &(0x7f0000000240)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000003480)={0x2020}, 0x2020) syz_io_uring_submit(r3, 0x0, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x38, 0x3, r2, 0x0, 0x0, 0x0, 0x1, 0x1, {0x3, r4}}) io_uring_enter(r2, 0x8aa, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x3c}}, 0x0) socket$kcm(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)={0x88, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x40080}, 0x884) ioctl$sock_rose_SIOCRSCLRRT(r1, 0x89e4) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 1.613128254s ago: executing program 0 (id=2311): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x34, 0x5, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x8040}, 0x4040) 1.281057345s ago: executing program 0 (id=2312): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[{0x10000000, 0x1, 0xa, 0xb}, {0x1, 0x2, 0x13, 0x2}, {0x5, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r4, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) close(r4) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f00000023c0)=""/241, 0x1115000, 0x0, 0x0, 0x2}, 0x1c) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 220.059099ms ago: executing program 0 (id=2313): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x1420420}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x0, 0x1}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) pselect6(0x40, &(0x7f00000007c0), &(0x7f0000000800)={0x7f}, 0x0, 0x0, 0x0) 135.00978ms ago: executing program 3 (id=2314): bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0100000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000061bd465b4bdeba03ed5701dcb496d51fbc913123caea6bfabdfa5d5db28585e7dc4eff5e4776e5982457c48563f65c6fd104bdbed79666f15d5a78b38ff25396eefd611088fa93cee2c261dbc8e483d2b6"], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1, 0x3, 0x25f, 0x2, 0x0, 0xffffffffffffffff, 0x80000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0xf, &(0x7f0000000080)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x3f}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x48, r7, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}]}, 0x48}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x1, 0x803, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r10], 0x3c}}, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0xffffffff) bind$rxrpc(r1, &(0x7f0000000580)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x6, @private1, 0x80000001}}, 0x24) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000280)="08a8c27f6a303a072ebdb4fe285a8c82f545f9ae9108f71cd8373045b8cbaf4820876a99a75521cd2a9395955ca99962da38ba3b8fff89d434", 0x39}, {&(0x7f00000002c0)="b4fb3acd552caf9be2d5", 0xa}], 0x2, 0x0, 0x0, 0x80}, 0x4000800) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4140aecd, &(0x7f00000001c0)=ANY=[]) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f3100000a000100be"], 0x40}}, 0x0) 25.3538ms ago: executing program 1 (id=2315): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000bdd918d36e6a6844efadd67dafc64400", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_uring_setup(0x177f, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000937000/0x2000)=nil, 0x2000, 0x1, 0x100010, 0xffffffffffffffff, 0x2000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000003f00)='ns/net\x00') ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000779000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x2000, 0x2}) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x0, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="dea0dfff1c25ad349d6da999f6835171837a5697e96c0c8330dcd03f4a57509d34ef8d4d9525c665cfd62461c626a933"], &(0x7f00000000c0)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x100, 0x3b, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='contention_begin\x00', r4}, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x3c1, 0x3, 0x298, 0x104, 0x2b8, 0x182, 0x0, 0x0, 0x1d0, 0x3a8, 0x3a8, 0x1d0, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xdc, 0x104, 0x0, {0x0, 0x1800}, [@common=@unspec=@statistic={{0x38}, {0xfffc}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@mcast2, @remote, [], [], 'macsec0\x00', 'netdevsim0\x00'}, 0x0, 0xa4, 0xcc}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x2f4) r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r6, &(0x7f0000000100)={{0x3, @default, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]}, 0x48) r7 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc) bind$ax25(r7, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) close(r7) mkdir(&(0x7f0000000440)='./file1\x00', 0xbd) syz_open_procfs(0x0, &(0x7f0000000200)='net/tcp6\x00') mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') openat$cgroup_root(0xffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) 0s ago: executing program 0 (id=2316): sched_setaffinity(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404}, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss={0x2, 0x1}, @window, @timestamp, @sack_perm, @timestamp, @timestamp, @sack_perm], 0x2000000000000024) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r3, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6) kernel console output (not intermixed with test programs): 628686][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 80.636969][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 80.645211][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 80.653510][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 80.661725][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 80.670026][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 80.687354][ T4357] ip_vti0 speed is unknown, defaulting to 1000 [ 80.759590][ T4298] ip_vti0 speed is unknown, defaulting to 1000 [ 80.883744][ T4363] syz.2.6 uses obsolete (PF_INET,SOCK_PACKET) [ 81.277732][ T4369] device bridge_slave_1 left promiscuous mode [ 81.287177][ T4369] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.337072][ T4369] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7'. [ 81.387198][ T4369] device bridge_slave_0 left promiscuous mode [ 81.421964][ T4369] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.637929][ T4382] netlink: 14 bytes leftover after parsing attributes in process `syz.1.10'. [ 82.647172][ T4383] netlink: 'syz.1.10': attribute type 10 has an invalid length. [ 82.737563][ T4383] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 82.963943][ T4384] fuse: Unknown parameter 'user_i00000000000000000000' [ 85.683851][ T4418] input: syz0 as /devices/virtual/input/input6 [ 85.811000][ T4421] netlink: 14 bytes leftover after parsing attributes in process `syz.3.23'. [ 85.821087][ T4421] netlink: 'syz.3.23': attribute type 10 has an invalid length. [ 86.576040][ T4421] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 86.702283][ T125] cfg80211: failed to load regulatory.db [ 86.852548][ T4429] device bridge_slave_1 left promiscuous mode [ 86.986594][ T4429] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.031366][ T4433] netlink: 8 bytes leftover after parsing attributes in process `syz.0.24'. [ 87.045559][ T4433] device bridge_slave_0 left promiscuous mode [ 87.055867][ T4433] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.129301][ T4487] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 91.812103][ T4502] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(246933649153974) <= P.seqno(0) <= S.SWH(246933649154048)) and (P.ackno exists or LAWL(99158203569080) <= P.ackno(99158203569081) <= S.AWH(99158203569081), sending SYNC... [ 95.831786][ T4535] netlink: 'syz.4.52': attribute type 1 has an invalid length. [ 96.030280][ T4535] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.52'. [ 97.542593][ T4505] Bluetooth: (null): Invalid header checksum [ 97.557620][ T4505] Bluetooth: (null): Invalid header checksum [ 100.102273][ T4597] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 100.196561][ T4597] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 110.975957][ T4692] netlink: 16 bytes leftover after parsing attributes in process `syz.3.102'. [ 115.362969][ T4756] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 119.348940][ T4795] netlink: 'syz.4.134': attribute type 10 has an invalid length. [ 119.519381][ T4795] team0: Port device netdevsim0 added [ 119.578037][ T4799] netlink: 'syz.4.134': attribute type 10 has an invalid length. [ 119.846932][ T4799] team0: Port device netdevsim0 removed [ 119.855977][ T4799] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 120.598945][ T4811] input: syz0 as /devices/virtual/input/input7 [ 122.985533][ T4830] netlink: 14 bytes leftover after parsing attributes in process `syz.2.143'. [ 124.768897][ T4848] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 125.343050][ T4840] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.099607][ T4859] netlink: 16 bytes leftover after parsing attributes in process `syz.0.155'. [ 127.101409][ T4865] netlink: 'syz.4.156': attribute type 10 has an invalid length. [ 127.339599][ T4255] Bluetooth: hci5: command 0x1003 tx timeout [ 127.345976][ T4250] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 128.706218][ T4894] tmpfs: Unknown parameter 'usrquota' [ 128.794262][ T4896] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 132.781989][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.788413][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.834998][ T4935] netlink: 'syz.1.173': attribute type 10 has an invalid length. [ 133.910156][ T26] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 134.202873][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 134.379997][ T4250] Bluetooth: hci5: command 0x1003 tx timeout [ 134.386423][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 134.518984][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.534174][ T26] usb 4-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 134.544763][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.566718][ T26] usb 4-1: config 0 descriptor?? [ 134.795015][ T26] usbhid 4-1:0.0: can't add hid device: -71 [ 134.830224][ T26] usbhid: probe of 4-1:0.0 failed with error -71 [ 134.859118][ T4942] tmpfs: Unknown parameter 'usrquota' [ 134.873484][ T26] usb 4-1: USB disconnect, device number 2 [ 135.495012][ T4964] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 135.531893][ T4964] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 135.545525][ T4964] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 135.593700][ T4964] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 135.612299][ T4965] netlink: 20 bytes leftover after parsing attributes in process `syz.0.179'. [ 136.972973][ T4985] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 138.607635][ T5007] netlink: 'syz.1.188': attribute type 4 has an invalid length. [ 139.033512][ T4938] Bluetooth: hci5: Frame reassembly failed (-84) [ 139.168459][ T4938] Bluetooth: hci5: Frame reassembly failed (-84) [ 141.096090][ T4250] Bluetooth: hci5: command 0x1003 tx timeout [ 141.096930][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 141.378590][ C0] sched: RT throttling activated [ 142.294374][ T5036] tipc: Failed to remove unknown binding: 66,1,1/0:2408469141/2408469143 [ 142.541739][ T5036] tipc: Failed to remove unknown binding: 66,1,1/0:2408469141/2408469143 [ 143.342888][ T5057] netlink: 4 bytes leftover after parsing attributes in process `syz.4.202'. [ 144.519985][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 144.829234][ T5069] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 145.067547][ T5069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 145.075482][ T5069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 147.419508][ T4250] Bluetooth: hci5: command 0x1003 tx timeout [ 147.419550][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 148.000023][ T5084] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 150.747442][ T5109] netlink: 4 bytes leftover after parsing attributes in process `syz.3.214'. [ 150.836244][ T5110] tmpfs: Unknown parameter 'usrquota' [ 153.028924][ T5136] tipc: Failed to remove unknown binding: 66,1,1/0:3764743419/3764743421 [ 153.056136][ T5136] tipc: Failed to remove unknown binding: 66,1,1/0:3764743419/3764743421 [ 153.330005][ T5138] block nbd2: NBD_DISCONNECT [ 153.349973][ T5137] block nbd2: Disconnected due to user request. [ 153.380126][ T5137] block nbd2: shutting down sockets [ 154.182310][ T5147] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 154.216443][ T5147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 154.265387][ T5147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 154.301301][ T5147] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 154.915509][ T5159] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 158.468970][ T4252] Bluetooth: hci5: command 0x1003 tx timeout [ 158.476446][ T4250] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 159.541145][ T5209] netlink: 14 bytes leftover after parsing attributes in process `syz.1.250'. [ 159.552722][ T5209] netlink: 'syz.1.250': attribute type 10 has an invalid length. [ 160.404174][ T5210] input: syz0 as /devices/virtual/input/input8 [ 161.970661][ T5218] tmpfs: Unknown parameter 'usrquota' [ 164.189490][ T5239] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 164.885866][ T5246] netlink: 8 bytes leftover after parsing attributes in process `syz.4.261'. [ 165.336093][ T5249] netlink: 'syz.2.260': attribute type 10 has an invalid length. [ 165.905241][ T5249] team0: Port device netdevsim0 added [ 165.913051][ T4250] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 165.919988][ T4255] Bluetooth: hci5: command 0x1003 tx timeout [ 166.277919][ T5251] netlink: 14 bytes leftover after parsing attributes in process `syz.4.262'. [ 166.288391][ T5251] netlink: 'syz.4.262': attribute type 10 has an invalid length. [ 168.907221][ T5289] netlink: 8 bytes leftover after parsing attributes in process `syz.1.272'. [ 170.804172][ T5300] Zero length message leads to an empty skb [ 171.142671][ T5304] netlink: 14 bytes leftover after parsing attributes in process `syz.0.277'. [ 171.154240][ T5304] netlink: 'syz.0.277': attribute type 10 has an invalid length. [ 171.190451][ T5304] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 171.568809][ T4250] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 172.239261][ T5304] syz.0.277 (5304) used greatest stack depth: 18168 bytes left [ 172.912770][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 173.022235][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 173.030451][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 173.041417][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 173.224286][ T5324] netlink: 4 bytes leftover after parsing attributes in process `syz.4.284'. [ 178.373630][ T5376] netlink: 'syz.3.298': attribute type 10 has an invalid length. [ 178.872662][ T5376] bond0: (slave netdevsim0): Releasing backup interface [ 178.893397][ T5376] team0: Port device netdevsim0 added [ 182.102996][ T5412] netlink: 14 bytes leftover after parsing attributes in process `syz.4.306'. [ 182.119622][ T5412] netlink: 'syz.4.306': attribute type 10 has an invalid length. [ 184.183596][ T11] Bluetooth: hci5: Frame reassembly failed (-84) [ 185.504441][ T5440] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 185.534082][ T5440] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 185.551910][ T5440] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 186.224222][ T4250] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 187.473429][ T5458] ip_vti0 speed is unknown, defaulting to 1000 [ 188.841990][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 188.896742][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 188.908973][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 189.141936][ T5484] netlink: 20 bytes leftover after parsing attributes in process `syz.1.322'. [ 191.021346][ T5490] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 192.296675][ T5523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.331'. [ 192.922393][ T5533] siw: device registration error -23 [ 192.938798][ T4250] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 192.939639][ T4252] Bluetooth: hci5: command 0x1003 tx timeout [ 194.224904][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.235402][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.029140][ T5567] fuse: Bad value for 'fd' [ 196.299058][ T4255] Bluetooth: hci3: command 0x0406 tx timeout [ 196.305203][ T4252] Bluetooth: hci2: command 0x0406 tx timeout [ 196.311377][ T4250] Bluetooth: hci4: command 0x0406 tx timeout [ 196.317410][ T4263] Bluetooth: hci1: command 0x0406 tx timeout [ 196.319100][ T4265] Bluetooth: hci0: command 0x0406 tx timeout [ 197.340928][ T5571] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 198.285726][ T5592] ip_vti0 speed is unknown, defaulting to 1000 [ 198.779083][ T4265] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 199.873233][ T5608] siw: device registration error -23 [ 201.110604][ T5628] fuse: Bad value for 'fd' [ 203.701799][ T5650] netlink: 14 bytes leftover after parsing attributes in process `syz.0.370'. [ 203.713251][ T5650] netlink: 'syz.0.370': attribute type 10 has an invalid length. [ 205.418810][ T4265] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 207.124641][ T5693] tmpfs: Unknown parameter 'usrquota' [ 207.267995][ T5700] netlink: 14 bytes leftover after parsing attributes in process `syz.2.384'. [ 207.279683][ T5700] netlink: 'syz.2.384': attribute type 10 has an invalid length. [ 208.134087][ T5700] team0: Port device netdevsim0 removed [ 208.267093][ T5703] netlink: 4 bytes leftover after parsing attributes in process `syz.1.387'. [ 210.286620][ T5723] tmpfs: Unknown parameter 'usrquota' [ 212.431553][ T5750] netlink: 14 bytes leftover after parsing attributes in process `syz.3.399'. [ 212.443076][ T5750] netlink: 'syz.3.399': attribute type 10 has an invalid length. [ 213.096257][ T5750] team0: Port device netdevsim0 removed [ 213.105758][ T5750] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 214.724383][ T5769] block device autoloading is deprecated and will be removed. [ 217.382192][ T5802] netlink: 14 bytes leftover after parsing attributes in process `syz.4.414'. [ 217.393599][ T5802] netlink: 'syz.4.414': attribute type 10 has an invalid length. [ 218.368857][ T5806] netlink: 16 bytes leftover after parsing attributes in process `syz.4.416'. [ 220.843431][ T5817] netlink: 'syz.0.421': attribute type 10 has an invalid length. [ 220.879584][ T5817] bond0: (slave netdevsim0): Releasing backup interface [ 220.890866][ T5817] team0: Port device netdevsim0 added [ 220.896811][ T5820] netlink: 'syz.0.421': attribute type 10 has an invalid length. [ 220.956300][ T5820] team0: Port device netdevsim0 removed [ 220.966411][ T5820] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 222.038264][ T5846] netlink: 14 bytes leftover after parsing attributes in process `syz.2.427'. [ 222.050350][ T5846] netlink: 'syz.2.427': attribute type 10 has an invalid length. [ 223.022459][ T5848] tmpfs: Unknown parameter 'usrquota' [ 224.282151][ T5871] netlink: 'syz.3.434': attribute type 10 has an invalid length. [ 224.821104][ T5871] bond0: (slave netdevsim0): Releasing backup interface [ 224.831548][ T5871] team0: Port device netdevsim0 added [ 224.837493][ T5872] netlink: 'syz.3.434': attribute type 10 has an invalid length. [ 224.943171][ T5872] team0: Port device netdevsim0 removed [ 224.951143][ T5872] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 225.424842][ T5882] netlink: 16 bytes leftover after parsing attributes in process `syz.1.437'. [ 227.186609][ T5894] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 227.335211][ T5894] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 227.349009][ T5894] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 227.606818][ T5902] tmpfs: Unknown parameter 'usrquota' [ 228.864123][ T5919] netlink: 'syz.3.447': attribute type 10 has an invalid length. [ 229.483439][ T5919] bond0: (slave netdevsim0): Releasing backup interface [ 229.525913][ T5919] team0: Port device netdevsim0 added [ 229.532001][ T5920] netlink: 'syz.3.447': attribute type 10 has an invalid length. [ 229.611532][ T5920] team0: Port device netdevsim0 removed [ 229.620170][ T5920] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 230.566180][ T5686] tipc: Subscription rejected, illegal request [ 231.241814][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 231.315429][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 231.324705][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 233.478344][ T5964] netlink: 'syz.0.463': attribute type 10 has an invalid length. [ 234.252476][ T5964] bond0: (slave netdevsim0): Releasing backup interface [ 234.263998][ T5964] team0: Port device netdevsim0 added [ 234.270534][ T5972] netlink: 'syz.1.464': attribute type 10 has an invalid length. [ 234.280199][ T5972] bond0: (slave netdevsim0): Releasing backup interface [ 234.292275][ T5972] team0: Port device netdevsim0 added [ 234.298022][ T5968] netlink: 'syz.0.463': attribute type 10 has an invalid length. [ 234.335293][ T5968] team0: Port device netdevsim0 removed [ 234.362876][ T5968] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 234.438727][ T5971] netlink: 'syz.1.464': attribute type 10 has an invalid length. [ 234.538880][ T5971] team0: Port device netdevsim0 removed [ 234.547434][ T5971] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 234.657644][ T5974] netlink: 4 bytes leftover after parsing attributes in process `syz.2.465'. [ 234.692431][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 235.406816][ T5985] netlink: 20 bytes leftover after parsing attributes in process `syz.3.466'. [ 235.722100][ T5992] netlink: 'syz.2.471': attribute type 11 has an invalid length. [ 235.782488][ T5992] netlink: 9340 bytes leftover after parsing attributes in process `syz.2.471'. [ 236.061210][ T6000] siw: device registration error -23 [ 237.441199][ T6015] tmpfs: Unknown parameter 'usrquota' [ 237.883743][ T6019] netlink: 'syz.4.479': attribute type 10 has an invalid length. [ 237.900468][ T6019] bond0: (slave netdevsim0): Releasing backup interface [ 237.921744][ T6019] team0: Port device netdevsim0 added [ 237.944626][ T6019] netlink: 'syz.4.479': attribute type 10 has an invalid length. [ 238.071465][ T6019] team0: Port device netdevsim0 removed [ 238.089640][ T6019] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 239.919876][ T6045] input: syz0 as /devices/virtual/input/input9 [ 240.689109][ T6056] tmpfs: Unknown parameter 'usrquota' [ 241.133507][ T6063] netlink: 4 bytes leftover after parsing attributes in process `syz.1.491'. [ 241.841641][ T6076] netlink: 14 bytes leftover after parsing attributes in process `syz.2.495'. [ 241.853493][ T6076] netlink: 'syz.2.495': attribute type 10 has an invalid length. [ 241.873063][ T6076] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 243.091070][ T6082] siw: device registration error -23 [ 245.828917][ T6113] siw: device registration error -23 [ 247.362956][ T6134] tmpfs: Unknown parameter 'usrquota' [ 249.254678][ T6155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.521'. [ 249.263806][ T6158] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 249.270727][ T6158] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 249.298183][ T6158] vhci_hcd vhci_hcd.0: Device attached [ 249.428675][ T4801] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 249.499687][ T2183] vhci_hcd: vhci_device speed not set [ 249.978329][ T2183] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 250.269096][ T4801] usb 4-1: config 0 has no interfaces? [ 250.274647][ T4801] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 250.313931][ T4801] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.403456][ T4801] usb 4-1: config 0 descriptor?? [ 250.625424][ T6159] vhci_hcd: connection closed [ 250.628052][ T4301] usb 4-1: USB disconnect, device number 3 [ 250.639774][ T4470] vhci_hcd: stop threads [ 250.644707][ T4470] vhci_hcd: release socket [ 250.699612][ T2183] vhci_hcd: vhci_device speed not set [ 250.707514][ T4470] vhci_hcd: disconnect device [ 252.757421][ T6200] siw: device registration error -23 [ 254.057019][ T6210] program syz.3.540 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 254.376389][ T6219] netlink: 4 bytes leftover after parsing attributes in process `syz.0.544'. [ 254.533017][ T2183] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 254.586937][ T6226] netlink: 'syz.2.542': attribute type 10 has an invalid length. [ 255.300661][ T6226] bond0: (slave netdevsim0): Releasing backup interface [ 255.311218][ T6226] team0: Port device netdevsim0 added [ 255.319410][ T6216] netlink: 4 bytes leftover after parsing attributes in process `syz.1.541'. [ 255.328383][ T6227] netlink: 'syz.2.542': attribute type 10 has an invalid length. [ 255.359625][ T6227] team0: Port device netdevsim0 removed [ 255.367117][ T6227] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 255.469374][ T2183] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 255.514799][ T2183] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 255.554817][ T2183] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 255.588928][ T2183] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.600206][ T2183] usb 4-1: config 0 descriptor?? [ 255.618851][ T2183] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 255.634022][ T2183] dvb-usb: bulk message failed: -22 (3/0) [ 255.660506][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.666765][ T2183] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 255.666971][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.693677][ T2183] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 255.795853][ T2183] usb 4-1: media controller created [ 255.807443][ T6210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.888992][ T6210] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.919441][ T6210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.933799][ T2183] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 255.970928][ T6210] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.990444][ T2183] dvb-usb: bulk message failed: -22 (6/0) [ 256.005801][ T2183] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 256.043890][ T2183] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input10 [ 256.078260][ T6210] Invalid option length (1025773) for dns_resolver key [ 256.131661][ T2183] dvb-usb: schedule remote query interval to 150 msecs. [ 256.142941][ T2183] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 256.177901][ T2183] usb 4-1: USB disconnect, device number 4 [ 256.305888][ T2183] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 257.284813][ T6244] siw: device registration error -23 [ 257.959494][ T6252] capability: warning: `syz.2.552' uses 32-bit capabilities (legacy support in use) [ 258.322191][ T6260] netlink: 8 bytes leftover after parsing attributes in process `syz.4.553'. [ 258.390925][ T6262] tmpfs: Unknown parameter 'usrquota' [ 258.556022][ T6263] netlink: 48 bytes leftover after parsing attributes in process `syz.4.553'. [ 259.799598][ T6279] netlink: 12 bytes leftover after parsing attributes in process `syz.2.560'. [ 259.837952][ T6278] netlink: 20 bytes leftover after parsing attributes in process `syz.1.559'. [ 261.271217][ T6297] siw: device registration error -23 [ 261.418882][ T6302] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 261.425474][ T6302] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 261.482137][ T6302] vhci_hcd vhci_hcd.0: Device attached [ 261.668783][ T26] vhci_hcd: vhci_device speed not set [ 261.728719][ T4300] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 261.744225][ T26] usb 33-1: new full-speed USB device number 2 using vhci_hcd [ 261.875983][ T6313] netlink: 4 bytes leftover after parsing attributes in process `syz.4.569'. [ 261.930256][ T4300] usb 1-1: config 0 has no interfaces? [ 261.935896][ T4300] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 262.000355][ T4300] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.097197][ T4300] usb 1-1: config 0 descriptor?? [ 262.429651][ T2183] usb 1-1: USB disconnect, device number 2 [ 262.438309][ T6303] vhci_hcd: connection closed [ 262.439594][ T5047] vhci_hcd: stop threads [ 262.511792][ T26] vhci_hcd: vhci_device speed not set [ 262.597289][ T26] usb 33-1: device descriptor read/64, error -71 [ 263.108973][ T26] vhci_hcd: vhci_device speed not set [ 263.345182][ T5047] vhci_hcd: release socket [ 263.359873][ T26] usb 33-1: new full-speed USB device number 3 using vhci_hcd [ 263.374116][ T5047] vhci_hcd: disconnect device [ 263.886734][ T6333] netlink: 20 bytes leftover after parsing attributes in process `syz.1.575'. [ 266.701979][ T6367] siw: device registration error -23 [ 266.866043][ T6371] Bluetooth: MGMT ver 1.22 [ 269.320361][ T26] vhci_hcd: vhci_device speed not set [ 269.789934][ T6397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.593'. [ 270.047262][ T6404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.595'. [ 270.396635][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 270.915687][ T6413] netlink: 4 bytes leftover after parsing attributes in process `syz.4.597'. [ 273.116775][ T6438] netlink: 20 bytes leftover after parsing attributes in process `syz.2.603'. [ 273.696083][ T6451] siw: device registration error -23 [ 274.705921][ T6467] netlink: 'syz.1.613': attribute type 10 has an invalid length. [ 275.429256][ T6467] bond0: (slave netdevsim0): Releasing backup interface [ 275.439907][ T6467] team0: Port device netdevsim0 added [ 275.446166][ T6468] netlink: 'syz.1.613': attribute type 10 has an invalid length. [ 275.546075][ T6468] team0: Port device netdevsim0 removed [ 275.554046][ T6468] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 275.821724][ T6473] netlink: 4 bytes leftover after parsing attributes in process `syz.4.615'. [ 275.910979][ T6474] netlink: 8 bytes leftover after parsing attributes in process `syz.1.614'. [ 276.033138][ T6474] netlink: 48 bytes leftover after parsing attributes in process `syz.1.614'. [ 277.558660][ T6488] tmpfs: Unknown parameter 'usrquota' [ 277.623920][ T6495] netlink: 20 bytes leftover after parsing attributes in process `syz.3.620'. [ 278.309227][ T6510] netlink: 'syz.0.625': attribute type 10 has an invalid length. [ 278.988087][ T6510] bond0: (slave netdevsim0): Releasing backup interface [ 279.007213][ T6510] team0: Port device netdevsim0 added [ 279.013200][ T6511] netlink: 'syz.0.625': attribute type 10 has an invalid length. [ 279.116576][ T6511] team0: Port device netdevsim0 removed [ 279.124320][ T6511] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 280.062506][ T6528] siw: device registration error -23 [ 281.502378][ T6543] netlink: 16 bytes leftover after parsing attributes in process `syz.1.637'. [ 281.898083][ T6555] netlink: 'syz.4.639': attribute type 10 has an invalid length. [ 282.275919][ T6555] bond0: (slave netdevsim0): Releasing backup interface [ 282.299220][ T6555] team0: Port device netdevsim0 added [ 282.327397][ T6556] netlink: 'syz.4.639': attribute type 10 has an invalid length. [ 282.583146][ T6556] team0: Port device netdevsim0 removed [ 282.591615][ T6556] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 282.995250][ T6565] tmpfs: Unknown parameter 'usrquota' [ 285.625189][ T6601] netlink: 'syz.2.653': attribute type 10 has an invalid length. [ 286.238891][ T6601] bond0: (slave netdevsim0): Releasing backup interface [ 286.250816][ T6601] team0: Port device netdevsim0 added [ 286.256736][ T6602] netlink: 'syz.2.653': attribute type 10 has an invalid length. [ 286.317640][ T6602] team0: Port device netdevsim0 removed [ 286.325419][ T6602] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 287.546445][ T7] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 287.603875][ T6617] netlink: 16 bytes leftover after parsing attributes in process `syz.4.660'. [ 287.738962][ T7] usb 2-1: Using ep0 maxpacket: 8 [ 287.747545][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 287.767525][ T7] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 287.776935][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.826243][ T7] usb 2-1: config 0 descriptor?? [ 288.238664][ T7] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 289.880395][ T6648] netlink: 'syz.2.666': attribute type 10 has an invalid length. [ 290.268753][ T6648] bond0: (slave netdevsim0): Releasing backup interface [ 290.289069][ T6648] team0: Port device netdevsim0 added [ 290.295919][ T6649] netlink: 'syz.2.666': attribute type 10 has an invalid length. [ 290.372776][ T7] usb 2-1: USB disconnect, device number 2 [ 290.410051][ T7] iowarrior 2-1:0.0: I/O-Warror #0 now disconnected [ 290.425936][ T6649] team0: Port device netdevsim0 removed [ 290.435349][ T6649] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 291.917671][ T6675] infiniband syz0: set active [ 291.930578][ T6670] tmpfs: Unknown parameter 'usrquota' [ 291.971495][ T6675] infiniband syz0: set active [ 292.207360][ T6675] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 292.256496][ T6675] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 292.389079][ T4300] ip_vti0 speed is unknown, defaulting to 1000 [ 292.405906][ T4302] ip_vti0 speed is unknown, defaulting to 1000 [ 293.838251][ T6692] netlink: 16 bytes leftover after parsing attributes in process `syz.1.679'. [ 295.016859][ T6705] netlink: 'syz.0.681': attribute type 10 has an invalid length. [ 295.680460][ T6705] bond0: (slave netdevsim0): Releasing backup interface [ 295.693710][ T6705] team0: Port device netdevsim0 added [ 295.701399][ T6706] netlink: 'syz.0.681': attribute type 10 has an invalid length. [ 295.754623][ T6706] team0: Port device netdevsim0 removed [ 295.762693][ T6706] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 295.983387][ T6710] netlink: 4 bytes leftover after parsing attributes in process `syz.0.683'. [ 296.000461][ T6710] device team_slave_0 entered promiscuous mode [ 296.006901][ T6710] device team_slave_1 entered promiscuous mode [ 296.070944][ T6710] device macvtap1 entered promiscuous mode [ 296.170208][ T6710] device team0 entered promiscuous mode [ 296.189626][ T6710] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 296.202163][ T6713] netlink: 4 bytes leftover after parsing attributes in process `syz.0.683'. [ 296.220613][ T6713] device team0 left promiscuous mode [ 296.226666][ T6713] device team_slave_0 left promiscuous mode [ 296.232817][ T6713] device team_slave_1 left promiscuous mode [ 297.517530][ T4265] Bluetooth: hci4: unexpected event for opcode 0x0419 [ 297.911965][ T6728] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 297.962924][ T6728] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 297.981232][ T6728] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 298.614979][ T6748] siw: device registration error -23 [ 298.953889][ T6755] netlink: 20 bytes leftover after parsing attributes in process `syz.4.695'. [ 298.956107][ T6756] tmpfs: Unknown parameter 'usrquota' [ 300.519998][ T6767] netlink: 16 bytes leftover after parsing attributes in process `syz.4.700'. [ 301.579860][ T4265] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 301.588809][ T4265] Bluetooth: hci4: Injecting HCI hardware error event [ 301.597323][ T4265] Bluetooth: hci4: hardware error 0x00 [ 303.600016][ T6814] netlink: 16 bytes leftover after parsing attributes in process `syz.1.715'. [ 303.659656][ T4265] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 303.880216][ T6822] siw: device registration error -23 [ 304.154032][ T6816] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 304.179983][ T6816] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 304.194483][ T6816] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 304.227681][ T6816] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 304.256342][ T6816] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 304.295673][ T6816] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 305.019262][ T4255] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 305.197052][ T6831] tmpfs: Unknown parameter 'usrquota' [ 307.816625][ T6863] netlink: 20 bytes leftover after parsing attributes in process `syz.1.728'. [ 308.729837][ T6865] netlink: 16 bytes leftover after parsing attributes in process `syz.1.729'. [ 309.552877][ T6884] tmpfs: Unknown parameter 'usrquota' [ 311.018619][ T4255] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 312.048800][ T7] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 312.329511][ T6911] netlink: 20 bytes leftover after parsing attributes in process `syz.3.740'. [ 312.378857][ T7] usb 5-1: Using ep0 maxpacket: 8 [ 312.398842][ T7] usb 5-1: config 0 has no interfaces? [ 312.410929][ T7] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 312.432941][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.466782][ T7] usb 5-1: config 0 descriptor?? [ 312.697441][ T4301] usb 5-1: USB disconnect, device number 2 [ 313.274712][ T6927] netlink: 16 bytes leftover after parsing attributes in process `syz.1.745'. [ 315.392272][ T6946] tmpfs: Unknown parameter 'usrquota' [ 315.578766][ T4255] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 317.102791][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.109209][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.314260][ T6982] siw: device registration error -23 [ 318.038785][ T6990] netlink: 16 bytes leftover after parsing attributes in process `syz.0.762'. [ 320.386102][ T7008] netlink: 'syz.4.766': attribute type 10 has an invalid length. [ 320.638456][ T7008] bond0: (slave netdevsim0): Releasing backup interface [ 320.660223][ T7008] team0: Port device netdevsim0 added [ 320.685477][ T7009] netlink: 'syz.4.766': attribute type 10 has an invalid length. [ 320.946379][ T7009] team0: Port device netdevsim0 removed [ 320.954847][ T7009] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 321.985795][ T7025] tmpfs: Unknown parameter 'usrquota' [ 322.104121][ T7039] netlink: 16 bytes leftover after parsing attributes in process `syz.1.777'. [ 323.181683][ T7048] siw: device registration error -23 [ 324.828174][ T7063] netlink: 'syz.3.779': attribute type 10 has an invalid length. [ 325.236228][ T7063] bond0: (slave netdevsim0): Releasing backup interface [ 325.323634][ T7063] team0: Port device netdevsim0 added [ 325.324173][ T7064] netlink: 'syz.3.779': attribute type 10 has an invalid length. [ 325.467090][ T7064] team0: Port device netdevsim0 removed [ 325.475087][ T7064] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 327.676566][ T7088] netlink: 16 bytes leftover after parsing attributes in process `syz.2.788'. [ 327.791016][ T7090] netlink: 14 bytes leftover after parsing attributes in process `syz.3.787'. [ 327.803057][ T7090] netlink: 'syz.3.787': attribute type 10 has an invalid length. [ 328.626275][ T7097] tmpfs: Unknown parameter 'usrquota' [ 330.109100][ T7115] netlink: 'syz.0.793': attribute type 10 has an invalid length. [ 330.580029][ T7115] bond0: (slave netdevsim0): Releasing backup interface [ 330.612568][ T7115] team0: Port device netdevsim0 added [ 330.618967][ T7116] netlink: 'syz.0.793': attribute type 10 has an invalid length. [ 330.751250][ T7116] team0: Port device netdevsim0 removed [ 330.759246][ T7116] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 331.914270][ T7131] netlink: 'syz.0.796': attribute type 1 has an invalid length. [ 331.940848][ T7131] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.796'. [ 332.540176][ T7140] siw: device registration error -23 [ 332.647696][ T7144] netlink: 14 bytes leftover after parsing attributes in process `syz.4.800'. [ 332.659704][ T7144] netlink: 'syz.4.800': attribute type 10 has an invalid length. [ 335.162610][ T7165] netlink: 16 bytes leftover after parsing attributes in process `syz.4.805'. [ 335.239156][ T7162] netlink: 20 bytes leftover after parsing attributes in process `syz.1.806'. [ 336.397704][ T7180] tmpfs: Unknown parameter 'usrquota' [ 336.952601][ T7195] netlink: 14 bytes leftover after parsing attributes in process `syz.2.813'. [ 336.964309][ T7195] netlink: 'syz.2.813': attribute type 10 has an invalid length. [ 340.175193][ T7229] netlink: 20 bytes leftover after parsing attributes in process `syz.2.820'. [ 340.761434][ T7235] netlink: 16 bytes leftover after parsing attributes in process `syz.0.824'. [ 343.533283][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 343.960873][ T7290] tmpfs: Unknown parameter 'usrquota' [ 345.597044][ T7311] netlink: 'syz.1.843': attribute type 1 has an invalid length. [ 345.610771][ T7311] netlink: 4096 bytes leftover after parsing attributes in process `syz.1.843'. [ 346.770172][ T7317] netlink: 16 bytes leftover after parsing attributes in process `syz.0.846'. [ 347.115923][ T7320] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 347.130648][ T7320] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 347.202909][ T7320] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 347.987673][ T7350] siw: device registration error -23 [ 349.146053][ T7362] tmpfs: Unknown parameter 'usrquota' [ 350.250083][ T7385] netlink: 8 bytes leftover after parsing attributes in process `syz.4.869'. [ 351.807456][ T7407] tmpfs: Unknown parameter 'usrquota' [ 352.312524][ T7413] netlink: 'syz.1.876': attribute type 10 has an invalid length. [ 352.900450][ T7413] bond0: (slave netdevsim0): Releasing backup interface [ 352.911518][ T7413] team0: Port device netdevsim0 added [ 352.917495][ T7414] netlink: 'syz.1.876': attribute type 10 has an invalid length. [ 352.995751][ T7414] team0: Port device netdevsim0 removed [ 353.004061][ T7414] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 355.418722][ T4255] Bluetooth: hci1: command 0x0406 tx timeout [ 356.169599][ T7452] netlink: 14 bytes leftover after parsing attributes in process `syz.1.885'. [ 356.179134][ T7452] netlink: 'syz.1.885': attribute type 10 has an invalid length. [ 357.215361][ T7464] netlink: 'syz.3.889': attribute type 10 has an invalid length. [ 357.228950][ T7464] bond0: (slave netdevsim0): Releasing backup interface [ 357.253833][ T7464] team0: Port device netdevsim0 added [ 357.276998][ T7464] netlink: 'syz.3.889': attribute type 10 has an invalid length. [ 357.706355][ T5047] Bluetooth: hci5: Frame reassembly failed (-84) [ 357.740309][ T7464] team0: Port device netdevsim0 removed [ 357.749285][ T7464] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 357.835601][ T7467] netlink: 16 bytes leftover after parsing attributes in process `syz.1.890'. [ 358.531155][ T7485] tmpfs: Unknown parameter 'usrquota' [ 359.658725][ T4255] Bluetooth: hci5: command 0x1003 tx timeout [ 359.688866][ T4265] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 360.362450][ T7502] netlink: 14 bytes leftover after parsing attributes in process `syz.1.900'. [ 360.372275][ T7502] netlink: 'syz.1.900': attribute type 10 has an invalid length. [ 362.074185][ T7528] netlink: 16 bytes leftover after parsing attributes in process `syz.4.910'. [ 362.144118][ T7529] netlink: 44 bytes leftover after parsing attributes in process `syz.1.909'. [ 362.156997][ T7529] netlink: 12 bytes leftover after parsing attributes in process `syz.1.909'. [ 362.544516][ T4252] Bluetooth: hci5: sending frame failed (-49) [ 362.552000][ T4265] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 362.808379][ T7539] netlink: 14 bytes leftover after parsing attributes in process `syz.2.912'. [ 362.818082][ T7539] netlink: 'syz.2.912': attribute type 10 has an invalid length. [ 364.014856][ T7553] tmpfs: Unknown parameter 'usrquota' [ 364.794463][ T7568] netlink: 20 bytes leftover after parsing attributes in process `syz.4.921'. [ 365.021661][ T7569] siw: device registration error -23 [ 365.346438][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 365.381251][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 365.434174][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 365.810203][ T7584] netlink: 14 bytes leftover after parsing attributes in process `syz.2.925'. [ 365.819901][ T7584] netlink: 'syz.2.925': attribute type 10 has an invalid length. [ 366.577123][ T7595] blktrace: Concurrent blktraces are not allowed on sg0 [ 368.870112][ T4252] Bluetooth: hci5: sending frame failed (-49) [ 368.877443][ T4265] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 369.526872][ T7632] netlink: 'syz.4.936': attribute type 10 has an invalid length. [ 370.088227][ T7632] bond0: (slave netdevsim0): Releasing backup interface [ 370.110255][ T7632] team0: Port device netdevsim0 added [ 370.116245][ T7633] netlink: 'syz.4.936': attribute type 10 has an invalid length. [ 370.198040][ T7633] team0: Port device netdevsim0 removed [ 370.205680][ T7633] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 370.527838][ T7643] netlink: 'syz.2.940': attribute type 8 has an invalid length. [ 370.577922][ T7643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.940'. [ 370.706970][ T7646] netlink: 14 bytes leftover after parsing attributes in process `syz.4.939'. [ 370.717670][ T7646] netlink: 'syz.4.939': attribute type 10 has an invalid length. [ 374.664225][ T7683] netlink: 'syz.4.949': attribute type 10 has an invalid length. [ 375.465060][ T7683] bond0: (slave netdevsim0): Releasing backup interface [ 375.519431][ T7683] team0: Port device netdevsim0 added [ 375.525265][ T7684] netlink: 'syz.4.949': attribute type 10 has an invalid length. [ 375.569122][ T7688] fuse: Bad value for 'fd' [ 375.601055][ T7684] team0: Port device netdevsim0 removed [ 375.609520][ T7684] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 376.959868][ T7709] netlink: 14 bytes leftover after parsing attributes in process `syz.2.956'. [ 376.969486][ T7709] netlink: 'syz.2.956': attribute type 10 has an invalid length. [ 377.053089][ T7712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.957'. [ 378.549317][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.555709][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.282294][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 381.201593][ T7749] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 383.029068][ T7755] netlink: 'syz.2.966': attribute type 10 has an invalid length. [ 383.038316][ T7755] bond0: (slave netdevsim0): Releasing backup interface [ 383.050911][ T7755] team0: Port device netdevsim0 added [ 383.056839][ T7756] netlink: 'syz.2.966': attribute type 10 has an invalid length. [ 383.262704][ T7756] team0: Port device netdevsim0 removed [ 383.271456][ T7756] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 383.838417][ T7771] fuse: Bad value for 'fd' [ 385.416636][ T7783] netlink: 4 bytes leftover after parsing attributes in process `syz.1.974'. [ 385.544999][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 385.920684][ T7795] netlink: 'syz.2.979': attribute type 10 has an invalid length. [ 385.964822][ T7795] bond0: (slave netdevsim0): Releasing backup interface [ 385.981257][ T7795] team0: Port device netdevsim0 added [ 385.987086][ T7798] netlink: 'syz.2.979': attribute type 10 has an invalid length. [ 386.063193][ T7798] team0: Port device netdevsim0 removed [ 386.072406][ T7798] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 388.378973][ T7814] netlink: 'syz.2.982': attribute type 10 has an invalid length. [ 388.424836][ T7814] bond0: (slave netdevsim0): Releasing backup interface [ 388.436621][ T7814] team0: Port device netdevsim0 added [ 388.442941][ T7816] netlink: 'syz.2.982': attribute type 10 has an invalid length. [ 388.519558][ T7816] team0: Port device netdevsim0 removed [ 388.527301][ T7816] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 390.202322][ T7833] netlink: 20 bytes leftover after parsing attributes in process `syz.1.986'. [ 391.944875][ T7856] netlink: 'syz.0.995': attribute type 10 has an invalid length. [ 392.009826][ T7856] bond0: (slave netdevsim0): Releasing backup interface [ 392.020924][ T7856] team0: Port device netdevsim0 added [ 392.026751][ T7854] netlink: 'syz.0.995': attribute type 10 has an invalid length. [ 392.121920][ T7854] team0: Port device netdevsim0 removed [ 392.130820][ T7854] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 394.618698][ T4265] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 397.011940][ T7911] netlink: 'syz.4.1008': attribute type 10 has an invalid length. [ 397.049318][ T7911] bond0: (slave netdevsim0): Releasing backup interface [ 397.060428][ T7911] team0: Port device netdevsim0 added [ 397.066369][ T7913] netlink: 'syz.4.1008': attribute type 10 has an invalid length. [ 397.110071][ T7913] team0: Port device netdevsim0 removed [ 397.118420][ T7913] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 398.743399][ T7925] netlink: 'syz.4.1012': attribute type 10 has an invalid length. [ 399.113046][ T7925] bond0: (slave netdevsim0): Releasing backup interface [ 399.163782][ T7925] team0: Port device netdevsim0 added [ 399.170616][ T7926] netlink: 'syz.4.1012': attribute type 10 has an invalid length. [ 399.213516][ T7926] team0: Port device netdevsim0 removed [ 399.222245][ T7926] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 399.268720][ T4252] Bluetooth: hci0: command 0x0406 tx timeout [ 399.572291][ T7937] infiniband syz0: set active [ 399.596219][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 400.293688][ T4301] ip_vti0 speed is unknown, defaulting to 1000 [ 401.214852][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 402.223069][ T7966] netlink: 'syz.0.1025': attribute type 10 has an invalid length. [ 402.349519][ T7966] bond0: (slave netdevsim0): Releasing backup interface [ 402.360853][ T7966] team0: Port device netdevsim0 added [ 402.366658][ T7965] netlink: 'syz.0.1025': attribute type 10 has an invalid length. [ 402.597055][ T7965] team0: Port device netdevsim0 removed [ 402.605515][ T7965] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 404.087191][ T7992] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 404.708676][ T4252] Bluetooth: hci1: command 0x0406 tx timeout [ 405.612988][ T8016] netlink: 'syz.0.1040': attribute type 10 has an invalid length. [ 405.743590][ T8016] bond0: (slave netdevsim0): Releasing backup interface [ 405.760191][ T8016] team0: Port device netdevsim0 added [ 405.766133][ T8015] netlink: 'syz.0.1040': attribute type 10 has an invalid length. [ 405.915972][ T8015] team0: Port device netdevsim0 removed [ 405.925488][ T8015] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 406.459782][ T4252] Bluetooth: hci3: command 0x0406 tx timeout [ 407.270663][ T8037] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1049'. [ 407.782540][ T8052] netlink: 'syz.3.1052': attribute type 10 has an invalid length. [ 407.851043][ T8052] bond0: (slave netdevsim0): Releasing backup interface [ 407.861541][ T8052] team0: Port device netdevsim0 added [ 407.867343][ T8051] netlink: 'syz.3.1052': attribute type 10 has an invalid length. [ 408.205730][ T8051] team0: Port device netdevsim0 removed [ 408.213561][ T8051] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 408.222713][ T8055] netlink: 'syz.2.1054': attribute type 10 has an invalid length. [ 408.257738][ T8055] bond0: (slave netdevsim0): Releasing backup interface [ 408.274207][ T8055] team0: Port device netdevsim0 added [ 408.280190][ T8056] netlink: 'syz.2.1054': attribute type 10 has an invalid length. [ 408.375672][ T8056] team0: Port device netdevsim0 removed [ 408.383364][ T8056] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 409.018823][ T4252] Bluetooth: hci0: command 0x0406 tx timeout [ 409.419424][ T4252] Bluetooth: hci2: command 0x0406 tx timeout [ 409.459513][ T8075] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1062'. [ 409.915682][ T8086] binder: 8078:8086 ioctl c0306201 20000140 returned -14 [ 410.873172][ T8090] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1066'. [ 411.839623][ T8096] netlink: 'syz.3.1068': attribute type 10 has an invalid length. [ 412.467627][ T4265] Bluetooth: hci2: command 0x0406 tx timeout [ 412.512545][ T8096] bond0: (slave netdevsim0): Releasing backup interface [ 412.523062][ T8096] team0: Port device netdevsim0 added [ 412.529342][ T8098] netlink: 'syz.3.1068': attribute type 10 has an invalid length. [ 412.573942][ T8101] binder: 8100:8101 ioctl c018620c 0 returned -14 [ 412.610676][ T8098] team0: Port device netdevsim0 removed [ 412.619255][ T8098] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 412.628238][ T8097] netlink: 'syz.1.1069': attribute type 10 has an invalid length. [ 412.735954][ T8097] bond0: (slave netdevsim0): Releasing backup interface [ 412.759647][ T8097] team0: Port device netdevsim0 added [ 412.766026][ T8099] netlink: 'syz.1.1069': attribute type 10 has an invalid length. [ 412.908039][ T8099] team0: Port device netdevsim0 removed [ 412.917156][ T8099] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 413.476221][ T8113] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1075'. [ 413.648793][ T4265] Bluetooth: hci3: unexpected event for opcode 0x200a [ 413.838576][ T8128] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1081'. [ 414.329830][ T8137] netlink: 'syz.3.1084': attribute type 10 has an invalid length. [ 415.052323][ T8137] bond0: (slave netdevsim0): Releasing backup interface [ 415.061908][ T8137] team0: Port device netdevsim0 added [ 415.067719][ T8138] netlink: 'syz.3.1084': attribute type 10 has an invalid length. [ 415.149948][ T8138] team0: Port device netdevsim0 removed [ 415.157512][ T8138] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 415.234523][ T8131] tmpfs: Unknown parameter 'usrquota' [ 415.459888][ T8146] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1087'. [ 415.647477][ T8152] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1089'. [ 416.206732][ T8162] Bluetooth: MGMT ver 1.22 [ 416.971971][ T8168] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1097'. [ 418.349885][ T8176] netlink: 'syz.3.1096': attribute type 10 has an invalid length. [ 418.616998][ T8176] bond0: (slave netdevsim0): Releasing backup interface [ 418.629673][ T8176] team0: Port device netdevsim0 added [ 418.648975][ T8175] netlink: 'syz.3.1096': attribute type 10 has an invalid length. [ 418.797995][ T8175] team0: Port device netdevsim0 removed [ 418.807077][ T8175] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 420.678816][ T8199] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1105'. [ 420.707446][ T8205] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1107'. [ 420.766689][ T8199] netlink: 'syz.1.1105': attribute type 10 has an invalid length. [ 420.812356][ T8209] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1109'. [ 420.949897][ T7] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 421.148692][ T7] usb 3-1: Using ep0 maxpacket: 8 [ 421.156731][ T7] usb 3-1: config 0 has no interfaces? [ 421.175540][ T7] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 421.203301][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.237545][ T7] usb 3-1: config 0 descriptor?? [ 423.667075][ T4239] usb 3-1: USB disconnect, device number 2 [ 424.948659][ T8268] binder: 8258:8268 ioctl c0306201 20000140 returned -14 [ 424.997803][ T4252] Bluetooth: hci0: command 0x0406 tx timeout [ 425.226461][ T8272] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1123'. [ 425.295368][ T8273] netlink: 'syz.0.1123': attribute type 10 has an invalid length. [ 428.245687][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 432.059983][ T4265] Bluetooth: hci1: command 0x0406 tx timeout [ 432.737595][ T8359] Illegal XDP return value 4294967294 on prog (id 142) dev N/A, expect packet loss! [ 433.335330][ T8373] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1150'. [ 435.855355][ T8396] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1156'. [ 438.403401][ T8429] ip_vti0 speed is unknown, defaulting to 1000 [ 438.618622][ T4252] Bluetooth: hci3: command 0x0406 tx timeout [ 438.705472][ T8437] binder: 8430:8437 ioctl c0306201 20000140 returned -14 [ 440.003054][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.009577][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.055880][ T8473] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 444.417528][ T8488] siw: device registration error -23 [ 446.538620][ T4265] Bluetooth: hci1: command 0x0406 tx timeout [ 448.660679][ T4252] Bluetooth: hci1: command 0x0406 tx timeout [ 449.732572][ T46] Bluetooth: hci5: Frame reassembly failed (-84) [ 451.014711][ T8555] netlink: 'syz.2.1194': attribute type 5 has an invalid length. [ 451.658737][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 453.851542][ T27] audit: type=1326 audit(1731292180.044:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8568 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25db37e719 code=0x7ffc0000 [ 453.907983][ T27] audit: type=1326 audit(1731292180.054:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8568 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25db37e719 code=0x7ffc0000 [ 453.946869][ T27] audit: type=1326 audit(1731292180.164:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8568 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f25db37e719 code=0x7ffc0000 [ 453.980052][ T27] audit: type=1326 audit(1731292180.164:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8568 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25db37e719 code=0x7ffc0000 [ 454.068613][ T27] audit: type=1326 audit(1731292180.164:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8568 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25db37e719 code=0x7ffc0000 [ 454.309931][ T8568] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 457.425888][ T8613] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1210'. [ 458.046980][ T8622] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1213'. [ 458.086336][ T8622] device bridge_slave_1 left promiscuous mode [ 458.100824][ T8622] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.126023][ T8622] bridge2: port 1(bridge_slave_1) entered blocking state [ 458.133736][ T8622] bridge2: port 1(bridge_slave_1) entered disabled state [ 458.150853][ T8622] device bridge_slave_1 entered promiscuous mode [ 461.875711][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 464.183457][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 464.790821][ T8711] netlink: 'syz.1.1239': attribute type 3 has an invalid length. [ 466.708890][ T4299] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 466.908796][ T4299] usb 4-1: Using ep0 maxpacket: 8 [ 466.946499][ T4299] usb 4-1: config 167 has too many interfaces: 202, using maximum allowed: 32 [ 467.018619][ T4299] usb 4-1: config 167 has 1 interface, different from the descriptor's value: 202 [ 467.106489][ T4299] usb 4-1: New USB device found, idVendor=1025, idProduct=005f, bcdDevice=fe.29 [ 467.143561][ T4299] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.277479][ T4299] usb 4-1: Product: syz [ 467.399118][ T4299] usb 4-1: Manufacturer: syz [ 467.466591][ T4299] usb 4-1: SerialNumber: syz [ 467.585784][ T4299] dvb-usb: found a 'Unknown USB1.1 DVB-T device ???? please report the name to the author' in warm state. [ 467.620087][ T4299] dvb-usb: bulk message failed: -22 (3/0) [ 467.738308][ T4299] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 467.769371][ T4299] dvbdev: DVB: registering new adapter (Unknown USB1.1 DVB-T device ???? please report the name to the author) [ 467.792646][ T4299] usb 4-1: media controller created [ 467.969379][ T4299] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 468.014985][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 468.032209][ T4299] dvb-usb: bulk message failed: -22 (6/0) [ 468.045031][ T4299] dvb-usb: no frontend was attached by 'Unknown USB1.1 DVB-T device ???? please report the name to the author' [ 468.125703][ T4299] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input11 [ 468.177670][ T4299] dvb-usb: schedule remote query interval to 150 msecs. [ 468.195998][ T4299] dvb-usb: bulk message failed: -22 (3/0) [ 468.256271][ T4299] dvb-usb: Unknown USB1.1 DVB-T device ???? please report the name to the author successfully initialized and connected. [ 468.364149][ T4299] dvb-usb: bulk message failed: -22 (1/0) [ 468.373672][ T4299] dvb-usb: error while querying for an remote control event. [ 468.458759][ T4265] Bluetooth: hci0: command 0x0406 tx timeout [ 468.573720][ T4299] dvb-usb: bulk message failed: -22 (1/0) [ 468.581681][ T4299] dvb-usb: error while querying for an remote control event. [ 468.858157][ T4299] dvb-usb: bulk message failed: -22 (1/0) [ 468.878943][ T4299] dvb-usb: error while querying for an remote control event. [ 469.543921][ T125] usb 4-1: USB disconnect, device number 5 [ 469.735044][ T125] dvb-usb: Unknown USB1.1 DVB-T device ???? please successfully deinitialized and disconnected. [ 470.394161][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 470.779146][ T8804] random: crng reseeded on system resumption [ 472.298735][ T4252] Bluetooth: hci2: command 0x0406 tx timeout [ 473.899218][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 475.414728][ T8860] netlink: 'syz.3.1281': attribute type 10 has an invalid length. [ 475.626044][ T8860] bond0: (slave netdevsim0): Releasing backup interface [ 475.725670][ T8860] team0: Port device netdevsim0 added [ 479.644556][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 480.496741][ T8914] netlink: 'syz.2.1298': attribute type 10 has an invalid length. [ 480.517237][ T8914] bond0: (slave netdevsim0): Releasing backup interface [ 480.533311][ T8914] team0: Port device netdevsim0 added [ 480.544060][ T8914] netlink: 'syz.2.1298': attribute type 10 has an invalid length. [ 480.636747][ T8914] team0: Port device netdevsim0 removed [ 480.683641][ T8914] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 482.227820][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 482.266124][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 482.302144][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 483.149845][ T5686] Bluetooth: hci5: Frame reassembly failed (-84) [ 485.018767][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 485.658312][ T8974] netlink: 'syz.4.1315': attribute type 10 has an invalid length. [ 485.844329][ T8974] bond0: (slave netdevsim0): Releasing backup interface [ 485.955658][ T8974] team0: Port device netdevsim0 added [ 486.098919][ T8979] netlink: 'syz.4.1315': attribute type 10 has an invalid length. [ 486.877985][ T8979] team0: Port device netdevsim0 removed [ 486.935822][ T8979] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 487.187990][ T8995] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1324'. [ 487.942417][ T5521] Bluetooth: hci5: Frame reassembly failed (-84) [ 489.818764][ T4265] Bluetooth: hci5: command 0x1003 tx timeout [ 489.826329][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 490.259100][ T9027] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 491.159994][ T9027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 491.211664][ T9027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 493.258617][ T9054] netlink: 'syz.3.1339': attribute type 10 has an invalid length. [ 493.863166][ T9055] netlink: 'syz.3.1339': attribute type 10 has an invalid length. [ 493.874717][ T9055] team0: Port device netdevsim0 removed [ 493.883296][ T9055] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 495.407156][ T5521] Bluetooth: hci5: Frame reassembly failed (-84) [ 496.080559][ T9076] netlink: 'syz.0.1344': attribute type 10 has an invalid length. [ 496.112557][ T9076] bond0: (slave netdevsim0): Releasing backup interface [ 496.365488][ T9076] team0: Port device netdevsim0 added [ 496.379304][ T9079] netlink: 'syz.0.1344': attribute type 10 has an invalid length. [ 497.155363][ T9079] team0: Port device netdevsim0 removed [ 497.178638][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 497.301458][ T9079] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 499.418574][ T4265] Bluetooth: hci1: command 0x0406 tx timeout [ 501.421529][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.428220][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.345541][ T9163] netlink: 'syz.4.1366': attribute type 10 has an invalid length. [ 502.559458][ T9163] bond0: (slave netdevsim0): Releasing backup interface [ 502.757671][ T9163] team0: Port device netdevsim0 added [ 502.779575][ T9160] netlink: 'syz.4.1366': attribute type 10 has an invalid length. [ 502.990234][ T9160] team0: Port device netdevsim0 removed [ 503.126094][ T9160] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 503.382226][ T9174] fuse: Unknown parameter '000000000000000000060x000000000000000600000000000000000006' [ 503.677912][ T9175] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 503.876419][ T9175] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 503.913296][ T9175] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 504.167716][ T9179] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1372'. [ 504.214417][ T9180] bridge4: port 1(bridge_slave_1) entered blocking state [ 504.256175][ T9180] bridge4: port 1(bridge_slave_1) entered disabled state [ 504.288276][ T9180] device bridge_slave_1 entered promiscuous mode [ 504.822869][ T9195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1376'. [ 505.557281][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 506.851099][ T9215] netlink: 'syz.1.1380': attribute type 10 has an invalid length. [ 506.860417][ T9215] bond0: (slave netdevsim0): Releasing backup interface [ 506.870199][ T9215] team0: Port device netdevsim0 added [ 506.878081][ T9215] netlink: 'syz.1.1380': attribute type 10 has an invalid length. [ 506.965303][ T9215] team0: Port device netdevsim0 removed [ 506.974163][ T9215] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 508.010274][ T9222] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1383'. [ 508.107863][ T9225] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1384'. [ 508.527890][ T9230] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 508.556562][ T9230] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 508.565081][ T9230] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 509.259235][ T9236] netlink: 'syz.2.1387': attribute type 10 has an invalid length. [ 509.375823][ T9242] siw: device registration error -23 [ 509.408178][ T9236] bond0: (slave netdevsim0): Releasing backup interface [ 509.595474][ T9236] team0: Port device netdevsim0 added [ 509.654714][ T9238] netlink: 'syz.2.1387': attribute type 10 has an invalid length. [ 510.616028][ T9238] team0: Port device netdevsim0 removed [ 510.628743][ T4252] Bluetooth: hci0: command 0x0406 tx timeout [ 510.707304][ T9238] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 511.863097][ T9260] netlink: 'syz.4.1391': attribute type 10 has an invalid length. [ 512.433583][ T9260] bond0: (slave netdevsim0): Releasing backup interface [ 512.485965][ T9260] team0: Port device netdevsim0 added [ 512.491880][ T9261] netlink: 'syz.4.1391': attribute type 10 has an invalid length. [ 512.624343][ T9261] team0: Port device netdevsim0 removed [ 512.632100][ T9261] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 512.829588][ T9264] fuse: Bad value for 'group_id' [ 513.295439][ T9271] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1396'. [ 514.377492][ T9279] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1398'. [ 514.429546][ T9279] device bridge_slave_1 left promiscuous mode [ 514.548863][ T9279] bridge0: port 2(bridge_slave_1) entered disabled state [ 514.666882][ T9279] bridge4: port 1(bridge_slave_1) entered blocking state [ 514.695593][ T9279] bridge4: port 1(bridge_slave_1) entered disabled state [ 514.849528][ T9279] device bridge_slave_1 entered promiscuous mode [ 514.965594][ T9281] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 515.128974][ T9281] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 515.141010][ T9281] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 516.957511][ T9307] fuse: Unknown parameter '000000000000000000060x000000000000000600000000000000000006' [ 517.878893][ T9312] netlink: 'syz.0.1404': attribute type 10 has an invalid length. [ 518.150942][ T9312] bond0: (slave netdevsim0): Releasing backup interface [ 518.162650][ T9312] team0: Port device netdevsim0 added [ 518.168514][ T9313] netlink: 'syz.0.1404': attribute type 10 has an invalid length. [ 518.249723][ T9313] team0: Port device netdevsim0 removed [ 518.257533][ T9313] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 518.503576][ T9319] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1407'. [ 518.938668][ T4265] Bluetooth: hci1: command 0x0406 tx timeout [ 519.058596][ T9330] netlink: 'syz.0.1405': attribute type 10 has an invalid length. [ 519.085172][ T9330] bond0: (slave netdevsim0): Releasing backup interface [ 519.096624][ T9330] team0: Port device netdevsim0 added [ 519.106327][ T9330] netlink: 'syz.0.1405': attribute type 10 has an invalid length. [ 519.290852][ T9330] team0: Port device netdevsim0 removed [ 519.298771][ T9330] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 519.402105][ T9331] siw: device registration error -23 [ 520.785011][ T9345] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 520.835425][ T9345] bridge1: port 1(bridge_slave_1) entered blocking state [ 520.923643][ T9345] bridge1: port 1(bridge_slave_1) entered disabled state [ 520.933372][ T9345] device bridge_slave_1 entered promiscuous mode [ 521.969641][ T4252] Bluetooth: hci0: command 0x0406 tx timeout [ 522.361358][ T9367] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 523.052213][ T9376] netlink: 'syz.0.1422': attribute type 10 has an invalid length. [ 523.235250][ T9376] bond0: (slave netdevsim0): Releasing backup interface [ 523.274567][ T9376] team0: Port device netdevsim0 added [ 523.281006][ T9375] netlink: 'syz.0.1422': attribute type 10 has an invalid length. [ 523.344201][ T9375] team0: Port device netdevsim0 removed [ 523.352899][ T9375] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 523.723778][ T9388] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1427'. [ 524.286247][ T9392] device bridge_slave_1 left promiscuous mode [ 524.320573][ T9392] bridge2: port 1(bridge_slave_1) entered disabled state [ 524.378585][ T4252] Bluetooth: hci1: command 0x0406 tx timeout [ 524.451649][ T9392] bridge4: port 1(bridge_slave_1) entered blocking state [ 524.487318][ T9392] bridge4: port 1(bridge_slave_1) entered disabled state [ 524.496978][ T9392] device bridge_slave_1 entered promiscuous mode [ 525.085742][ T9411] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1432'. [ 525.605709][ T9418] siw: device registration error -23 [ 526.458617][ T4252] Bluetooth: hci1: command 0x0406 tx timeout [ 527.014386][ T9424] netlink: 'syz.4.1434': attribute type 10 has an invalid length. [ 527.229261][ T9424] bond0: (slave netdevsim0): Releasing backup interface [ 527.249028][ T9424] team0: Port device netdevsim0 added [ 527.254883][ T9425] netlink: 'syz.4.1434': attribute type 10 has an invalid length. [ 527.298087][ T9425] team0: Port device netdevsim0 removed [ 527.306193][ T9425] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 530.370792][ T9467] tipc: Started in network mode [ 530.440536][ T9467] tipc: Node identity f7, cluster identity 4711 [ 530.550119][ T9467] tipc: Node number set to 247 [ 530.618979][ T4265] Bluetooth: hci2: command 0x0406 tx timeout [ 531.028352][ T9478] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 531.086803][ T9478] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 531.095348][ T9478] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 531.201201][ T9481] netlink: 'syz.0.1446': attribute type 10 has an invalid length. [ 531.517634][ T9481] bond0: (slave netdevsim0): Releasing backup interface [ 531.737525][ T9481] team0: Port device netdevsim0 added [ 531.760147][ T9483] netlink: 'syz.0.1446': attribute type 10 has an invalid length. [ 531.832399][ T9483] team0: Port device netdevsim0 removed [ 531.885351][ T9483] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 532.698554][ T4265] Bluetooth: hci2: command 0x0406 tx timeout [ 533.363104][ T9493] siw: device registration error -23 [ 534.938632][ T4252] Bluetooth: hci1: command 0x0406 tx timeout [ 540.353986][ T9558] siw: device registration error -23 [ 541.434437][ T4265] Bluetooth: hci3: command 0x0406 tx timeout [ 543.309719][ T9583] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1477'. [ 544.214723][ T9590] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 544.243757][ T9590] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 544.262320][ T9590] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 544.610846][ T9592] tipc: Started in network mode [ 544.615836][ T9592] tipc: Node identity f7, cluster identity 4711 [ 544.629129][ T9592] tipc: Node number set to 247 [ 548.050774][ T9630] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1491'. [ 548.619359][ T4265] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 548.625967][ T4252] Bluetooth: hci5: command 0x1003 tx timeout [ 548.911704][ T9635] tmpfs: Unknown parameter 'usrquota' [ 549.290848][ T9644] siw: device registration error -23 [ 551.413084][ T9659] fuse: Unknown parameter 'grou00000000000000000000' [ 552.921702][ T5686] Bluetooth: hci5: Frame reassembly failed (-84) [ 553.690111][ T9685] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1506'. [ 553.741203][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 554.858727][ T4255] Bluetooth: hci5: command 0x1003 tx timeout [ 554.866582][ T9632] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 554.917447][ T9695] tmpfs: Unknown parameter 'usrquota' [ 555.477312][ T9703] fuse: Unknown parameter 'group_i00000000000000000000' [ 556.252837][ T9706] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1513'. [ 556.311909][ T9706] device bridge_slave_1 left promiscuous mode [ 556.352011][ T9706] bridge4: port 1(bridge_slave_1) entered disabled state [ 556.395235][ T9706] bridge5: port 1(bridge_slave_1) entered blocking state [ 556.474799][ T9706] bridge5: port 1(bridge_slave_1) entered disabled state [ 556.569281][ T9706] device bridge_slave_1 entered promiscuous mode [ 557.886678][ T9726] siw: device registration error -23 [ 558.546203][ T9737] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1520'. [ 558.579651][ T9737] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1520'. [ 558.607186][ T9738] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 558.663466][ T9738] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 558.675775][ T9738] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 559.394840][ T9746] fuse: Unknown parameter 'group_i00000000000000000000' [ 559.840076][ T4798] Bluetooth: hci5: Frame reassembly failed (-84) [ 559.873644][ T9756] tmpfs: Unknown parameter 'usrquota' [ 561.042536][ T9766] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1530'. [ 561.101376][ T9766] device bridge_slave_1 left promiscuous mode [ 561.113573][ T9766] bridge4: port 1(bridge_slave_1) entered disabled state [ 561.147851][ T9766] bridge6: port 1(bridge_slave_1) entered blocking state [ 561.171751][ T9766] bridge6: port 1(bridge_slave_1) entered disabled state [ 561.214275][ T9766] device bridge_slave_1 entered promiscuous mode [ 561.738600][ T4255] Bluetooth: hci3: command 0x0406 tx timeout [ 561.898842][ T4255] Bluetooth: hci5: command 0x1003 tx timeout [ 561.906479][ T9632] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 562.310425][ T9777] siw: device registration error -23 [ 562.861060][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.867470][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.871188][ T9790] fuse: Unknown parameter 'group_i00000000000000000000' [ 564.609977][ T9806] tmpfs: Unknown parameter 'usrquota' [ 564.881802][ T9817] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1547'. [ 565.660773][ T9822] fuse: Unknown parameter 'group_id00000000000000000000' [ 566.209077][ T9832] siw: device registration error -23 [ 567.088871][ T9841] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 567.146374][ T9841] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 567.155225][ T9841] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 567.271854][ T4739] Bluetooth: hci5: Frame reassembly failed (-84) [ 568.305584][ T9854] tmpfs: Unknown parameter 'usrquota' [ 568.784919][ T9863] fuse: Unknown parameter 'group_id00000000000000000000' [ 569.324228][ T9871] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1563'. [ 569.338722][ T4255] Bluetooth: hci5: command 0x1003 tx timeout [ 569.344336][ T9632] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 569.664616][ T9877] siw: device registration error -23 [ 569.763480][ T9879] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1566'. [ 569.840008][ T9879] device bridge_slave_1 left promiscuous mode [ 569.848002][ T9879] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.874518][ T9879] bridge4: port 1(bridge_slave_1) entered blocking state [ 569.925072][ T9879] bridge4: port 1(bridge_slave_1) entered disabled state [ 569.937723][ T9881] fuse: Bad value for 'fd' [ 569.963211][ T9879] device bridge_slave_1 entered promiscuous mode [ 570.158930][ T9889] tmpfs: Unknown parameter 'usrquota' [ 570.502422][ T9895] fuse: Unknown parameter 'group_id00000000000000000000' [ 571.066941][ T9908] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1577'. [ 572.780568][ T9922] tmpfs: Unknown parameter 'usrquota' [ 573.061266][ T9935] fuse: Bad value for 'user_id' [ 573.286043][ T9938] siw: device registration error -23 [ 574.065596][ T9944] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1588'. [ 574.658614][ T9632] Bluetooth: hci2: command 0x0406 tx timeout [ 575.948130][ T9957] tmpfs: Unknown parameter 'usrquota' [ 576.487647][ T9969] fuse: Bad value for 'user_id' [ 576.706273][ T9974] infiniband syz0: set active [ 576.795615][ T9974] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 577.090946][ T9981] siw: device registration error -23 [ 577.132623][ T26] ip_vti0 speed is unknown, defaulting to 1000 [ 578.546507][ T9991] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1604'. [ 578.602376][ T9991] device bridge_slave_1 left promiscuous mode [ 578.616088][ T9991] bridge4: port 1(bridge_slave_1) entered disabled state [ 578.618840][ T4255] Bluetooth: hci3: command 0x0406 tx timeout [ 578.914177][T10000] tmpfs: Unknown parameter 'usrquota' [ 580.151668][T10012] fuse: Bad value for 'user_id' [ 582.644589][T10030] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1617'. [ 582.670768][T10034] siw: device registration error -23 [ 582.690912][T10030] device bridge_slave_1 left promiscuous mode [ 582.710505][T10030] bridge1: port 1(bridge_slave_1) entered disabled state [ 585.171003][T10053] tmpfs: Unknown parameter 'usrquota' [ 587.369359][T10081] tipc: Started in network mode [ 587.374290][T10081] tipc: Node identity f7, cluster identity 4711 [ 587.388586][T10081] tipc: Node number set to 247 [ 589.335099][T10105] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1636'. [ 589.347022][T10105] netlink: 'syz.0.1636': attribute type 10 has an invalid length. [ 590.249182][T10104] tmpfs: Unknown parameter 'usrquota' [ 591.742192][T10115] netlink: 'syz.3.1640': attribute type 10 has an invalid length. [ 591.765816][T10115] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1640'. [ 591.879966][T10115] team0: Port device geneve0 added [ 592.213478][T10125] siw: device registration error -23 [ 594.568655][T10143] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1647'. [ 594.582943][T10143] netlink: 'syz.3.1647': attribute type 10 has an invalid length. [ 595.577460][T10149] tmpfs: Unknown parameter 'usrquota' [ 595.578640][ T9632] Bluetooth: hci2: command 0x0406 tx timeout [ 597.716653][T10175] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1658'. [ 597.728550][T10175] netlink: 'syz.0.1658': attribute type 10 has an invalid length. [ 598.991301][T10180] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1659'. [ 599.114157][T10186] bridge5: port 1(bridge_slave_1) entered blocking state [ 599.167115][T10186] bridge5: port 1(bridge_slave_1) entered disabled state [ 599.180159][T10186] device bridge_slave_1 entered promiscuous mode [ 602.109266][T10215] siw: device registration error -23 [ 604.486995][T10221] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1670'. [ 604.499056][T10221] netlink: 'syz.4.1670': attribute type 10 has an invalid length. [ 605.489396][ T4505] Bluetooth: hci5: Frame reassembly failed (-84) [ 607.297443][T10259] netlink: 'syz.3.1680': attribute type 2 has an invalid length. [ 607.498568][ T9632] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 607.672922][T10265] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1683'. [ 607.684515][T10265] netlink: 'syz.4.1683': attribute type 10 has an invalid length. [ 607.898539][ T4252] Bluetooth: hci2: command 0x0406 tx timeout [ 609.668659][ T26] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 609.689556][T10286] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1690'. [ 609.740341][T10286] bridge7: port 1(bridge_slave_1) entered blocking state [ 609.768955][T10286] bridge7: port 1(bridge_slave_1) entered disabled state [ 609.777303][T10286] device bridge_slave_1 entered promiscuous mode [ 609.868548][ T26] usb 1-1: Using ep0 maxpacket: 8 [ 609.875650][ T26] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 609.897880][ T26] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 609.948154][ T26] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 609.966536][ T26] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 609.989791][ T26] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 610.011598][ T26] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 610.023535][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.267492][ T26] usb 1-1: usb_control_msg returned -32 [ 610.277658][ T26] usbtmc 1-1:16.0: can't read capabilities [ 610.693891][T10296] usbtmc 1-1:16.0: usb_control_msg returned -32 [ 610.851274][ T4299] usb 1-1: USB disconnect, device number 3 [ 610.984991][T10300] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1694'. [ 610.996613][T10300] netlink: 'syz.1.1694': attribute type 10 has an invalid length. [ 611.996570][T10306] tipc: Started in network mode [ 612.028827][T10306] tipc: Node identity 3206faa9748a, cluster identity 4711 [ 612.058901][T10306] tipc: Enabled bearer , priority 10 [ 612.328711][ T9632] Bluetooth: hci3: command 0x0406 tx timeout [ 613.010369][T10327] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1702'. [ 613.100967][ T4739] Bluetooth: hci5: Frame reassembly failed (-84) [ 613.132621][T10327] device bridge_slave_1 left promiscuous mode [ 613.213465][T10327] bridge6: port 1(bridge_slave_1) entered disabled state [ 613.238067][ T4299] tipc: Node number set to 1183644329 [ 614.866000][T10349] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1708'. [ 614.877808][T10349] netlink: 'syz.3.1708': attribute type 10 has an invalid length. [ 615.099005][ T9632] Bluetooth: hci5: command 0x1003 tx timeout [ 615.107029][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 616.022359][T10359] netlink: 'syz.3.1709': attribute type 10 has an invalid length. [ 616.035521][T10359] bond0: (slave netdevsim0): Releasing backup interface [ 616.061303][T10359] team0: Port device netdevsim0 added [ 616.082750][T10359] netlink: 'syz.3.1709': attribute type 10 has an invalid length. [ 616.598378][T10359] team0: Port device netdevsim0 removed [ 616.607096][T10359] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 616.720667][T10362] fuse: Bad value for 'rootmode' [ 617.017624][T10373] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1717'. [ 617.075252][T10373] device bridge_slave_1 left promiscuous mode [ 617.086414][T10373] bridge5: port 1(bridge_slave_1) entered disabled state [ 617.418552][ T9632] Bluetooth: hci1: command 0x0406 tx timeout [ 619.288785][T10397] netlink: 'syz.3.1724': attribute type 10 has an invalid length. [ 619.879416][T10397] bond0: (slave netdevsim0): Releasing backup interface [ 619.890020][T10397] team0: Port device netdevsim0 added [ 619.897960][T10398] netlink: 'syz.3.1724': attribute type 10 has an invalid length. [ 619.969279][T10398] team0: Port device netdevsim0 removed [ 619.976722][T10398] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 620.610337][T10413] fuse: Bad value for 'rootmode' [ 621.294498][ T9632] Bluetooth: hci5: sending frame failed (-49) [ 621.302295][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 621.801342][T10430] syz.3.1733[10430] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 621.801440][T10430] syz.3.1733[10430] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 622.808650][ T4252] Bluetooth: hci0: command 0x0406 tx timeout [ 623.388168][T10446] tmpfs: Unknown parameter 'usrquota' [ 624.277726][T10460] fuse: Bad value for 'rootmode' [ 624.300933][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.307285][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.352878][T10462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1742'. [ 624.480387][T10469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1743'. [ 624.526949][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 624.546672][T10468] netlink: 'syz.0.1744': attribute type 8 has an invalid length. [ 624.583476][T10468] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1744'. [ 625.022629][T10480] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1739'. [ 625.106526][T10481] netlink: 'syz.3.1739': attribute type 10 has an invalid length. [ 625.825612][T10487] tmpfs: Unknown parameter 'usrquota' [ 627.369357][ T9632] Bluetooth: hci0: command 0x0406 tx timeout [ 628.332676][T10502] tmpfs: Unknown parameter 'usrquota' [ 628.447949][T10507] fuse: Unknown parameter 'use00000000000000000000' [ 629.254601][T10514] netlink: 'syz.0.1755': attribute type 2 has an invalid length. [ 631.401284][ T4301] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 631.498736][ T4252] Bluetooth: hci5: command 0x1003 tx timeout [ 631.505306][ T9632] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 631.652658][T10541] tmpfs: Unknown parameter 'usrquota' [ 631.680771][T10543] fuse: Unknown parameter 'use00000000000000000000' [ 631.698992][ T4301] usb 2-1: Using ep0 maxpacket: 8 [ 631.706081][ T4301] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 631.787220][ T4301] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 631.807907][ T4301] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 631.845605][ T4301] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 631.889579][T10546] fuse: Bad value for 'group_id' [ 631.904439][ T4301] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 631.934319][ T4301] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.045318][T10550] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1763'. [ 632.085562][T10550] netlink: 'syz.3.1763': attribute type 10 has an invalid length. [ 632.167529][ T4301] usb 2-1: usb_control_msg returned -32 [ 632.174042][ T4301] usbtmc 2-1:16.0: can't read capabilities [ 632.192767][T10555] netlink: 'syz.2.1771': attribute type 8 has an invalid length. [ 632.298617][ T9632] Bluetooth: hci0: command 0x0406 tx timeout [ 632.443063][T10555] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1771'. [ 632.764535][T10562] geneve0 speed is unknown, defaulting to 1000 [ 632.794433][T10562] geneve0 speed is unknown, defaulting to 1000 [ 632.813706][T10562] geneve0 speed is unknown, defaulting to 1000 [ 633.089790][ T22] geneve0 speed is unknown, defaulting to 1000 [ 633.096155][T10562] infiniband syz2: set active [ 633.101669][T10562] infiniband syz2: added geneve0 [ 633.305202][T10562] RDS/IB: syz2: added [ 633.988084][T10562] smc: adding ib device syz2 with port count 1 [ 633.995013][T10562] smc: ib device syz2 port 1 has pnetid [ 634.005941][ T4299] geneve0 speed is unknown, defaulting to 1000 [ 634.012838][T10562] geneve0 speed is unknown, defaulting to 1000 [ 634.126613][ T4299] usb 2-1: USB disconnect, device number 3 [ 634.422736][T10562] geneve0 speed is unknown, defaulting to 1000 [ 634.699573][T10577] tmpfs: Unknown parameter 'usrquota' [ 634.900777][T10562] geneve0 speed is unknown, defaulting to 1000 [ 635.611833][T10562] geneve0 speed is unknown, defaulting to 1000 [ 635.684609][T10587] fuse: Unknown parameter 'use00000000000000000000' [ 635.890243][T10589] fuse: Bad value for 'group_id' [ 635.915394][T10562] geneve0 speed is unknown, defaulting to 1000 [ 637.098705][ T9632] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 637.105199][ T4255] Bluetooth: hci5: command 0x1003 tx timeout [ 637.609951][T10607] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1784'. [ 639.360909][T10605] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 639.399673][T10605] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 639.421129][T10605] bond0 (unregistering): (slave netdevsim0): Releasing backup interface [ 639.764746][T10605] bond0 (unregistering): Released all slaves [ 640.135909][T10619] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1787'. [ 640.183309][T10620] device bridge_slave_1 left promiscuous mode [ 640.278833][T10620] bridge5: port 1(bridge_slave_1) entered disabled state [ 640.312192][T10620] bridge8: port 1(bridge_slave_1) entered blocking state [ 640.377156][T10620] bridge8: port 1(bridge_slave_1) entered disabled state [ 640.399727][T10620] device bridge_slave_1 entered promiscuous mode [ 640.452776][T10632] fuse: Unknown parameter 'user_i00000000000000000000' [ 640.527806][T10626] netlink: 'syz.1.1788': attribute type 10 has an invalid length. [ 640.536917][T10626] bond0: (slave netdevsim0): Releasing backup interface [ 640.549538][T10626] team0: Port device netdevsim0 added [ 640.555544][T10627] netlink: 'syz.1.1788': attribute type 10 has an invalid length. [ 640.607001][T10636] fuse: Bad value for 'group_id' [ 640.652411][T10627] team0: Port device netdevsim0 removed [ 640.660329][T10627] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 640.779385][T10640] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1793'. [ 640.796500][T10641] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1794'. [ 641.102029][T10650] tmpfs: Unknown parameter 'usrquota' [ 641.557976][T10657] random: crng reseeded on system resumption [ 642.814845][T10676] syz.1.1802[10676] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 642.814957][T10676] syz.1.1802[10676] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 643.258647][ T6208] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 643.548484][ T6208] usb 1-1: device descriptor read/64, error -71 [ 643.870832][T10685] netlink: 'syz.3.1805': attribute type 10 has an invalid length. [ 644.028636][ T6208] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 644.474983][T10685] bond0: (slave netdevsim0): Releasing backup interface [ 644.505694][T10685] team0: Port device netdevsim0 added [ 644.511732][T10686] netlink: 'syz.3.1805': attribute type 10 has an invalid length. [ 644.535296][T10687] fuse: Unknown parameter 'user_i00000000000000000000' [ 644.598927][T10686] team0: Port device netdevsim0 removed [ 644.606679][T10686] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 644.688505][ T6208] usb 1-1: device descriptor read/64, error -71 [ 644.808789][ T6208] usb usb1-port1: attempt power cycle [ 645.269041][ T6208] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 645.566225][T10697] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1808'. [ 647.820019][ T6208] usb 1-1: device descriptor read/8, error -71 [ 648.040561][T10710] tmpfs: Unknown parameter 'usrquota' [ 648.384784][T10717] tmpfs: Unknown parameter 'usrquota' [ 649.280108][T10728] netlink: 'syz.4.1817': attribute type 10 has an invalid length. [ 649.309585][T10728] team0: Port device netdevsim0 added [ 649.335214][T10728] netlink: 'syz.4.1817': attribute type 10 has an invalid length. [ 649.749613][T10728] team0: Port device netdevsim0 removed [ 649.989632][T10731] fuse: Unknown parameter 'user_i00000000000000000000' [ 650.378569][ T9632] Bluetooth: hci3: command 0x0406 tx timeout [ 650.523699][T10739] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1822'. [ 650.629076][T10742] device bridge_slave_1 left promiscuous mode [ 650.639892][T10742] bridge4: port 1(bridge_slave_1) entered disabled state [ 650.802541][T10744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1823'. [ 650.814426][T10742] bridge5: port 1(bridge_slave_1) entered blocking state [ 650.852270][T10742] bridge5: port 1(bridge_slave_1) entered disabled state [ 650.873862][T10742] device bridge_slave_1 entered promiscuous mode [ 653.464991][T10765] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1828'. [ 653.479266][T10765] netlink: 'syz.2.1828': attribute type 10 has an invalid length. [ 654.693829][T10769] netlink: 'syz.0.1829': attribute type 10 has an invalid length. [ 654.734739][T10769] bond0: (slave netdevsim0): Releasing backup interface [ 654.762273][T10769] team0: Port device netdevsim0 added [ 654.785269][T10769] netlink: 'syz.0.1829': attribute type 10 has an invalid length. [ 655.307915][T10767] tmpfs: Unknown parameter 'usrquota' [ 655.335720][T10769] team0: Port device netdevsim0 removed [ 655.343644][T10769] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 655.568732][ T4299] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 655.728430][ T4299] usb 5-1: device descriptor read/64, error -71 [ 656.008466][ T4299] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 656.179064][ T4299] usb 5-1: device descriptor read/64, error -71 [ 656.301074][T10784] tmpfs: Unknown parameter 'usrquota' [ 656.329133][ T4299] usb usb5-port1: attempt power cycle [ 656.629246][T10791] random: crng reseeded on system resumption [ 657.888768][ T4299] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 658.146467][ T4252] Bluetooth: hci3: command 0x0406 tx timeout [ 659.816938][ T4299] usb 5-1: device descriptor read/8, error -71 [ 660.836096][T10813] netlink: 'syz.4.1841': attribute type 10 has an invalid length. [ 660.876859][T10813] team0: Port device netdevsim0 added [ 660.979733][T10813] netlink: 'syz.4.1841': attribute type 10 has an invalid length. [ 661.803956][T10813] team0: Port device netdevsim0 removed [ 663.103895][ T11] Bluetooth: hci5: Frame reassembly failed (-84) [ 663.706017][T10840] fuse: Unknown parameter 'user_id00000000000000000000' [ 664.938545][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 664.945068][ T9632] Bluetooth: hci5: command 0x1003 tx timeout [ 665.496914][T10858] netlink: 'syz.3.1855': attribute type 10 has an invalid length. [ 666.113813][T10858] bond0: (slave netdevsim0): Releasing backup interface [ 666.125395][T10858] team0: Port device netdevsim0 added [ 666.132520][T10859] netlink: 'syz.3.1855': attribute type 10 has an invalid length. [ 666.229859][T10859] team0: Port device netdevsim0 removed [ 666.237687][T10859] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 666.314710][ T4324] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 666.489002][ T4324] usb 3-1: device descriptor read/64, error -71 [ 666.788512][ T4324] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 666.979016][ T4324] usb 3-1: device descriptor read/64, error -71 [ 667.046582][T10873] tmpfs: Unknown parameter 'usrquota' [ 667.118932][ T4324] usb usb3-port1: attempt power cycle [ 667.558514][ T4324] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 667.921414][T10883] fuse: Bad value for 'fd' [ 669.111556][ T11] Bluetooth: hci5: Frame reassembly failed (-84) [ 669.418230][ T4324] usb 3-1: device descriptor read/8, error -71 [ 670.037640][T10899] netlink: 'syz.2.1868': attribute type 10 has an invalid length. [ 670.600677][T10899] bond0: (slave netdevsim0): Releasing backup interface [ 670.627226][T10899] team0: Port device netdevsim0 added [ 670.633724][T10900] netlink: 'syz.2.1868': attribute type 10 has an invalid length. [ 670.675904][T10900] team0: Port device netdevsim0 removed [ 670.683368][T10900] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 671.098612][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 671.703579][T10915] device bridge_slave_1 left promiscuous mode [ 671.749276][T10915] bridge8: port 1(bridge_slave_1) entered disabled state [ 672.379881][T10923] fuse: Bad value for 'fd' [ 673.504196][T10932] netlink: 'syz.3.1879': attribute type 10 has an invalid length. [ 674.300687][T10932] bond0: (slave netdevsim0): Releasing backup interface [ 674.310222][T10932] team0: Port device netdevsim0 added [ 674.316018][T10931] netlink: 'syz.3.1879': attribute type 10 has an invalid length. [ 674.394975][T10931] team0: Port device netdevsim0 removed [ 674.403539][T10931] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 674.428537][T10936] device vlan2 entered promiscuous mode [ 674.516984][T10936] device syz_tun entered promiscuous mode [ 674.552533][T10936] team0: Port device vlan2 added [ 675.112944][ T46] Bluetooth: hci5: Frame reassembly failed (-84) [ 675.174205][T10945] tmpfs: Unknown parameter 'usrquota' [ 676.397931][T10967] fuse: Bad value for 'fd' [ 677.098685][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 677.918727][T10974] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1891'. [ 678.005578][T10974] bridge10: port 1(bridge_slave_1) entered blocking state [ 678.154855][T10974] bridge10: port 1(bridge_slave_1) entered disabled state [ 678.182664][T10974] device bridge_slave_1 entered promiscuous mode [ 679.727878][T10997] sp0: Synchronizing with TNC [ 679.838747][T11002] fuse: Unknown parameter '0x0000000000000003' [ 680.188001][ T4505] Bluetooth: hci5: Frame reassembly failed (-84) [ 680.261581][T11011] device vlan2 entered promiscuous mode [ 682.218911][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 682.835920][T11042] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1912'. [ 682.884850][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 683.153092][T11048] fuse: Unknown parameter '0x0000000000000003' [ 684.173422][T11051] netlink: 'syz.1.1915': attribute type 10 has an invalid length. [ 684.240575][T11051] bond0: (slave netdevsim0): Releasing backup interface [ 684.261771][T11051] team0: Port device netdevsim0 added [ 684.267743][T11057] netlink: 'syz.1.1915': attribute type 10 has an invalid length. [ 684.364215][T11057] team0: Port device netdevsim0 removed [ 684.372905][T11057] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 684.472261][T11063] sp0: Synchronizing with TNC [ 684.605659][ T46] Bluetooth: hci5: Frame reassembly failed (-84) [ 684.932355][ T4505] Bluetooth: hci6: Frame reassembly failed (-84) [ 685.740515][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.746926][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.876734][T11079] libceph: resolve '. [ 685.876734][T11079] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 685.876734][T11079] ' (ret=-3): failed [ 685.945410][T11079] loop7: detected capacity change from 0 to 16384 [ 686.311856][ T4299] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 686.508496][ T4299] usb 2-1: Using ep0 maxpacket: 16 [ 686.517696][ T4299] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 686.568236][ T4299] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 686.618643][ T4255] Bluetooth: hci5: command 0x1003 tx timeout [ 686.625137][ T4252] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 686.647112][ T4299] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 686.726440][ T4299] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.757050][T11086] fuse: Bad value for 'fd' [ 686.792574][T11086] Process accounting resumed [ 686.851866][ T4299] usb 2-1: config 0 descriptor?? [ 686.938543][ T9632] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 686.945212][ T4252] Bluetooth: hci6: command 0x1003 tx timeout [ 687.546489][ T4299] usbhid 2-1:0.0: can't add hid device: -71 [ 687.556726][ T4299] usbhid: probe of 2-1:0.0 failed with error -71 [ 687.600632][ T4299] usb 2-1: USB disconnect, device number 4 [ 688.756111][T11107] netlink: 'syz.0.1930': attribute type 10 has an invalid length. [ 689.307344][T11107] bond0: (slave netdevsim0): Releasing backup interface [ 689.318131][T11107] team0: Port device netdevsim0 added [ 689.324303][T11108] netlink: 'syz.0.1930': attribute type 10 has an invalid length. [ 689.356154][T11108] team0: Port device netdevsim0 removed [ 689.365501][T11108] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 690.295182][T11120] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1933'. [ 690.797989][T10399] Bluetooth: hci5: Frame reassembly failed (-84) [ 692.858608][ T4255] Bluetooth: hci5: command 0x1003 tx timeout [ 692.858923][ T9632] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 693.737962][T11172] netlink: 'syz.4.1943': attribute type 10 has an invalid length. [ 693.914482][T11172] team0: Port device netdevsim0 added [ 693.921450][T11174] netlink: 'syz.4.1943': attribute type 10 has an invalid length. [ 694.138663][ T9632] Bluetooth: hci1: command 0x0406 tx timeout [ 694.640556][T11174] team0: Port device netdevsim0 removed [ 694.729550][T11182] netlink: 'syz.2.1946': attribute type 10 has an invalid length. [ 694.826697][T11186] tmpfs: Unknown parameter 'usrquota' [ 694.925111][T11182] bond0: (slave netdevsim0): Releasing backup interface [ 695.162107][T11182] team0: Port device netdevsim0 added [ 698.798958][T11219] netlink: 'syz.2.1960': attribute type 10 has an invalid length. [ 698.833620][T11219] bridge0: port 1(bridge_slave_0) entered disabled state [ 698.857046][T11222] tmpfs: Unknown parameter 'usrquota' [ 698.871154][T11219] bridge0: port 1(bridge_slave_0) entered blocking state [ 698.878473][T11219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 698.923863][T11219] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 699.198071][T11233] device bridge_slave_1 left promiscuous mode [ 699.212319][T11233] bridge7: port 1(bridge_slave_1) entered disabled state [ 699.385536][T11238] libceph: resolve '. [ 699.385536][T11238] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 699.385536][T11238] ' (ret=-3): failed [ 699.998866][ T4299] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 700.999143][ T4299] usb 4-1: Using ep0 maxpacket: 16 [ 701.008523][ T4299] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 701.040717][ T4299] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 701.088427][ T4299] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 701.280179][ T4299] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.290643][ T4299] usb 4-1: config 0 descriptor?? [ 701.313766][T11260] smc: net device bond0 applied user defined pnetid SYZ0 [ 702.248196][T11266] tmpfs: Unknown parameter 'usrquota' [ 703.428048][ T4299] usbhid 4-1:0.0: can't add hid device: -71 [ 703.429462][T11277] netlink: 'syz.2.1970': attribute type 10 has an invalid length. [ 703.436826][ T4299] usbhid: probe of 4-1:0.0 failed with error -71 [ 703.460227][ T4299] usb 4-1: USB disconnect, device number 6 [ 703.735490][T11286] siw: device registration error -23 [ 703.771060][T11281] netlink: 'syz.2.1970': attribute type 10 has an invalid length. [ 703.884027][T11281] team0: Port device netdevsim0 removed [ 703.946478][T11281] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 704.452213][T11293] device vlan2 entered promiscuous mode [ 706.202013][T11307] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1987'. [ 706.280794][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 706.440154][T11312] tmpfs: Unknown parameter 'usrquota' [ 706.907226][T11324] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1993'. [ 706.926767][T11324] bridge9: port 1(bridge_slave_1) entered blocking state [ 706.948567][T11324] bridge9: port 1(bridge_slave_1) entered disabled state [ 708.337528][T11324] device bridge_slave_1 entered promiscuous mode [ 708.768668][T11331] libceph: resolve '. [ 708.768668][T11331] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 708.768668][T11331] ' (ret=-3): failed [ 709.135743][ T4470] Bluetooth: hci5: Frame reassembly failed (-84) [ 709.188571][ T26] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 709.378446][ T26] usb 5-1: Using ep0 maxpacket: 16 [ 709.385997][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 709.405706][ T26] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 709.455694][ T26] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 709.477489][ T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.497895][ T26] usb 5-1: config 0 descriptor?? [ 710.180306][ T26] usbhid 5-1:0.0: can't add hid device: -71 [ 710.188145][ T26] usbhid: probe of 5-1:0.0 failed with error -71 [ 710.207891][ T26] usb 5-1: USB disconnect, device number 7 [ 711.307778][ T4255] Bluetooth: hci5: command 0x1003 tx timeout [ 711.315773][ T9632] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 711.496657][T11354] netlink: 'syz.3.1998': attribute type 10 has an invalid length. [ 711.521369][T11359] tmpfs: Unknown parameter 'usrquota' [ 711.552872][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 711.602915][T11354] bond0: (slave netdevsim0): Releasing backup interface [ 711.672157][T11354] team0: Port device netdevsim0 added [ 711.678142][T11360] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2002'. [ 711.696961][T11358] netlink: 'syz.3.1998': attribute type 10 has an invalid length. [ 711.804427][T11358] team0: Port device netdevsim0 removed [ 711.831148][T11358] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 713.928048][ T4255] Bluetooth: hci3: command 0x0406 tx timeout [ 714.651323][T11398] tmpfs: Unknown parameter 'usrquota' [ 714.669169][T11395] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 714.845146][T11401] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2016'. [ 716.293684][T11423] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2022'. [ 716.343811][T11423] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2022'. [ 716.669657][T11430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2025'. [ 717.663221][T11435] tmpfs: Unknown parameter 'usrquota' [ 718.056355][T11449] device bridge_slave_1 left promiscuous mode [ 718.064623][T11449] bridge5: port 1(bridge_slave_1) entered disabled state [ 719.727792][T11471] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2034'. [ 719.739119][T11471] netlink: 'syz.3.2034': attribute type 10 has an invalid length. [ 720.925012][T11478] tmpfs: Unknown parameter 'usrquota' [ 721.219383][T11484] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2040'. [ 722.952689][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 725.101165][T11520] tmpfs: Unknown parameter 'usrquota' [ 725.370690][T11530] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2053'. [ 725.523349][T11534] netlink: 'syz.0.2050': attribute type 10 has an invalid length. [ 725.570404][T11534] bond0: (slave netdevsim0): Releasing backup interface [ 725.581317][T11534] team0: Port device netdevsim0 added [ 725.587210][T11535] netlink: 'syz.0.2050': attribute type 10 has an invalid length. [ 725.759057][T11535] team0: Port device netdevsim0 removed [ 725.766912][T11535] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 725.777011][T11530] device bridge_slave_1 left promiscuous mode [ 725.797814][T11530] bridge9: port 1(bridge_slave_1) entered disabled state [ 725.817640][T11530] bridge12: port 1(bridge_slave_1) entered blocking state [ 725.901927][T11530] bridge12: port 1(bridge_slave_1) entered disabled state [ 725.982383][T11530] device bridge_slave_1 entered promiscuous mode [ 727.006141][T11549] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2058'. [ 727.018596][T11549] netlink: 'syz.4.2058': attribute type 10 has an invalid length. [ 727.683344][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 729.867420][T11573] tmpfs: Unknown parameter 'usrquota' [ 729.919839][T11577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2065'. [ 729.947329][T11577] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2065'. [ 729.960848][T11578] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2066'. [ 730.106513][T11582] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2067'. [ 730.221870][T11582] bridge11: port 1(bridge_slave_1) entered blocking state [ 730.262991][T11582] bridge11: port 1(bridge_slave_1) entered disabled state [ 730.347053][T11582] device bridge_slave_1 entered promiscuous mode [ 730.808669][T11587] tmpfs: Unknown parameter 'usrquota' [ 731.075801][T11593] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2070'. [ 731.085645][T11593] netlink: 'syz.1.2070': attribute type 10 has an invalid length. [ 731.461851][T11599] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2072'. [ 731.493381][T11599] device bridge_slave_1 left promiscuous mode [ 731.521492][T11599] bridge11: port 1(bridge_slave_1) entered disabled state [ 731.617345][T11599] bridge12: port 1(bridge_slave_1) entered blocking state [ 731.641218][T11599] bridge12: port 1(bridge_slave_1) entered disabled state [ 731.672450][T11599] device bridge_slave_1 entered promiscuous mode [ 734.028149][T11620] tmpfs: Unknown parameter 'usrquota' [ 734.317386][T11626] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2080'. [ 734.365396][T11626] bridge6: port 1(bridge_slave_1) entered blocking state [ 734.398122][T11626] bridge6: port 1(bridge_slave_1) entered disabled state [ 734.440039][T11626] device bridge_slave_1 entered promiscuous mode [ 734.886321][T11634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2081'. [ 735.354895][T11641] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2084'. [ 735.364658][T11641] netlink: 'syz.2.2084': attribute type 10 has an invalid length. [ 736.491858][T11648] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2087'. [ 736.670584][T11648] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2087'. [ 737.924561][T11662] tmpfs: Unknown parameter 'usrquota' [ 737.925048][T11661] tmpfs: Unknown parameter 'usrquota' [ 738.012387][T11664] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2091'. [ 738.103063][T11664] bridge9: port 1(bridge_slave_1) entered blocking state [ 738.132210][T11664] bridge9: port 1(bridge_slave_1) entered disabled state [ 738.170004][T11664] device bridge_slave_1 entered promiscuous mode [ 738.491027][T11673] siw: device registration error -23 [ 738.995404][T11678] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2095'. [ 739.668834][T11686] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2098'. [ 739.680899][T11686] netlink: 'syz.0.2098': attribute type 10 has an invalid length. [ 740.898754][ T4301] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 741.953369][T11701] tmpfs: Unknown parameter 'usrquota' [ 741.959293][ T4301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 742.726891][ T4301] usb 4-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 742.737507][ T4301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 742.757574][ T4301] usb 4-1: config 0 descriptor?? [ 742.783545][ T4301] usb 4-1: can't set config #0, error -71 [ 742.792148][ T4301] usb 4-1: USB disconnect, device number 7 [ 745.433021][T11735] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2110'. [ 745.444864][T11735] netlink: 'syz.3.2110': attribute type 10 has an invalid length. [ 746.045143][T11726] tmpfs: Unknown parameter 'usrquota' [ 746.171622][T11741] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2113'. [ 746.388730][T11746] block device autoloading is deprecated and will be removed. [ 747.181082][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.187999][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.880998][T11750] tmpfs: Unknown parameter 'usrquota' [ 747.929283][T11756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2116'. [ 747.946557][T11756] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2116'. [ 750.383289][T11784] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2123'. [ 750.563427][T11784] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2123'. [ 750.797399][T11792] netlink: 'syz.0.2124': attribute type 10 has an invalid length. [ 751.022390][T11792] bond0: (slave netdevsim0): Releasing backup interface [ 751.035319][T11792] team0: Port device netdevsim0 added [ 751.049110][T11793] netlink: 'syz.0.2124': attribute type 10 has an invalid length. [ 751.312349][T11793] team0: Port device netdevsim0 removed [ 751.353562][T11793] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 752.668680][T11802] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2126'. [ 752.694874][T11802] device bridge_slave_1 left promiscuous mode [ 752.704226][T11802] bridge6: port 1(bridge_slave_1) entered disabled state [ 752.741147][T11802] bridge7: port 1(bridge_slave_1) entered blocking state [ 752.766994][T11802] bridge7: port 1(bridge_slave_1) entered disabled state [ 752.817621][T11802] device bridge_slave_1 entered promiscuous mode [ 753.086680][T11806] tmpfs: Unknown parameter 'usrquota' [ 753.296918][T11809] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2128'. [ 753.803290][T11825] tmpfs: Unknown parameter 'usrquota' [ 755.364160][T11837] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 755.978470][ T9632] Bluetooth: hci3: command 0x0406 tx timeout [ 756.429661][T11843] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2138'. [ 756.719868][T11847] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2139'. [ 756.770941][T11847] device bridge_slave_1 left promiscuous mode [ 756.788747][T11847] bridge9: port 1(bridge_slave_1) entered disabled state [ 756.846277][T11848] tmpfs: Unknown parameter 'usrquota' [ 756.942844][T11853] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2141'. [ 756.950218][T11855] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2142'. [ 757.780095][T11861] infiniband syz2: set down [ 757.831977][ T4299] geneve0 speed is unknown, defaulting to 1000 [ 757.945115][ T4299] geneve0 speed is unknown, defaulting to 1000 [ 759.121365][T11883] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2150'. [ 759.693651][T11892] tmpfs: Unknown parameter 'usrquota' [ 760.627938][T11898] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2154'. [ 760.695239][T11901] device bridge_slave_1 left promiscuous mode [ 760.885794][T11901] bridge10: port 1(bridge_slave_1) entered disabled state [ 761.488388][T11903] netlink: 'syz.2.2155': attribute type 10 has an invalid length. [ 762.312681][T11903] bond0: (slave netdevsim0): Releasing backup interface [ 762.323322][T11903] team0: Port device netdevsim0 added [ 762.329420][T11904] netlink: 'syz.2.2155': attribute type 10 has an invalid length. [ 762.361857][T11904] team0: Port device netdevsim0 removed [ 762.370617][T11904] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 762.741860][T11919] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2159'. [ 764.858894][ T4255] Bluetooth: hci1: command 0x0406 tx timeout [ 765.322323][T11945] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 765.432854][T11948] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2170'. [ 765.605761][T11953] netlink: 'syz.2.2167': attribute type 10 has an invalid length. [ 766.650386][T11953] bond0: (slave netdevsim0): Releasing backup interface [ 766.661940][T11953] team0: Port device netdevsim0 added [ 766.667812][T11954] netlink: 'syz.2.2167': attribute type 10 has an invalid length. [ 766.710203][T11956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2171'. [ 766.732480][T11954] team0: Port device netdevsim0 removed [ 766.740985][T11954] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 766.923587][T11962] tmpfs: Unknown parameter 'usrquota' [ 767.938817][T11974] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2177'. [ 768.067662][T11974] device bridge_slave_1 left promiscuous mode [ 768.104595][T11974] bridge12: port 1(bridge_slave_1) entered disabled state [ 768.154258][T11974] bridge15: port 1(bridge_slave_1) entered blocking state [ 768.179335][T11974] bridge15: port 1(bridge_slave_1) entered disabled state [ 768.224672][T11974] device bridge_slave_1 entered promiscuous mode [ 769.098898][ T9632] Bluetooth: hci3: command 0x0406 tx timeout [ 769.154969][T11994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2181'. [ 769.921145][T12005] netlink: 'syz.3.2184': attribute type 10 has an invalid length. [ 769.994976][T12005] bond0: (slave netdevsim0): Releasing backup interface [ 770.006049][T12005] team0: Port device netdevsim0 added [ 770.012007][T12004] netlink: 'syz.3.2184': attribute type 10 has an invalid length. [ 770.051815][T12004] team0: Port device netdevsim0 removed [ 770.060744][T12004] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 770.081083][T11999] ip_vti0 speed is unknown, defaulting to 1000 [ 770.375683][T12013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2187'. [ 770.564831][T11999] geneve0 speed is unknown, defaulting to 1000 [ 770.653404][T12018] tmpfs: Unknown parameter 'usrquota' [ 771.465187][T12024] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2191'. [ 772.074685][T12024] device bridge_slave_1 left promiscuous mode [ 772.119650][T12024] bridge15: port 1(bridge_slave_1) entered disabled state [ 772.243969][T12024] bridge16: port 1(bridge_slave_1) entered blocking state [ 772.308511][T12024] bridge16: port 1(bridge_slave_1) entered disabled state [ 772.378479][T12024] device bridge_slave_1 entered promiscuous mode [ 772.452336][T12033] tmpfs: Unknown parameter 'usrquota' [ 774.330842][T12056] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2200'. [ 775.106062][T12061] netlink: 'syz.0.2199': attribute type 10 has an invalid length. [ 775.169398][T12061] bond0: (slave netdevsim0): Releasing backup interface [ 775.180780][T12061] team0: Port device netdevsim0 added [ 775.195741][T12065] device bridge_slave_1 left promiscuous mode [ 775.238651][T12065] bridge7: port 1(bridge_slave_1) entered disabled state [ 775.320279][T12065] bridge8: port 1(bridge_slave_1) entered blocking state [ 775.377035][T12065] bridge8: port 1(bridge_slave_1) entered disabled state [ 775.394526][T12069] fuse: Unknown parameter 'user_i00000000000000000000' [ 775.403889][T12065] device bridge_slave_1 entered promiscuous mode [ 775.449510][T12063] netlink: 'syz.0.2199': attribute type 10 has an invalid length. [ 775.493563][T12063] team0: Port device netdevsim0 removed [ 775.501509][T12063] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 776.748728][T12082] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2206'. [ 776.832385][T12082] device bridge_slave_1 left promiscuous mode [ 776.861901][T12082] bridge8: port 1(bridge_slave_1) entered disabled state [ 776.881545][T12082] bridge9: port 1(bridge_slave_1) entered blocking state [ 776.889083][T12082] bridge9: port 1(bridge_slave_1) entered disabled state [ 776.898017][T12082] device bridge_slave_1 entered promiscuous mode [ 778.095284][ T4255] Bluetooth: hci1: command 0x0406 tx timeout [ 778.345416][T12093] tmpfs: Unknown parameter 'usrquota' [ 778.419109][T12096] tmpfs: Unknown parameter 'usrquota' [ 779.712498][T12116] netlink: 'syz.0.2214': attribute type 10 has an invalid length. [ 779.739193][T12117] fuse: Unknown parameter 'user_id00000000000000000000' [ 779.754526][T12116] bond0: (slave netdevsim0): Releasing backup interface [ 779.766755][T12116] team0: Port device netdevsim0 added [ 779.773614][T12114] netlink: 'syz.0.2214': attribute type 10 has an invalid length. [ 779.862335][T12114] team0: Port device netdevsim0 removed [ 779.871793][T12114] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 781.667733][T12139] tmpfs: Unknown parameter 'usrquota' [ 783.258445][ T9632] Bluetooth: hci0: command 0x0406 tx timeout [ 785.119671][T12161] netlink: 'syz.3.2228': attribute type 10 has an invalid length. [ 785.129594][T12163] fuse: Unknown parameter 'user_id00000000000000000000' [ 785.147405][T12161] bond0: (slave netdevsim0): Releasing backup interface [ 785.158787][T12161] team0: Port device netdevsim0 added [ 785.166977][T12161] netlink: 'syz.3.2228': attribute type 10 has an invalid length. [ 785.214776][T12161] team0: Port device netdevsim0 removed [ 785.223608][T12161] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 785.420967][T12165] device vlan2 entered promiscuous mode [ 785.460981][T12167] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2230'. [ 787.104433][T12167] random: crng reseeded on system resumption [ 787.197758][T12187] tmpfs: Unknown parameter 'usrquota' [ 788.949873][T12201] fuse: Bad value for 'fd' [ 789.503023][T12205] tmpfs: Unknown parameter 'usrquota' [ 789.608871][T12207] fuse: Unknown parameter 'user_id00000000000000000000' [ 790.858288][ T4255] Bluetooth: hci0: command 0x0406 tx timeout [ 791.440415][T12224] netlink: 'syz.0.2244': attribute type 10 has an invalid length. [ 791.837225][T12224] bond0: (slave netdevsim0): Releasing backup interface [ 791.851068][T12224] team0: Port device netdevsim0 added [ 791.857041][T12226] netlink: 'syz.0.2244': attribute type 10 has an invalid length. [ 791.917674][T12226] team0: Port device netdevsim0 removed [ 791.926038][T12226] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 792.014319][T12229] ip_vti0 speed is unknown, defaulting to 1000 [ 793.722303][T12229] geneve0 speed is unknown, defaulting to 1000 [ 793.950604][T12240] device bridge_slave_1 left promiscuous mode [ 793.956867][T12240] bridge9: port 1(bridge_slave_1) entered disabled state [ 794.441440][T12248] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2251'. [ 794.453321][T12248] netlink: 'syz.0.2251': attribute type 10 has an invalid length. [ 796.153206][T12263] fuse: Bad value for 'fd' [ 797.568635][T12276] netlink: 'syz.0.2258': attribute type 10 has an invalid length. [ 797.612877][T12276] bond0: (slave netdevsim0): Releasing backup interface [ 797.635212][T12276] team0: Port device netdevsim0 added [ 797.641627][T12273] netlink: 'syz.0.2258': attribute type 10 has an invalid length. [ 797.879485][T12273] team0: Port device netdevsim0 removed [ 797.889117][T12273] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 798.195467][T12288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2261'. [ 798.380713][T12291] device bridge_slave_1 left promiscuous mode [ 798.387137][T12291] bridge12: port 1(bridge_slave_1) entered disabled state [ 799.234854][T12296] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2264'. [ 799.244018][T12297] netlink: 'syz.3.2264': attribute type 10 has an invalid length. [ 799.559540][T12304] fuse: Bad value for 'fd' [ 799.646258][T12307] tmpfs: Unknown parameter 'usrquota' [ 799.882485][T12313] device vlan2 entered promiscuous mode [ 801.325388][T12323] netlink: 'syz.2.2272': attribute type 10 has an invalid length. [ 801.353005][T12323] bond0: (slave netdevsim0): Releasing backup interface [ 801.364244][T12323] team0: Port device netdevsim0 added [ 801.373438][T12323] netlink: 'syz.2.2272': attribute type 10 has an invalid length. [ 801.425518][T12323] team0: Port device netdevsim0 removed [ 801.433336][T12323] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 801.488165][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 801.831125][T12332] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2276'. [ 807.183714][T12381] tmpfs: Unknown parameter 'usrquota' [ 807.498467][ T9632] Bluetooth: hci3: command 0x0406 tx timeout [ 808.621071][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.627508][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.758211][T12391] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2294'. [ 809.348960][T12396] random: crng reseeded on system resumption [ 810.432845][T12409] fuse: Unknown parameter '0xffffffffffffffff' [ 810.570279][T12411] device vlan2 entered promiscuous mode [ 814.430550][T12448] fuse: Unknown parameter '0x0000000000000004' [ 814.503263][T12435] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 814.579851][T12435] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 814.646318][T12435] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 814.701827][T12435] bridge0: port 1(bridge_slave_0) entered disabled state [ 814.739678][T12435] bond0 (unregistering): (slave netdevsim0): Releasing backup interface [ 814.916002][T12456] tmpfs: Unknown parameter 'usrquota' [ 814.928398][T12435] bond0 (unregistering): Released all slaves [ 815.047739][ T22] bond0 speed is unknown, defaulting to 1000 [ 815.066775][T12454] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2314'. [ 815.097898][ T22] ================================================================== [ 815.106014][ T22] BUG: KASAN: use-after-free in siw_query_port+0x342/0x430 [ 815.113269][ T22] Read of size 4 at addr ffff88807adc80e0 by task kworker/1:0/22 [ 815.121012][ T22] [ 815.123366][ T22] CPU: 1 PID: 22 Comm: kworker/1:0 Not tainted 6.1.116-syzkaller #0 [ 815.131372][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 815.141460][ T22] Workqueue: infiniband ib_cache_event_task [ 815.147417][ T22] Call Trace: [ 815.150718][ T22] [ 815.152816][T12457] bridge14: port 1(bridge_slave_1) entered blocking state [ 815.153661][ T22] dump_stack_lvl+0x1e3/0x2cb [ 815.165465][ T22] ? nf_tcp_handle_invalid+0x642/0x642 [ 815.170955][ T22] ? panic+0x764/0x764 [ 815.175054][ T22] ? _printk+0xd1/0x111 [ 815.178669][T12457] bridge14: port 1(bridge_slave_1) entered disabled state [ 815.179230][ T22] ? __virt_addr_valid+0x17f/0x530 [ 815.191489][ T22] ? __virt_addr_valid+0x17f/0x530 [ 815.196647][ T22] print_report+0x15f/0x4f0 [ 815.201182][ T22] ? __virt_addr_valid+0x17f/0x530 [ 815.206328][ T22] ? __virt_addr_valid+0x17f/0x530 [ 815.208918][T12457] device bridge_slave_1 entered promiscuous mode [ 815.211460][ T22] ? __virt_addr_valid+0x45b/0x530 [ 815.211496][ T22] ? __phys_addr+0xb6/0x170 [ 815.211522][ T22] ? siw_query_port+0x342/0x430 [ 815.211547][ T22] kasan_report+0x136/0x160 [ 815.236892][ T22] ? siw_query_port+0x342/0x430 [ 815.241818][ T22] siw_query_port+0x342/0x430 [ 815.246530][ T22] ? ib_query_port+0x344/0x7c0 [ 815.251326][ T22] ib_cache_update+0x1a8/0xaf0 [ 815.256134][ T22] ? ib_cache_setup_one+0x5b0/0x5b0 [ 815.261358][ T22] ? read_lock_is_recursive+0x10/0x10 [ 815.266763][ T22] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 815.272763][ T22] ? print_irqtrace_events+0x210/0x210 [ 815.278245][ T22] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 815.284156][ T22] ib_cache_event_task+0xef/0x1e0 [ 815.289196][ T22] ? process_one_work+0x7a9/0x11d0 [ 815.294331][ T22] process_one_work+0x8a9/0x11d0 [ 815.299293][ T22] ? worker_detach_from_pool+0x260/0x260 [ 815.304935][ T22] ? _raw_spin_lock_irqsave+0x120/0x120 [ 815.310488][ T22] ? kthread_data+0x4e/0xc0 [ 815.315000][ T22] ? wq_worker_running+0x97/0x190 [ 815.320033][ T22] worker_thread+0xa47/0x1200 [ 815.324733][ T22] kthread+0x28d/0x320 [ 815.328895][ T22] ? worker_clr_flags+0x190/0x190 [ 815.333936][ T22] ? kthread_blkcg+0xd0/0xd0 [ 815.338530][ T22] ret_from_fork+0x1f/0x30 [ 815.342979][ T22] [ 815.346002][ T22] [ 815.348331][ T22] Allocated by task 4259: [ 815.352660][ T22] kasan_set_track+0x4b/0x70 [ 815.357286][ T22] __kasan_kmalloc+0x97/0xb0 [ 815.361874][ T22] __kmalloc_node+0xb3/0x230 [ 815.366470][ T22] kvmalloc_node+0x6e/0x180 [ 815.370991][ T22] alloc_netdev_mqs+0x85/0xeb0 [ 815.375764][ T22] rtnl_create_link+0x2e9/0xa30 [ 815.380632][ T22] rtnl_newlink+0x1403/0x2050 [ 815.385305][ T22] rtnetlink_rcv_msg+0x818/0xff0 [ 815.390243][ T22] netlink_rcv_skb+0x1cd/0x410 [ 815.395041][ T22] netlink_unicast+0x7d8/0x970 [ 815.399836][ T22] netlink_sendmsg+0xa26/0xd60 [ 815.404648][ T22] __sys_sendto+0x480/0x600 [ 815.409157][ T22] __x64_sys_sendto+0xda/0xf0 [ 815.413837][ T22] do_syscall_64+0x3b/0xb0 [ 815.418248][ T22] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 815.424172][ T22] [ 815.426492][ T22] Freed by task 12435: [ 815.430575][ T22] kasan_set_track+0x4b/0x70 [ 815.435170][ T22] kasan_save_free_info+0x27/0x40 [ 815.440206][ T22] ____kasan_slab_free+0xd6/0x120 [ 815.445247][ T22] __kmem_cache_free+0x25c/0x3c0 [ 815.450198][ T22] device_release+0x91/0x1c0 [ 815.454784][ T22] kobject_put+0x224/0x460 [ 815.459213][ T22] netdev_run_todo+0xe56/0xf40 [ 815.463981][ T22] rtnetlink_rcv_msg+0xa9c/0xff0 [ 815.468910][ T22] netlink_rcv_skb+0x1cd/0x410 [ 815.473688][ T22] netlink_unicast+0x7d8/0x970 [ 815.478462][ T22] netlink_sendmsg+0xa26/0xd60 [ 815.483228][ T22] ____sys_sendmsg+0x5a5/0x8f0 [ 815.488005][ T22] __sys_sendmsg+0x2a9/0x390 [ 815.492607][ T22] do_syscall_64+0x3b/0xb0 [ 815.497037][ T22] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 815.502939][ T22] [ 815.505280][ T22] The buggy address belongs to the object at ffff88807adc8000 [ 815.505280][ T22] which belongs to the cache kmalloc-cg-8k of size 8192 [ 815.519607][ T22] The buggy address is located 224 bytes inside of [ 815.519607][ T22] 8192-byte region [ffff88807adc8000, ffff88807adca000) [ 815.532977][ T22] [ 815.535307][ T22] The buggy address belongs to the physical page: [ 815.541733][ T22] page:ffffea0001eb7200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7adc8 [ 815.551880][ T22] head:ffffea0001eb7200 order:3 compound_mapcount:0 compound_pincount:0 [ 815.560206][ T22] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 815.568199][ T22] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017c4c3c0 [ 815.576796][ T22] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 815.585373][ T22] page dumped because: kasan: bad access detected [ 815.591789][ T22] page_owner tracks the page as allocated [ 815.597522][ T22] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4259, tgid 4259 (syz-executor), ts 71002944634, free_ts 70999892489 [ 815.620623][ T22] post_alloc_hook+0x18d/0x1b0 [ 815.625390][ T22] get_page_from_freelist+0x3731/0x38d0 [ 815.630959][ T22] __alloc_pages+0x28d/0x770 [ 815.635553][ T22] alloc_slab_page+0x6a/0x150 [ 815.640248][ T22] new_slab+0x84/0x2d0 [ 815.644358][ T22] ___slab_alloc+0xc20/0x1270 [ 815.649034][ T22] __kmem_cache_alloc_node+0x19f/0x260 [ 815.654497][ T22] __kmalloc_node+0xa2/0x230 [ 815.659095][ T22] kvmalloc_node+0x6e/0x180 [ 815.663618][ T22] alloc_netdev_mqs+0x85/0xeb0 [ 815.668393][ T22] rtnl_create_link+0x2e9/0xa30 [ 815.673252][ T22] rtnl_newlink+0x1403/0x2050 [ 815.677930][ T22] rtnetlink_rcv_msg+0x818/0xff0 [ 815.682859][ T22] netlink_rcv_skb+0x1cd/0x410 [ 815.687628][ T22] netlink_unicast+0x7d8/0x970 [ 815.692447][ T22] netlink_sendmsg+0xa26/0xd60 [ 815.697223][ T22] page last free stack trace: [ 815.701887][ T22] free_unref_page_prepare+0xf63/0x1120 [ 815.707427][ T22] free_unref_page+0x33/0x3e0 [ 815.712110][ T22] __unfreeze_partials+0x1b7/0x210 [ 815.717222][ T22] put_cpu_partial+0x17b/0x250 [ 815.721990][ T22] qlist_free_all+0x76/0xe0 [ 815.726579][ T22] kasan_quarantine_reduce+0x156/0x170 [ 815.732039][ T22] __kasan_slab_alloc+0x1f/0x70 [ 815.736891][ T22] slab_post_alloc_hook+0x52/0x3a0 [ 815.742008][ T22] __kmem_cache_alloc_node+0x137/0x260 [ 815.747507][ T22] kmalloc_trace+0x26/0xe0 [ 815.751948][ T22] rtnl_newlink+0xe6/0x2050 [ 815.756459][ T22] rtnetlink_rcv_msg+0x818/0xff0 [ 815.761403][ T22] netlink_rcv_skb+0x1cd/0x410 [ 815.766168][ T22] netlink_unicast+0x7d8/0x970 [ 815.770940][ T22] netlink_sendmsg+0xa26/0xd60 [ 815.775708][ T22] __sys_sendto+0x480/0x600 [ 815.780214][ T22] [ 815.782533][ T22] Memory state around the buggy address: [ 815.788149][ T22] ffff88807adc7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 815.796205][ T22] ffff88807adc8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 815.804256][ T22] >ffff88807adc8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 815.812351][ T22] ^ [ 815.819542][ T22] ffff88807adc8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 815.827630][ T22] ffff88807adc8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 815.835793][ T22] ================================================================== [ 815.931318][ T22] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 815.938656][ T22] CPU: 1 PID: 22 Comm: kworker/1:0 Not tainted 6.1.116-syzkaller #0 [ 815.946668][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 815.956758][ T22] Workqueue: infiniband ib_cache_event_task [ 815.962699][ T22] Call Trace: [ 815.965992][ T22] [ 815.968941][ T22] dump_stack_lvl+0x1e3/0x2cb [ 815.973648][ T22] ? nf_tcp_handle_invalid+0x642/0x642 [ 815.979141][ T22] ? panic+0x764/0x764 [ 815.983245][ T22] ? preempt_schedule_common+0xa6/0xd0 [ 815.988735][ T22] ? vscnprintf+0x59/0x80 [ 815.993086][ T22] panic+0x318/0x764 [ 815.996996][ T22] ? check_panic_on_warn+0x1d/0xa0 [ 816.002133][ T22] ? memcpy_page_flushcache+0xfc/0xfc [ 816.007508][ T22] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 816.013499][ T22] ? _raw_spin_unlock+0x40/0x40 [ 816.018365][ T22] ? print_report+0x4a3/0x4f0 [ 816.023044][ T22] check_panic_on_warn+0x7e/0xa0 [ 816.027981][ T22] ? siw_query_port+0x342/0x430 [ 816.032833][ T22] end_report+0x66/0x110 [ 816.037076][ T22] kasan_report+0x143/0x160 [ 816.041582][ T22] ? siw_query_port+0x342/0x430 [ 816.046436][ T22] siw_query_port+0x342/0x430 [ 816.051205][ T22] ? ib_query_port+0x344/0x7c0 [ 816.055968][ T22] ib_cache_update+0x1a8/0xaf0 [ 816.060743][ T22] ? ib_cache_setup_one+0x5b0/0x5b0 [ 816.065945][ T22] ? read_lock_is_recursive+0x10/0x10 [ 816.071323][ T22] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 816.077405][ T22] ? print_irqtrace_events+0x210/0x210 [ 816.082873][ T22] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 816.088775][ T22] ib_cache_event_task+0xef/0x1e0 [ 816.093821][ T22] ? process_one_work+0x7a9/0x11d0 [ 816.098933][ T22] process_one_work+0x8a9/0x11d0 [ 816.103878][ T22] ? worker_detach_from_pool+0x260/0x260 [ 816.109515][ T22] ? _raw_spin_lock_irqsave+0x120/0x120 [ 816.115067][ T22] ? kthread_data+0x4e/0xc0 [ 816.119580][ T22] ? wq_worker_running+0x97/0x190 [ 816.124602][ T22] worker_thread+0xa47/0x1200 [ 816.129292][ T22] kthread+0x28d/0x320 [ 816.133365][ T22] ? worker_clr_flags+0x190/0x190 [ 816.138392][ T22] ? kthread_blkcg+0xd0/0xd0 [ 816.142984][ T22] ret_from_fork+0x1f/0x30 [ 816.147415][ T22] [ 816.150747][ T22] Kernel Offset: disabled [ 816.155073][ T22] Rebooting in 86400 seconds..