last executing test programs: 9m35.759096848s ago: executing program 0 (id=171): r0 = socket(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'macvlan0\x00', 0x0}) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x4, 0x0, 0x0, r1}, 0xc) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x1, 0x1, 0x0, r1, 0x267a4e37}, 0xc) 9m35.35769509s ago: executing program 0 (id=174): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'gre0\x00'}) io_setup(0x3, 0xfffffffffffffffe) syz_clone(0x1604cc00, 0x0, 0x0, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r4, r3], 0x2, 0x0, 0x0, 0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f0000000180)={0x80, 0xf8, 0x9, {0x3e31, 0x1}, 0x5, 0x8a}) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r2, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000003340)=[0x0]}) 9m34.457338511s ago: executing program 0 (id=177): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c"], 0xfdef) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socket$packet(0x11, 0x3, 0x300) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[], 0xfdef) 9m28.338327519s ago: executing program 0 (id=193): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="52cf880e485b9d", 0x7) 9m28.030949438s ago: executing program 1 (id=196): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'gre0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300006773da2085000000040000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', r0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000001c0)={0xffffffffffffffff}, 0x4) openat$nullb(0xffffffffffffff9c, 0x0, 0x169802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x1, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001300)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e640500000000007502faff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000026000000b70000000000002995000000000000001da5ad3548ebb63d18db6a1c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6d5b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa387a8077927a1ad367c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f20002b35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8c367d1bfd1aea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82dc568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000000000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac6f09c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccf5e882602897a85bf8523d891080593d831d758deb4f2c7e49c6d6b35d8fd92601c8500febb0c5fe0be294bf6bbbecad444695277a9e3992a354492513b43091d161c7c7cdbbe44e8e83b4cf333238a52f214b278c6485236ea880db2f113f6381187679a4620d6149808b0af024b3b3e6ba99b4b15ca"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x143, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 9m27.866003104s ago: executing program 0 (id=199): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getcwd(&(0x7f0000000600)=""/244, 0xf4) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000), 0x0) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$alg(r3, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000006f40)=[{{0x0, 0x0, &(0x7f0000001040)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) r4 = socket$inet(0x2, 0x3, 0x9) sendmmsg$inet(r4, &(0x7f0000000c80)=[{{&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}}, {{&(0x7f00000001c0)={0x2, 0x0, @private}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000007000000860c000000"], 0x20}}], 0x2, 0x0) 9m25.181428555s ago: executing program 1 (id=201): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 9m25.056834999s ago: executing program 1 (id=202): socket$kcm(0x2, 0xa, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1f00000000000000000000000010"], 0x48) socket$inet_udplite(0x2, 0x2, 0x88) unshare(0x400) pselect6(0x40, &(0x7f0000000080)={0x3c, 0x6, 0x0, 0x9, 0xf9a9, 0x1000, 0x7f, 0xf19c}, &(0x7f0000000100)={0x8, 0x8, 0x9375, 0x0, 0x5, 0x4, 0xd452, 0xd736}, 0x0, 0x0, 0x0) 9m24.935965638s ago: executing program 0 (id=203): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c"], 0xfdef) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socket$packet(0x11, 0x3, 0x300) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[], 0xfdef) 9m24.682897786s ago: executing program 1 (id=205): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 9m24.234592518s ago: executing program 1 (id=208): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @remote, 0x3}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x44810, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f00000002c0)=@ccm_128={{0x304}, "cba03bbbf83da6ba", "64495990d870a40dc22cf53f2701c8fe", "00120d53", "63078a4cff470ed5"}, 0x28) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) 9m22.208494861s ago: executing program 1 (id=209): socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newtaction={0xe4, 0x30, 0x1, 0x0, 0x0, {}, [{0xd0, 0x1, [@m_ct={0x78, 0x0, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x37, 0x6, "0dc43e7f4a1c3aa652cad1dcb8edc490f9cb9a58611f11b094b09e5cc85e19db37af6a4d154b9987d69ea9ae0339980bcd8bda"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_DMAC={0xa, 0x3, @local}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x800}, 0x2000a810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYRESHEX=r1], 0xe) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) r4 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ff8000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004080000000000000002000000200000000000000000000009030000000000000000000004"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r7 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000001c0)=0x14) r8 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(r8, 0x89a2, &(0x7f0000000000)='bridge0\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x6, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r9 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r9, 0x400448c8, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x2, 0x11, 0x15be, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'}) ioctl$mixer_OSS_GETVERSION(r2, 0x80086303, &(0x7f0000000000)) 9m9.3333669s ago: executing program 32 (id=203): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c"], 0xfdef) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socket$packet(0x11, 0x3, 0x300) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[], 0xfdef) 9m6.195837758s ago: executing program 33 (id=209): socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newtaction={0xe4, 0x30, 0x1, 0x0, 0x0, {}, [{0xd0, 0x1, [@m_ct={0x78, 0x0, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x37, 0x6, "0dc43e7f4a1c3aa652cad1dcb8edc490f9cb9a58611f11b094b09e5cc85e19db37af6a4d154b9987d69ea9ae0339980bcd8bda"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_DMAC={0xa, 0x3, @local}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x800}, 0x2000a810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYRESHEX=r1], 0xe) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) r4 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ff8000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004080000000000000002000000200000000000000000000009030000000000000000000004"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r7 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000001c0)=0x14) r8 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(r8, 0x89a2, &(0x7f0000000000)='bridge0\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x6, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r9 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r9, 0x400448c8, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x2, 0x11, 0x15be, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'}) ioctl$mixer_OSS_GETVERSION(r2, 0x80086303, &(0x7f0000000000)) 4m39.487187013s ago: executing program 3 (id=298): socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) mmap$dsp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000f, 0x11, r3, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x4000) 3m39.335466337s ago: executing program 3 (id=298): socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) mmap$dsp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000f, 0x11, r3, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x4000) 2m52.377619694s ago: executing program 3 (id=298): socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) mmap$dsp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000f, 0x11, r3, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x4000) 2m3.130111992s ago: executing program 3 (id=298): socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) mmap$dsp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000f, 0x11, r3, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x4000) 1m12.876425278s ago: executing program 3 (id=298): socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) mmap$dsp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000f, 0x11, r3, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x4000) 17.160693707s ago: executing program 3 (id=298): socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) mmap$dsp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000f, 0x11, r3, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x4000) 14.77071665s ago: executing program 2 (id=1357): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="1b17", 0x2) 14.36514141s ago: executing program 2 (id=1359): openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x7c2}) 14.311446564s ago: executing program 5 (id=1360): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000), 0x0) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$alg(r3, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000006f40)=[{{0x0, 0x0, &(0x7f0000001040)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) r4 = socket$inet(0x2, 0x3, 0x9) sendmmsg$inet(r4, &(0x7f0000000c80)=[{{&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}}, {{&(0x7f00000001c0)={0x2, 0x0, @private}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000007000000860c000000"], 0x20}}], 0x2, 0x0) 13.9627815s ago: executing program 4 (id=1361): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000a80)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000280)={0x0, 0x0, 0x0, "00004bde4235cfeb7790df55c03dfb8f758f982a892ebcc8b0afc222f2367a3abf2988d0072c063f53ec4579dd89280ee5b9831a8146098ab27721ac0019a8c4122fe62bc9cba3573dcbcd4d1c0c77ad41cddf30811246e2e4e4eadab5c0a795b762bf5ec22cf3d172f8c3651a9dfb86bdd6d11bfcce1514f32c9777e36c02df16990f68fb60485052a072d612ec99badd8c0808361cb8e3c22568e82a73e813ffc77bc1b3f85209"}, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 10.55863715s ago: executing program 5 (id=1364): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000400)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x5a20}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r2, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) 9.950448733s ago: executing program 5 (id=1365): sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000005c0)="a179423b99e7f9c70d4117d5db8804a0fb9abe831485e8ed750009efe9785c8b", 0x20}], 0x1, 0x0, 0x0, 0x2400a090}}], 0x1, 0x20000010) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x8604, 0x0, 0xfffffffd, 0x10}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="240000001a006daa00000000000000001c00"/28], 0x24}}, 0x0) 8.858093391s ago: executing program 4 (id=1367): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, 0x0, 0x0) 7.893268671s ago: executing program 6 (id=1372): r0 = socket(0x2a, 0x800000003, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r1, &(0x7f0000001440)={0x24, @short={0x2, 0x2, 0xffff}}, 0x8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) r5 = openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r5, 0xc0cc5640, 0x0) r6 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5d, 0x80, 0x0, 0x89}, 0x0, &(0x7f0000000280)) io_uring_enter(r6, 0x47f9, 0x0, 0x0, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$video4linux(&(0x7f0000000480), 0x5, 0x0) add_key(&(0x7f0000000080)='asymmetric\x00', 0x0, &(0x7f0000000500)="e306644c2f0b801228a9253e", 0xc, 0xfffffffffffffffd) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000440)) sendmsg$nl_route(r7, 0x0, 0x0) r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f00000001c0)={0x4}) 6.718695431s ago: executing program 4 (id=1373): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) fanotify_init(0x0, 0x2) epoll_create1(0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x20, {}, [{0x90, 0x1, [@m_ct={0x44, 0x18, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e76, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4004010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_emit_vhci(&(0x7f00000015c0)=ANY=[@ANYBLOB="0407ff0811ab906a07a4a969de492ed39bbd996b8e24a5a7b1c5e5c49be1ec063627233ab3b348d692fbb6b1c03117727cc09ac5ee0000000000000001c58fd31eeed83b6d47b00ef08475b8f7004e0cef249b7d1c6b898b87f7027a0e05fa5555f1b5d3e0041f0068baddca6a28cae840f90cbd83a10b768fd3a9e29891e3f9c8f49aaaaf57ac11b91ad20627dc1c9edcb5903bd78bac1c998a973ec1f019b2150766b177982c041001df2d048cd23d68ee99a6da74c34ebfac7a94ece4674bfcdc3b70485795f65bc3a926410084f20e16f2daae94f0aec6079942827a44d4534ac62d1b0f8881000000000000b9c12f10c2e1f7adeb7ea1f30000005968ca1e6962eeaa7c7b8f4bc31c52729b1b16d79507dccc6f0367"], 0x102) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) r5 = getpid() mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, r5, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc1105518, &(0x7f0000000c40)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x0, 0xdb, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0xfffffffc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc, 0x7]}) 6.653366356s ago: executing program 6 (id=1374): syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000100)}], 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') getdents64(r3, 0x0, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, &(0x7f00000000c0)={0x3}, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, &(0x7f0000000080)={0x3, 0x2b4}, 0x0) landlock_restrict_self(r4, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) 5.114868419s ago: executing program 6 (id=1375): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000400)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x5a20}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r2, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) 5.114281434s ago: executing program 4 (id=1376): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x101000) pipe2$watch_queue(&(0x7f0000000000), 0x80) close_range(r3, 0xffffffffffffffff, 0x0) 4.632610393s ago: executing program 6 (id=1377): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f0000000040)=0x2) 3.926308864s ago: executing program 5 (id=1378): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, r1, 0x7000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x40004e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) sched_setscheduler(0x0, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='\x00'/21], 0x50) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x41, 0x3, 0x3c8, 0x258, 0x19, 0x0, 0x0, 0x0, 0x330, 0x1f0, 0x1f0, 0x330, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @dev, 0x0, 0x0, 'ip6erspan0\x00', 'veth0_vlan\x00'}, 0x0, 0x1f8, 0x258, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@quota={{0x38}}, @common=@inet=@hashlimit2={{0x150}, {'dvmrp0\x00', {0x0, 0x3d40, 0x0, 0x0, 0x0, 0x687c, 0x1}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x428) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x8b, 0x100000500) setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10) 3.926080192s ago: executing program 2 (id=1379): r0 = io_uring_setup(0x30d3, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) flock(r1, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.76265478s ago: executing program 4 (id=1380): socket$nl_generic(0x10, 0x3, 0x10) landlock_create_ruleset(&(0x7f0000000040)={0x123}, 0x10, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', r0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xa4f, @void, @value}, 0x94) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) write$FUSE_OPEN(r3, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x20) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',posixacl']) prlimit64(0x0, 0xa, &(0x7f0000000140)={0x0, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@id={0x1e, 0x3, 0x1, {0x4e21, 0x1}}, 0x10) bind$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x1, {0x43, 0x0, 0x2}}, 0x63) bind$tipc(r5, 0x0, 0x0) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$vim2m_VIDIOC_STREAMON(0xffffffffffffffff, 0x40045612, &(0x7f00000000c0)=0x1) 2.720214613s ago: executing program 5 (id=1381): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r5, 0x0) r6 = socket(0x2, 0x80805, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) modify_ldt$write(0x1, &(0x7f00000002c0)={0x13, 0xffffffffffffffff, 0x1000, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1}, 0x10) setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70200000300001085"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1, 0xff, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x1000000a, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 2.678771208s ago: executing program 6 (id=1382): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb34902, 0x1000006, 0x28011, r1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r2}, 0x10) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f00000000c0)={0x4000, 0x80600}) 2.678579829s ago: executing program 2 (id=1383): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, 0x0, 0x0) 1.30927967s ago: executing program 2 (id=1384): r0 = socket(0x2a, 0x800000003, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r1, &(0x7f0000001440)={0x24, @short={0x2, 0x2, 0xffff}}, 0x8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) r5 = openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r5, 0xc0cc5640, 0x0) r6 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5d, 0x80, 0x0, 0x89}, 0x0, &(0x7f0000000280)) io_uring_enter(r6, 0x47f9, 0x0, 0x0, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$video4linux(&(0x7f0000000480), 0x5, 0x0) add_key(&(0x7f0000000080)='asymmetric\x00', 0x0, &(0x7f0000000500)="e306644c2f0b801228a9253e", 0xc, 0xfffffffffffffffd) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000440)) sendmsg$nl_route(r7, 0x0, 0x0) r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f00000001c0)={0x4}) 1.296509924s ago: executing program 5 (id=1385): syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000100)}], 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') getdents64(r3, 0x0, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, &(0x7f00000000c0)={0x3}, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, &(0x7f0000000080)={0x3, 0x2b4}, 0x0) landlock_restrict_self(r4, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) 1.144810051s ago: executing program 4 (id=1386): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_procfs(0x0, 0x0) syz_emit_vhci(0x0, 0xd2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$can_bcm(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, 0x0) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000280)=ANY=[]) 776.280371ms ago: executing program 6 (id=1387): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000b705000008000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) msync(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x458, 0xffffffff, 0x0, 0x0, 0xe4, 0xfeffffff, 0xffffffff, 0x390, 0x390, 0x390, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa4, 0xe4}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x4}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xec, 0x12c, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x15c, 0x180, 0x0, {}, [@common=@unspec=@realm={{0x2c}, {0x1, 0xdd8}}, @common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev, @private1}}]}, @REJECT={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x4b4) r4 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x1, 0xd59f80, 0x19ef, 0x7, 0x19ef, 0x3, 0x6, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}}) ioctl$VIDIOC_QUERYBUF(r4, 0xc04c5609, &(0x7f0000000100)=@overlay={0x4, 0xf, 0x4, 0x20, 0x7f, {0x0, 0x2710}, {0x3, 0x1, 0x6, 0x7, 0xf9, 0x1b, "72e5f8e5"}, 0xfffffff9, 0x3, {}, 0x7}) r5 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r5, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) ppoll(&(0x7f0000000180)=[{r5}], 0x1, 0x0, 0x0, 0x0) 0s ago: executing program 2 (id=1388): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair(0x23, 0x5, 0x0, &(0x7f0000000000)) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x8b2a, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) unshare(0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x20000000008) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@map, 0x1d, 0x1, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000340), 0x106, 0x8}}, 0x20) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r5 = syz_io_uring_setup(0x35f3, &(0x7f0000000280)={0x0, 0x20000021, 0x30302, 0x1, 0xfffffffd}, &(0x7f0000000240), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, 0x0, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000980)={'wg2\x00'}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x101880, 0x0) ioctl$SNDCTL_SEQ_THRESHOLD(0xffffffffffffffff, 0x4004510d, &(0x7f00000003c0)=0x1) kernel console output (not intermixed with test programs): rface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 387.248558][ T8031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 387.266721][ T8031] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 387.275165][ T5913] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 387.286246][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 388.102613][ T5913] usb 5-1: SerialNumber: syz [ 388.131670][ T8031] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.204971][ T8031] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.221905][ T8031] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.261323][ T8031] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.383254][ T5913] rndis_host 5-1:253.0: RNDIS init failed, -71 [ 388.398754][ T5913] rndis_host 5-1:253.0: probe with driver rndis_host failed with error -71 [ 388.472056][ T5913] usb 5-1: USB disconnect, device number 12 [ 388.613779][ T8420] netlink: 192 bytes leftover after parsing attributes in process `syz.4.605'. [ 388.670661][ T8420] netlink: 48 bytes leftover after parsing attributes in process `syz.4.605'. [ 388.991347][ T5986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 389.020295][ T5986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 389.185129][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 389.206333][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.121995][ T8471] syz.5.613: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 394.191603][ T8471] CPU: 0 UID: 0 PID: 8471 Comm: syz.5.613 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 394.191640][ T8471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 394.191654][ T8471] Call Trace: [ 394.191662][ T8471] [ 394.191672][ T8471] dump_stack_lvl+0x241/0x360 [ 394.191709][ T8471] ? __pfx_dump_stack_lvl+0x10/0x10 [ 394.191734][ T8471] ? __pfx__printk+0x10/0x10 [ 394.191766][ T8471] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 394.191796][ T8471] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 394.191831][ T8471] warn_alloc+0x278/0x410 [ 394.191867][ T8471] ? __pfx_warn_alloc+0x10/0x10 [ 394.191903][ T8471] ? vb2_vmalloc_alloc+0xf2/0x340 [ 394.191928][ T8471] ? __get_vm_area_node+0x1c8/0x2d0 [ 394.191949][ T8471] ? __get_vm_area_node+0x25c/0x2d0 [ 394.191974][ T8471] __vmalloc_node_range_noprof+0x62f/0x1380 [ 394.192024][ T8471] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 394.192046][ T8471] ? __kasan_kmalloc+0x98/0xb0 [ 394.192073][ T8471] vmalloc_user_noprof+0x74/0x80 [ 394.192091][ T8471] ? vb2_vmalloc_alloc+0xf2/0x340 [ 394.192109][ T8471] vb2_vmalloc_alloc+0xf2/0x340 [ 394.192131][ T8471] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 394.192148][ T8471] __vb2_queue_alloc+0xa0b/0x16f0 [ 394.192191][ T8471] vb2_core_reqbufs+0xd2e/0x17c0 [ 394.192233][ T8471] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 394.192272][ T8471] v4l2_m2m_ioctl_reqbufs+0x14b/0x230 [ 394.192294][ T8471] __video_do_ioctl+0xc23/0xdd0 [ 394.192352][ T8471] ? __pfx___video_do_ioctl+0x10/0x10 [ 394.192372][ T8471] ? __might_fault+0xaa/0x120 [ 394.192399][ T8471] video_usercopy+0x94f/0x12c0 [ 394.192429][ T8471] ? __pfx___video_do_ioctl+0x10/0x10 [ 394.192446][ T8471] ? __pfx_video_usercopy+0x10/0x10 [ 394.192477][ T8471] ? __fget_files+0x2a/0x410 [ 394.192497][ T8471] ? __fget_files+0x2a/0x410 [ 394.192515][ T8471] v4l2_ioctl+0x189/0x1e0 [ 394.192540][ T8471] ? __pfx_v4l2_ioctl+0x10/0x10 [ 394.192566][ T8471] __se_sys_ioctl+0xf1/0x160 [ 394.192590][ T8471] do_syscall_64+0xf3/0x230 [ 394.192614][ T8471] ? clear_bhb_loop+0x45/0xa0 [ 394.192640][ T8471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.192662][ T8471] RIP: 0033:0x7fe03f18d169 [ 394.192683][ T8471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 394.192697][ T8471] RSP: 002b:00007fe03ff7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 394.192713][ T8471] RAX: ffffffffffffffda RBX: 00007fe03f3a6160 RCX: 00007fe03f18d169 [ 394.192725][ T8471] RDX: 0000400000000000 RSI: 00000000c0145608 RDI: 000000000000000a [ 394.192735][ T8471] RBP: 00007fe03f20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 394.192744][ T8471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 394.192754][ T8471] R13: 0000000000000001 R14: 00007fe03f3a6160 R15: 00007ffdd684e8b8 [ 394.192782][ T8471] [ 394.192789][ T8471] Mem-Info: [ 394.439671][ T23] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 394.511681][ T8471] active_anon:5681 inactive_anon:0 isolated_anon:0 [ 394.511681][ T8471] active_file:13382 inactive_file:38426 isolated_file:0 [ 394.511681][ T8471] unevictable:768 dirty:93 writeback:1 [ 394.511681][ T8471] slab_reclaimable:8780 slab_unreclaimable:101259 [ 394.511681][ T8471] mapped:26603 shmem:1473 pagetables:970 [ 394.511681][ T8471] sec_pagetables:0 bounce:0 [ 394.511681][ T8471] kernel_misc_reclaimable:0 [ 394.511681][ T8471] free:1326148 free_pcp:837 free_cma:0 [ 394.615905][ T8471] Node 0 active_anon:22724kB inactive_anon:0kB active_file:53528kB inactive_file:153628kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106512kB dirty:368kB writeback:4kB shmem:4356kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11352kB pagetables:3880kB sec_pagetables:0kB all_unreclaimable? no [ 394.734303][ T8494] 9pnet: p9_errstr2errno: server reported unknown error 18446744 [ 394.782650][ T5987] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.800897][ T8471] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 394.849679][ T8471] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 394.894849][ T8471] lowmem_reserve[]: 0 2489 2490 0 0 [ 394.914684][ T8471] Node 0 DMA32 free:1394476kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:22688kB inactive_anon:0kB active_file:53528kB inactive_file:153300kB unevictable:1536kB writepending:372kB present:3129332kB managed:2549508kB mlocked:0kB bounce:0kB free_pcp:9920kB local_pcp:468kB free_cma:0kB [ 394.933853][ T23] usb 7-1: config 17 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 394.973747][ T8471] lowmem_reserve[]: 0 0 0 0 0 [ 395.008060][ T23] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 395.018074][ T8471] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:328kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 395.046388][ T23] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.077199][ T8471] lowmem_reserve[]: 0 0 0 0 0 [ 395.095483][ T8471] Node 1 Normal free:3902568kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 395.124267][ T23] aiptek 7-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 395.176797][ T5987] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.216821][ T8471] lowmem_reserve[]: 0 0 0 0 0 [ 395.231478][ T8471] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 395.268073][ T8471] Node 0 DMA32: 357*4kB (UME) 1031*8kB (UME) 763*16kB (UME) 630*32kB (UME) 353*64kB (UME) 56*128kB (UME) 37*256kB (UME) 44*512kB (UME) 45*1024kB (UM) 5*2048kB (M) 306*4096kB (UM) = 1413500kB [ 395.308786][ T8471] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 395.338030][ T8471] Node 1 Normal: 218*4kB (UME) 40*8kB (UME) 32*16kB (UME) 206*32kB (UME) 100*64kB (UME) 26*128kB (UM) 16*256kB (UME) 7*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 945*4096kB (M) = 3902568kB [ 395.382704][ T8471] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 395.412972][ T8471] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 395.423103][ T8471] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 395.432796][ T8471] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 395.442283][ T8471] 53281 total pagecache pages [ 395.446984][ T8471] 0 pages in swap cache [ 395.472243][ T5987] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.485855][ T8471] Free swap = 124980kB [ 395.505906][ T8471] Total swap = 124996kB [ 395.516090][ T8471] 2097051 pages RAM [ 395.522173][ T8471] 0 pages HighMem/MovableOnly [ 395.526993][ T8471] 427952 pages reserved [ 395.534170][ T8471] 0 pages cma reserved [ 395.676323][ T5987] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.418941][ T5987] bridge_slave_1: left allmulticast mode [ 397.450442][ T5987] bridge_slave_1: left promiscuous mode [ 397.474848][ T5987] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.570442][ T5987] bridge_slave_0: left allmulticast mode [ 397.608790][ T5987] bridge_slave_0: left promiscuous mode [ 397.614693][ T5987] bridge0: port 1(bridge_slave_0) entered disabled state [ 398.070338][ T5913] usb 7-1: USB disconnect, device number 6 [ 398.809690][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 398.829103][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 398.839079][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 398.875375][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 398.883726][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 398.900951][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 399.660727][ T5987] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 399.972316][ T5987] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 400.008899][ T5987] bond0 (unregistering): Released all slaves [ 400.918498][ T54] Bluetooth: hci0: command tx timeout [ 401.478001][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 402.998555][ T5840] Bluetooth: hci0: command tx timeout [ 403.875451][ T5888] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 404.505915][ T5888] usb 7-1: config 17 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 404.558049][ T5888] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 404.628280][ T5888] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.684180][ T5888] aiptek 7-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 404.744509][ T5987] hsr_slave_0: left promiscuous mode [ 404.994252][ T5987] hsr_slave_1: left promiscuous mode [ 405.013833][ T5987] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 405.078284][ T54] Bluetooth: hci0: command tx timeout [ 405.166305][ T5987] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 405.224350][ T5987] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 405.437202][ T5987] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 406.516563][ T5987] veth1_macvtap: left promiscuous mode [ 406.538297][ T5987] veth0_macvtap: left promiscuous mode [ 406.560502][ T5987] veth1_vlan: left promiscuous mode [ 406.565859][ T5987] veth0_vlan: left promiscuous mode [ 406.601232][ T54] Bluetooth: hci5: command 0x0406 tx timeout [ 407.168342][ T5840] Bluetooth: hci0: command tx timeout [ 407.393245][ T5987] team0 (unregistering): Port device team_slave_1 removed [ 407.473705][ T5987] team0 (unregistering): Port device team_slave_0 removed [ 407.618867][ T5840] Bluetooth: hci3: unexpected event for opcode 0x0005 [ 407.921248][ T23] usb 7-1: USB disconnect, device number 7 [ 410.156036][ T8601] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 411.901194][ T8649] fuse: Unknown parameter 'user_id00000000000000000000' [ 411.999503][ T8539] chnl_net:caif_netlink_parms(): no params data found [ 413.044874][ T5889] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 413.708072][ T5889] usb 6-1: config 3 has no interfaces? [ 413.744958][ T5889] usb 6-1: New USB device found, idVendor=12d1, idProduct=1401, bcdDevice= 0.00 [ 413.790910][ T5889] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.981666][ T5840] Bluetooth: hci5: unexpected event for opcode 0x0005 [ 414.016110][ T8539] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.048239][ T8539] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.238279][ T8539] bridge_slave_0: entered allmulticast mode [ 414.280631][ T8539] bridge_slave_0: entered promiscuous mode [ 414.364626][ T5913] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 415.081371][ T8539] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.094745][ T8539] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.102366][ T8539] bridge_slave_1: entered allmulticast mode [ 415.122811][ T8539] bridge_slave_1: entered promiscuous mode [ 415.273608][ T8539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 415.345811][ T8539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 415.487346][ T5913] usb 5-1: config 17 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 415.503225][ T5913] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 415.535041][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.351960][ T5913] aiptek 5-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 417.134808][ T8539] team0: Port device team_slave_0 added [ 417.329754][ T5913] usb 6-1: USB disconnect, device number 5 [ 417.371419][ T5887] usb 5-1: USB disconnect, device number 13 [ 417.371485][ T8539] team0: Port device team_slave_1 added [ 417.631326][ T8714] fuse: Unknown parameter 'user_id00000000000000000000' [ 417.780290][ T8539] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 417.868464][ T8539] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 418.282619][ T8539] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 418.344242][ T8539] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 418.361150][ T8539] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 418.516055][ T8539] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 419.736905][ T8539] hsr_slave_0: entered promiscuous mode [ 419.745455][ T8539] hsr_slave_1: entered promiscuous mode [ 419.752200][ T8539] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 419.759873][ T8539] Cannot create hsr debugfs directory [ 422.963090][ T8759] netlink: 'syz.6.667': attribute type 3 has an invalid length. [ 423.770089][ T5889] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 423.786783][ T8539] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 423.832813][ T8539] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 423.943589][ T5889] usb 6-1: config 17 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 423.948279][ T8539] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 423.981331][ T5889] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 424.012098][ T5889] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.027560][ T8539] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 424.174469][ T8778] netlink: 12 bytes leftover after parsing attributes in process `syz.6.670'. [ 424.781856][ T5889] aiptek 6-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 424.904333][ T8780] fuse: Bad value for 'fd' [ 425.152486][ T8539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 425.264665][ T8539] 8021q: adding VLAN 0 to HW filter on device team0 [ 425.347796][ T6122] bridge0: port 1(bridge_slave_0) entered blocking state [ 425.355140][ T6122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 426.256373][ T6122] bridge0: port 2(bridge_slave_1) entered blocking state [ 426.263708][ T6122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 427.413781][ T5897] usb 6-1: USB disconnect, device number 6 [ 427.491578][ T8804] netlink: 40 bytes leftover after parsing attributes in process `syz.2.676'. [ 431.063866][ T8832] netlink: 'syz.6.682': attribute type 11 has an invalid length. [ 431.103154][ T8832] netlink: 224 bytes leftover after parsing attributes in process `syz.6.682'. [ 431.369562][ T8842] fuse: Bad value for 'fd' [ 431.376813][ T8539] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 431.802140][ T8539] veth0_vlan: entered promiscuous mode [ 431.842332][ T8539] veth1_vlan: entered promiscuous mode [ 433.030972][ T8539] veth0_macvtap: entered promiscuous mode [ 433.151665][ T8539] veth1_macvtap: entered promiscuous mode [ 433.391409][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 433.448244][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.488115][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 433.579865][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.598153][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 433.624072][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.663466][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 433.677251][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.717426][ T8539] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 434.320589][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.332135][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.352665][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.384265][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.428065][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.449974][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.463469][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.494166][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.509819][ T8539] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 434.544668][ T8539] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.603555][ T8539] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.688437][ T8539] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.718066][ T8539] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.087255][ T5987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 435.103142][ T5987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 435.223145][ T5896] usb 7-1: new low-speed USB device number 8 using dummy_hcd [ 435.623367][ T5896] usb 7-1: config 7 has an invalid interface number: 252 but max is 0 [ 436.047378][ T5896] usb 7-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 436.077977][ T5896] usb 7-1: config 7 has no interface number 0 [ 436.084516][ T5896] usb 7-1: config 7 interface 252 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 436.105802][ T5896] usb 7-1: config 7 interface 252 has no altsetting 0 [ 436.517317][ T5896] usb 7-1: string descriptor 0 read error: -22 [ 436.748668][ T5896] usb 7-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0 [ 436.857603][ T5896] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.904833][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 436.913772][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 437.097053][ T8902] fuse: Bad value for 'fd' [ 439.189452][ T5886] usb 7-1: USB disconnect, device number 8 [ 440.855575][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.075155][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.261950][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.711230][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.117137][ T35] bridge_slave_1: left allmulticast mode [ 442.126560][ T35] bridge_slave_1: left promiscuous mode [ 442.146725][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.284615][ T35] bridge_slave_0: left allmulticast mode [ 442.308172][ T35] bridge_slave_0: left promiscuous mode [ 442.337710][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.608274][ T8972] netlink: 12 bytes leftover after parsing attributes in process `syz.5.708'. [ 445.485321][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.497943][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.892357][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 446.902145][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 446.911867][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 446.928135][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 446.937214][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 446.944694][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 448.338394][ T5913] usb 6-1: new low-speed USB device number 7 using dummy_hcd [ 448.391429][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 448.405242][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 448.445298][ T35] bond0 (unregistering): Released all slaves [ 448.530547][ T5913] usb 6-1: config 7 has an invalid interface number: 252 but max is 0 [ 448.545792][ T5913] usb 6-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 448.556502][ T5913] usb 6-1: config 7 has no interface number 0 [ 448.567238][ T5913] usb 6-1: config 7 interface 252 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 448.685057][ T5913] usb 6-1: config 7 interface 252 has no altsetting 0 [ 448.739037][ T5913] usb 6-1: string descriptor 0 read error: -22 [ 448.746988][ T5913] usb 6-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0 [ 448.795794][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.327036][ T5840] Bluetooth: hci0: command tx timeout [ 450.084693][ T5887] usb 6-1: USB disconnect, device number 7 [ 451.398058][ T5840] Bluetooth: hci0: command tx timeout [ 453.197310][ T9043] netlink: 12 bytes leftover after parsing attributes in process `syz.5.719'. [ 453.206979][ T9043] netlink: 40 bytes leftover after parsing attributes in process `syz.5.719'. [ 453.479567][ T5840] Bluetooth: hci0: command tx timeout [ 453.648563][ T9044] netlink: 76 bytes leftover after parsing attributes in process `syz.2.720'. [ 455.067142][ T35] hsr_slave_0: left promiscuous mode [ 455.144494][ T35] hsr_slave_1: left promiscuous mode [ 455.179517][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 455.200732][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 455.228407][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 455.256650][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 455.360382][ T35] veth1_macvtap: left promiscuous mode [ 455.368668][ T35] veth0_macvtap: left promiscuous mode [ 455.379696][ T35] veth1_vlan: left promiscuous mode [ 455.398219][ T35] veth0_vlan: left promiscuous mode [ 455.558058][ T5840] Bluetooth: hci0: command tx timeout [ 457.207613][ T46] hid (null): unknown global tag 0xd [ 457.294623][ T46] hid (null): unknown global tag 0xe [ 457.947310][ T46] hid-generic 0005:0001:00B4.0002: unknown main item tag 0x4 [ 457.963870][ T46] hid-generic 0005:0001:00B4.0002: unknown global tag 0xd [ 457.997156][ T46] hid-generic 0005:0001:00B4.0002: item 0 0 1 13 parsing failed [ 458.019383][ T46] hid-generic 0005:0001:00B4.0002: probe with driver hid-generic failed with error -22 [ 458.442874][ T9081] netlink: 'syz.6.729': attribute type 11 has an invalid length. [ 458.452501][ T9081] netlink: 224 bytes leftover after parsing attributes in process `syz.6.729'. [ 459.304248][ T35] team0 (unregistering): Port device team_slave_1 removed [ 459.364057][ T35] team0 (unregistering): Port device team_slave_0 removed [ 460.340508][ T9088] kernel read not supported for file /! (pid: 9088 comm: syz.5.731) [ 460.381956][ T29] audit: type=1800 audit(1740474087.001:92): pid=9088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.731" name=217F dev="mqueue" ino=23413 res=0 errno=0 [ 460.637520][ T8993] chnl_net:caif_netlink_parms(): no params data found [ 461.625095][ T9110] ======================================================= [ 461.625095][ T9110] WARNING: The mand mount option has been deprecated and [ 461.625095][ T9110] and is ignored by this kernel. Remove the mand [ 461.625095][ T9110] option from the mount to silence this warning. [ 461.625095][ T9110] ======================================================= [ 461.832738][ T9110] syz.6.735: attempt to access beyond end of device [ 461.832738][ T9110] nbd6: rw=0, sector=1, nr_sectors = 1 limit=0 [ 461.846459][ T9110] VFS: could not find a valid V7 on nbd6. [ 462.314534][ T29] audit: type=1326 audit(1740474088.931:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.5.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 462.467009][ T29] audit: type=1326 audit(1740474088.931:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.5.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 462.542249][ T8993] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.578174][ T8993] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.588634][ T29] audit: type=1326 audit(1740474088.951:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.5.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 462.613165][ T8993] bridge_slave_0: entered allmulticast mode [ 462.665216][ T8993] bridge_slave_0: entered promiscuous mode [ 462.783893][ T8993] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.811950][ T8993] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.852632][ T8993] bridge_slave_1: entered allmulticast mode [ 462.888081][ T8993] bridge_slave_1: entered promiscuous mode [ 464.207756][ T29] audit: type=1326 audit(1740474088.951:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.5.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 464.237027][ T29] audit: type=1326 audit(1740474088.951:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.5.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 464.316817][ T29] audit: type=1326 audit(1740474088.951:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.5.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe03f18bad0 code=0x7ffc0000 [ 464.447937][ T29] audit: type=1326 audit(1740474088.961:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.5.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 465.141175][ T29] audit: type=1326 audit(1740474088.961:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.5.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 465.253065][ T8993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 465.362421][ T8993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 465.775199][ T8993] team0: Port device team_slave_0 added [ 465.827543][ T8993] team0: Port device team_slave_1 added [ 465.888759][ T9143] xt_policy: output policy not valid in PREROUTING and INPUT [ 466.119023][ T9145] kernel read not supported for file /! (pid: 9145 comm: syz.2.743) [ 466.159615][ T29] audit: type=1800 audit(1740474092.781:101): pid=9145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.743" name=217F dev="mqueue" ino=23437 res=0 errno=0 [ 466.291270][ T8993] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 466.319992][ T8993] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.656857][ T8993] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 466.735312][ T8993] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 466.757257][ T8993] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.828078][ T8993] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 467.377669][ T29] audit: type=1326 audit(1740474093.991:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685438d169 code=0x7ffc0000 [ 467.401356][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.414328][ T8993] hsr_slave_0: entered promiscuous mode [ 467.436964][ T8993] hsr_slave_1: entered promiscuous mode [ 467.451841][ T8993] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 467.460452][ T29] audit: type=1326 audit(1740474093.991:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685438d169 code=0x7ffc0000 [ 467.482648][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.493308][ T8993] Cannot create hsr debugfs directory [ 467.569010][ T29] audit: type=1326 audit(1740474093.991:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f685438d169 code=0x7ffc0000 [ 467.669302][ T29] audit: type=1326 audit(1740474094.001:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685438d169 code=0x7ffc0000 [ 467.745404][ T29] audit: type=1326 audit(1740474094.001:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685438d169 code=0x7ffc0000 [ 467.829079][ T29] audit: type=1326 audit(1740474094.001:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f685438bad0 code=0x7ffc0000 [ 468.037967][ T29] audit: type=1326 audit(1740474094.001:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685438d169 code=0x7ffc0000 [ 468.082160][ T29] audit: type=1326 audit(1740474094.001:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685438d169 code=0x7ffc0000 [ 470.906174][ T8993] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 471.011876][ T8993] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 471.078530][ T8993] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 471.140381][ T8993] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 471.713904][ T8993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 471.812497][ T8993] 8021q: adding VLAN 0 to HW filter on device team0 [ 471.904981][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 471.912296][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 471.962814][ T29] audit: type=1326 audit(1740474098.581:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.5.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 471.994292][ T29] audit: type=1326 audit(1740474098.581:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.5.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 472.021084][ T29] audit: type=1326 audit(1740474098.581:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.5.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 472.031025][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 472.050625][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 472.065399][ T29] audit: type=1326 audit(1740474098.581:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.5.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 472.161562][ T29] audit: type=1326 audit(1740474098.581:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.5.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 472.247112][ T29] audit: type=1326 audit(1740474098.581:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.5.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe03f18bad0 code=0x7ffc0000 [ 472.332573][ T29] audit: type=1326 audit(1740474098.581:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.5.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 472.352649][ T8993] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 472.425434][ T29] audit: type=1326 audit(1740474098.581:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.5.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 472.679681][ T5840] Bluetooth: hci3: unexpected event for opcode 0x0005 [ 473.905182][ T9266] fuse: Unknown parameter '0x0000000000000003' [ 473.983702][ T9268] netlink: 'syz.4.763': attribute type 11 has an invalid length. [ 473.991795][ T9268] netlink: 224 bytes leftover after parsing attributes in process `syz.4.763'. [ 474.818999][ T8993] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 476.147133][ T8993] veth0_vlan: entered promiscuous mode [ 476.210095][ T8993] veth1_vlan: entered promiscuous mode [ 476.420824][ T8993] veth0_macvtap: entered promiscuous mode [ 476.455703][ T8993] veth1_macvtap: entered promiscuous mode [ 476.484919][ T9284] 9pnet: Could not find request transport: fd0x0000000000000005 [ 476.554936][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.596124][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.631834][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 476.659405][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 476.681413][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 477.589206][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.608580][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 477.636449][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.660330][ T8993] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 477.959803][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.994275][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.023066][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.157942][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.180824][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.222882][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.245905][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.256718][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.275771][ T8993] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 478.314772][ T8993] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.348290][ T8993] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.357053][ T8993] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.407219][ T8993] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.546749][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 479.588532][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 479.746203][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 479.788128][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 482.920271][ T9354] kernel read not supported for file /! (pid: 9354 comm: syz.6.781) [ 482.949328][ T29] audit: type=1800 audit(1740474109.571:118): pid=9354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.781" name=217F dev="mqueue" ino=25821 res=0 errno=0 [ 483.297996][ T9354] 9pnet: Could not find request transport: fd0x0000000000000006 [ 483.614515][ T1151] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.993262][ T1151] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.222688][ T1151] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.319187][ T1151] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.602144][ T1151] bridge_slave_1: left allmulticast mode [ 484.612929][ T1151] bridge_slave_1: left promiscuous mode [ 484.620965][ T1151] bridge0: port 2(bridge_slave_1) entered disabled state [ 484.632043][ T1151] bridge_slave_0: left allmulticast mode [ 484.637731][ T1151] bridge_slave_0: left promiscuous mode [ 484.644982][ T1151] bridge0: port 1(bridge_slave_0) entered disabled state [ 488.496391][ T9431] netlink: 40 bytes leftover after parsing attributes in process `syz.4.794'. [ 489.843684][ T9438] 9pnet: Could not find request transport: fd0x0000000000000005 [ 489.854848][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 489.870315][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 489.888302][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 489.925843][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 489.939960][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 489.950212][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 491.483323][ T1151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 491.498540][ T5896] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 491.562375][ T1151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 491.626666][ T1151] bond0 (unregistering): Released all slaves [ 491.703220][ T5896] usb 3-1: config 3 has no interfaces? [ 491.719523][ T5896] usb 3-1: New USB device found, idVendor=12d1, idProduct=1401, bcdDevice= 0.00 [ 491.779473][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.049289][ T5840] Bluetooth: hci0: command tx timeout [ 492.466528][ T9492] netlink: 40 bytes leftover after parsing attributes in process `syz.4.806'. [ 493.604464][ T46] usb 3-1: USB disconnect, device number 12 [ 493.998234][ T5889] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 494.168038][ T5840] Bluetooth: hci0: command tx timeout [ 494.917417][ T1151] hsr_slave_0: left promiscuous mode [ 494.936741][ T1151] hsr_slave_1: left promiscuous mode [ 494.964724][ T1151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 494.980267][ T5889] usb 6-1: config 17 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 495.012460][ T5889] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 495.013872][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 495.034157][ T5889] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.057208][ T1151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 495.100839][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 495.134822][ T5889] aiptek 6-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 495.253295][ T1151] veth1_macvtap: left promiscuous mode [ 495.275680][ T1151] veth0_macvtap: left promiscuous mode [ 495.296001][ T1151] veth1_vlan: left promiscuous mode [ 495.314884][ T1151] veth0_vlan: left promiscuous mode [ 496.208491][ T5840] Bluetooth: hci0: command tx timeout [ 498.238727][ T5889] usb 6-1: USB disconnect, device number 8 [ 498.288757][ T5840] Bluetooth: hci0: command tx timeout [ 498.532521][ T9524] netlink: 20 bytes leftover after parsing attributes in process `syz.2.815'. [ 500.709039][ T1151] team0 (unregistering): Port device team_slave_1 removed [ 500.760660][ T9537] netlink: 40 bytes leftover after parsing attributes in process `syz.6.818'. [ 502.140963][ T1151] team0 (unregistering): Port device team_slave_0 removed [ 502.181557][ T29] audit: type=1326 audit(1740474128.801:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.2.819" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd8c4d8d169 code=0x0 [ 505.478519][ T9561] netlink: 80 bytes leftover after parsing attributes in process `syz.6.824'. [ 506.927708][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.934282][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 509.433748][ T9444] chnl_net:caif_netlink_parms(): no params data found [ 510.071624][ T9598] netlink: 20 bytes leftover after parsing attributes in process `syz.5.833'. [ 511.116173][ T5886] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 511.315893][ T5886] usb 5-1: config 3 has no interfaces? [ 511.327688][ T5886] usb 5-1: New USB device found, idVendor=12d1, idProduct=1401, bcdDevice= 0.00 [ 511.338612][ T9444] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.379507][ T9444] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.396307][ T5886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.406786][ T9444] bridge_slave_0: entered allmulticast mode [ 511.470053][ T9444] bridge_slave_0: entered promiscuous mode [ 511.507773][ T9444] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.678139][ T9444] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.685433][ T9444] bridge_slave_1: entered allmulticast mode [ 511.699716][ T9444] bridge_slave_1: entered promiscuous mode [ 511.960275][ T9444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 512.005922][ T9444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 512.176177][ T9444] team0: Port device team_slave_0 added [ 512.251722][ T9444] team0: Port device team_slave_1 added [ 513.245189][ T9444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 513.327891][ T9444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.380279][ T23] usb 5-1: USB disconnect, device number 14 [ 513.491115][ T9444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 513.547304][ T9444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 513.587993][ T9444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.622867][ T9444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 514.448106][ T29] audit: type=1326 audit(1740474141.051:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9636 comm="syz.4.841" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f685438d169 code=0x0 [ 515.311778][ T9444] hsr_slave_0: entered promiscuous mode [ 515.328911][ T9444] hsr_slave_1: entered promiscuous mode [ 515.335497][ T9444] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 515.366251][ T9444] Cannot create hsr debugfs directory [ 517.794650][ T9663] netlink: 20 bytes leftover after parsing attributes in process `syz.6.847'. [ 518.382980][ T9661] mkiss: ax0: crc mode is auto. [ 520.892492][ T9689] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 521.157506][ T9689] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 521.380194][ T9689] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 521.544904][ T9689] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 522.015287][ T9689] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 522.215181][ T9689] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 522.725773][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 523.088737][ T9689] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 523.399027][ T5840] Bluetooth: hci5: command 0x0406 tx timeout [ 523.996899][ T9444] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 524.068727][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 524.301601][ T9444] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 524.684420][ T9732] [U] „ [ 525.538122][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 525.544215][ T5840] Bluetooth: hci5: command 0x0406 tx timeout [ 526.076742][ T9444] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 526.118075][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 526.359241][ T9444] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 526.759011][ T9740] mkiss: ax0: crc mode is auto. [ 526.820944][ T9739] netlink: 20 bytes leftover after parsing attributes in process `syz.6.862'. [ 527.517576][ T9444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 527.794164][ T9444] 8021q: adding VLAN 0 to HW filter on device team0 [ 527.837238][ T9344] bridge0: port 1(bridge_slave_0) entered blocking state [ 527.844564][ T9344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 527.917934][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 527.925212][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 528.198617][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 529.584587][ T29] audit: type=1800 audit(1740474156.201:121): pid=9762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.868" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 529.642481][ T9762] netlink: 4 bytes leftover after parsing attributes in process `syz.4.868'. [ 529.716366][ T9762] bond_slave_0: entered promiscuous mode [ 529.722556][ T9762] bond_slave_1: entered promiscuous mode [ 529.780025][ T9762] macvtap1: entered promiscuous mode [ 529.785385][ T9762] bond0: entered promiscuous mode [ 529.892848][ T9762] macvtap1: entered allmulticast mode [ 529.981185][ T9762] bond0: entered allmulticast mode [ 530.007205][ T9762] bond_slave_0: entered allmulticast mode [ 530.076264][ T9762] bond_slave_1: entered allmulticast mode [ 530.146175][ T9762] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 530.424422][ T9763] bond0: left allmulticast mode [ 530.463042][ T9763] bond_slave_0: left allmulticast mode [ 530.640212][ T9763] bond_slave_1: left allmulticast mode [ 530.735864][ T9763] bond0: left promiscuous mode [ 530.788766][ T9763] bond_slave_0: left promiscuous mode [ 530.794591][ T9763] bond_slave_1: left promiscuous mode [ 531.222767][ T9768] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 531.231002][ T9768] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 531.250534][ T9768] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 532.628518][ T9796] netlink: 20 bytes leftover after parsing attributes in process `syz.5.879'. [ 533.238974][ T54] Bluetooth: hci5: command 0x0406 tx timeout [ 533.245210][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 533.251650][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 533.634770][ T9797] erspan1: entered promiscuous mode [ 534.708882][ T9444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 534.811456][ T9814] fuse: Bad value for 'fd' [ 535.619869][ T9444] veth0_vlan: entered promiscuous mode [ 536.252254][ T9444] veth1_vlan: entered promiscuous mode [ 536.458975][ T9444] veth0_macvtap: entered promiscuous mode [ 536.494679][ T9444] veth1_macvtap: entered promiscuous mode [ 536.555019][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 536.599984][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 536.658841][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 536.713968][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 536.807887][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 536.864125][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 536.874406][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 536.886158][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 536.901122][ T9444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 537.338206][ T9843] netlink: 52 bytes leftover after parsing attributes in process `syz.6.888'. [ 538.077510][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.166184][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.214758][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.248149][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.264905][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.285841][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.303292][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.326127][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.372395][ T9835] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 538.380684][ T9835] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 538.386734][ T9835] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 538.571792][ T9444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 538.685517][ T9444] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.708222][ T9444] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.752826][ T9444] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.776813][ T9444] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.868865][ T9871] fuse: Bad value for 'fd' [ 540.527980][ T9804] Bluetooth: hci0: command 0x0c1a tx timeout [ 540.534314][ T9804] Bluetooth: hci5: command 0x0406 tx timeout [ 540.540642][ T9804] Bluetooth: hci3: command 0x0406 tx timeout [ 540.998839][ T9877] netlink: 20 bytes leftover after parsing attributes in process `syz.4.896'. [ 541.103911][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 541.129000][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 541.873080][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 541.916518][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.769103][ T5888] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 543.134371][ T5888] usb 6-1: config 3 has no interfaces? [ 543.281041][ T5888] usb 6-1: New USB device found, idVendor=12d1, idProduct=1401, bcdDevice= 0.00 [ 543.333132][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.476794][ T1082] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.618882][ T9920] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 545.628859][ T9920] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 545.778877][ T1082] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.864077][ T46] usb 6-1: USB disconnect, device number 9 [ 545.980676][ T1082] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.077066][ T1082] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.318232][ T1082] bridge_slave_1: left allmulticast mode [ 546.323961][ T1082] bridge_slave_1: left promiscuous mode [ 546.343504][ T1082] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.364893][ T1082] bridge_slave_0: left allmulticast mode [ 546.375285][ T1082] bridge_slave_0: left promiscuous mode [ 546.383682][ T1082] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.949081][ T9949] fuse: Bad value for 'fd' [ 547.776303][ T8996] Bluetooth: hci5: command 0x0406 tx timeout [ 547.782501][ T9804] Bluetooth: hci3: command 0x0406 tx timeout [ 548.583161][ T9956] 9pnet_fd: Insufficient options for proto=fd [ 548.621152][ T1082] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 548.661586][ T1082] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 549.217295][ T1082] bond0 (unregistering): Released all slaves [ 549.304015][ T8996] Bluetooth: hci3: unexpected event for opcode 0x0005 [ 550.292995][ T9977] xt_socket: unknown flags 0x50 [ 550.315866][ T9977] process 'syz.4.914' launched '/dev/fd/9' with NULL argv: empty string added [ 551.600585][ T9804] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 551.620506][ T9804] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 551.655685][ T9804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 551.669787][ T9804] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 551.688277][ T9804] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 551.695762][ T9804] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 552.359079][T10001] fuse: Bad value for 'fd' [ 552.808164][ T5889] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 552.980169][ T1082] hsr_slave_0: left promiscuous mode [ 553.012949][ T1082] hsr_slave_1: left promiscuous mode [ 553.026010][ T1082] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 553.058057][ T1082] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 553.070313][ T5889] usb 3-1: config 3 has no interfaces? [ 553.075847][ T5889] usb 3-1: New USB device found, idVendor=12d1, idProduct=1401, bcdDevice= 0.00 [ 553.109569][ T1082] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 553.117015][ T1082] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 553.117874][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.259017][ T1082] veth1_macvtap: left promiscuous mode [ 553.264686][ T1082] veth0_macvtap: left promiscuous mode [ 553.288354][ T1082] veth1_vlan: left promiscuous mode [ 553.293813][ T1082] veth0_vlan: left promiscuous mode [ 553.798088][ T9804] Bluetooth: hci0: command tx timeout [ 554.814859][ T9994] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 554.825081][ T9994] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 554.858310][ T9994] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 554.874697][ T9994] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 554.998380][ T9804] Bluetooth: hci3: command 0x0406 tx timeout [ 555.156603][ T9994] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 555.517439][ T5888] usb 3-1: USB disconnect, device number 13 [ 556.393877][ T1082] team0 (unregistering): Port device team_slave_1 removed [ 556.669371][T10050] netlink: 24 bytes leftover after parsing attributes in process `syz.2.933'. [ 557.431904][ T9804] Bluetooth: hci5: command 0x0406 tx timeout [ 557.438124][ T9804] Bluetooth: hci0: command 0x040f tx timeout [ 557.503250][ T1082] team0 (unregistering): Port device team_slave_0 removed [ 559.219640][T10064] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 559.225716][T10064] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 559.265430][T10064] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 560.814325][ T9984] chnl_net:caif_netlink_parms(): no params data found [ 560.963569][ T9804] Bluetooth: hci5: unexpected event for opcode 0x0005 [ 560.978021][ T5919] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 561.150506][ T5919] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 561.162224][ T5919] usb 3-1: config 0 interface 0 has no altsetting 0 [ 561.191420][ T5919] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 561.207953][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.223556][ T5919] usb 3-1: Product: syz [ 561.235082][ T5919] usb 3-1: Manufacturer: syz [ 561.240159][ T9804] Bluetooth: hci3: command 0x0406 tx timeout [ 561.247903][ T5919] usb 3-1: SerialNumber: syz [ 561.258363][ T5919] usb 3-1: config 0 descriptor?? [ 561.269297][T10114] syz_tun: entered promiscuous mode [ 561.279309][ T5919] usb 3-1: selecting invalid altsetting 0 [ 561.288831][T10114] syz_tun: left promiscuous mode [ 561.328266][ T9804] Bluetooth: hci0: command 0x040f tx timeout [ 561.340606][ T9984] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.353959][ T9984] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.362385][ T9984] bridge_slave_0: entered allmulticast mode [ 561.371232][ T9984] bridge_slave_0: entered promiscuous mode [ 561.395210][ T9984] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.431579][ T9984] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.464342][ T9984] bridge_slave_1: entered allmulticast mode [ 561.473770][ T29] audit: type=1326 audit(1740474188.091:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10096 comm="syz.2.945" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd8c4d8d169 code=0x0 [ 561.505933][ T9984] bridge_slave_1: entered promiscuous mode [ 562.642842][ T9984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 562.715874][ T9984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 563.398414][ T9804] Bluetooth: hci0: command 0x040f tx timeout [ 563.418224][ T9984] team0: Port device team_slave_0 added [ 563.435187][ T9984] team0: Port device team_slave_1 added [ 563.786723][T10098] snd-usb-audio 3-1:0.0: Runtime PM usage count underflow! [ 563.841496][ T5887] usb 3-1: USB disconnect, device number 14 [ 564.058420][ T9984] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 564.116859][ T9984] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 565.445575][ T9984] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 565.478515][ T9804] Bluetooth: hci0: command 0x040f tx timeout [ 565.580307][ T9984] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 565.597935][ T9984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 565.657949][ T9984] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 565.973484][T10143] netlink: 'syz.2.957': attribute type 11 has an invalid length. [ 566.492559][T10147] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 566.495917][T10143] netlink: 224 bytes leftover after parsing attributes in process `syz.2.957'. [ 566.524379][ T9984] hsr_slave_0: entered promiscuous mode [ 566.548213][T10147] F2FS-fs (loop13): Can't find valid F2FS filesystem in 1th superblock [ 566.560096][ T9984] hsr_slave_1: entered promiscuous mode [ 566.573735][ T9984] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 566.608586][T10147] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 566.610198][ T9984] Cannot create hsr debugfs directory [ 566.616663][T10147] F2FS-fs (loop13): Can't find valid F2FS filesystem in 2th superblock [ 566.677853][T10141] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 566.687210][T10141] F2FS-fs (loop13): Can't find valid F2FS filesystem in 1th superblock [ 566.700637][T10141] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 566.718177][T10141] F2FS-fs (loop13): Can't find valid F2FS filesystem in 2th superblock [ 567.335873][T10152] syz.5.960: attempt to access beyond end of device [ 567.335873][T10152] nbd5: rw=0, sector=1, nr_sectors = 1 limit=0 [ 567.352093][T10152] VFS: could not find a valid V7 on nbd5. [ 567.557971][ T9804] Bluetooth: hci0: command 0x040f tx timeout [ 568.381038][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.418805][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 572.022783][T10194] fuse: Invalid rootmode [ 572.506370][T10200] Invalid logical block size (137) [ 573.032400][T10195] netlink: 'syz.5.974': attribute type 11 has an invalid length. [ 573.040342][T10195] netlink: 224 bytes leftover after parsing attributes in process `syz.5.974'. [ 575.814017][ T9984] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 575.849699][ T9984] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 575.918086][ T5887] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 576.422630][ T9984] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 576.473901][ T9984] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 576.575517][ T5887] usb 5-1: config 3 has no interfaces? [ 576.591109][ T5887] usb 5-1: New USB device found, idVendor=12d1, idProduct=1401, bcdDevice= 0.00 [ 576.596439][T10230] fuse: Bad value for 'rootmode' [ 576.622272][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.922629][ T9984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 578.004995][ T9984] 8021q: adding VLAN 0 to HW filter on device team0 [ 578.070792][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.078171][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.277637][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.284899][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.495375][ T5919] usb 5-1: USB disconnect, device number 15 [ 580.733461][ T9984] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 580.993948][ T9984] veth0_vlan: entered promiscuous mode [ 581.044306][ T9984] veth1_vlan: entered promiscuous mode [ 581.477999][T10276] fuse: Bad value for 'fd' [ 582.080612][T10277] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 582.798210][ T9984] veth0_macvtap: entered promiscuous mode [ 582.842982][ T9984] veth1_macvtap: entered promiscuous mode [ 582.959307][ T9984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 582.982201][ T9984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 582.998407][ T9984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 583.014162][ T9984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 583.024219][ T9984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 583.034918][ T9984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 583.237921][ T9984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.078380][ T9984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.099973][ T9984] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 584.802948][ T9984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.827905][ T9984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.837778][ T9984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 585.053964][ T9984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.386733][ T9984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 585.479138][ T9984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.507879][ T9984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 585.528631][ T9984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.591421][ T9984] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 587.103712][ T9984] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.138075][ T9984] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.146835][ T9984] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.218052][ T9984] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.526034][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.678956][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 587.913105][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.957433][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 589.208788][T10340] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1012'. [ 591.836510][ T1111] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.100684][ T1111] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.290671][ T1111] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.416573][ T1111] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.741493][ T1111] bridge_slave_1: left allmulticast mode [ 592.747780][ T1111] bridge_slave_1: left promiscuous mode [ 592.757253][ T1111] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.769938][ T1111] bridge_slave_0: left allmulticast mode [ 592.775693][ T1111] bridge_slave_0: left promiscuous mode [ 592.781673][ T1111] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.178820][T10381] fuse: Unknown parameter 'use00000000000000000000' [ 595.630445][ T8996] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 595.640743][ T8996] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 595.648833][ T8996] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 595.658310][ T8996] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 595.667980][ T8996] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 595.676831][ T8996] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 597.311349][ T1111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 597.370618][ T1111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 597.413136][ T1111] bond0 (unregistering): Released all slaves [ 597.718738][ T8996] Bluetooth: hci0: command tx timeout [ 598.180681][ T5888] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 598.451004][ T5888] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 598.492508][ T5888] usb 6-1: config 0 interface 0 has no altsetting 0 [ 598.513896][ T5888] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 598.537365][ T5888] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.557020][T10434] fuse: Unknown parameter 'use00000000000000000000' [ 598.572948][ T5888] usb 6-1: Product: syz [ 598.587499][ T5888] usb 6-1: Manufacturer: syz [ 598.597646][ T5888] usb 6-1: SerialNumber: syz [ 598.660800][ T5888] usb 6-1: config 0 descriptor?? [ 598.768688][ T1111] hsr_slave_0: left promiscuous mode [ 598.787236][ T5888] usb 6-1: selecting invalid altsetting 0 [ 598.815738][ T1111] hsr_slave_1: left promiscuous mode [ 598.837923][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 598.870372][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 598.945951][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 598.974099][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 599.218431][ T5887] usb 6-1: USB disconnect, device number 10 [ 599.678252][ T1111] veth1_macvtap: left promiscuous mode [ 599.688025][ T1111] veth0_macvtap: left promiscuous mode [ 599.694020][ T1111] veth1_vlan: left promiscuous mode [ 599.718819][ T1111] veth0_vlan: left promiscuous mode [ 599.797982][ T8996] Bluetooth: hci0: command tx timeout [ 599.981274][T10444] udevd[10444]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 600.091753][T10450] netlink: 'syz.4.1035': attribute type 11 has an invalid length. [ 600.099953][T10450] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1035'. [ 601.937151][ T8996] Bluetooth: hci0: command tx timeout [ 603.702692][ T1111] team0 (unregistering): Port device team_slave_1 removed [ 603.810043][ T1111] team0 (unregistering): Port device team_slave_0 removed [ 603.959240][ T8996] Bluetooth: hci0: command tx timeout [ 604.719903][T10478] futex_wake_op: syz.5.1042 tries to shift op by -1; fix this program [ 605.399294][T10483] fuse: Unknown parameter 'use00000000000000000000' [ 609.480255][T10406] chnl_net:caif_netlink_parms(): no params data found [ 611.538334][T10531] fuse: Unknown parameter 'user_i00000000000000000000' [ 611.720795][T10406] bridge0: port 1(bridge_slave_0) entered blocking state [ 611.728176][T10406] bridge0: port 1(bridge_slave_0) entered disabled state [ 611.735513][T10406] bridge_slave_0: entered allmulticast mode [ 611.795292][T10406] bridge_slave_0: entered promiscuous mode [ 611.840308][T10406] bridge0: port 2(bridge_slave_1) entered blocking state [ 611.875754][T10406] bridge0: port 2(bridge_slave_1) entered disabled state [ 611.895523][T10406] bridge_slave_1: entered allmulticast mode [ 611.914147][T10406] bridge_slave_1: entered promiscuous mode [ 612.202163][T10406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 612.234679][T10406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 612.481276][T10406] team0: Port device team_slave_0 added [ 612.580377][T10406] team0: Port device team_slave_1 added [ 612.781228][T10406] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 613.828252][T10406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.867064][T10406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 613.887609][T10406] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 613.896759][T10406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.936620][T10406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 614.185013][T10570] syz.4.1064: attempt to access beyond end of device [ 614.185013][T10570] nbd4: rw=0, sector=1, nr_sectors = 1 limit=0 [ 614.224575][T10570] VFS: could not find a valid V7 on nbd4. [ 616.228928][T10579] fuse: Unknown parameter 'user_i00000000000000000000' [ 617.018316][T10406] hsr_slave_0: entered promiscuous mode [ 617.816545][T10406] hsr_slave_1: entered promiscuous mode [ 617.878798][T10406] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 617.886961][T10406] Cannot create hsr debugfs directory [ 618.209207][T10597] netlink: 'syz.5.1070': attribute type 11 has an invalid length. [ 618.217369][T10597] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1070'. [ 618.711083][T10595] tmpfs: Bad value for 'mpol' [ 619.761151][T10612] delete_channel: no stack [ 624.281030][T10636] syz.6.1080 (10636) used greatest stack depth: 18640 bytes left [ 624.582357][T10640] fuse: Unknown parameter 'user_i00000000000000000000' [ 624.619017][T10638] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 624.628593][T10638] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 624.637348][T10638] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 624.646598][T10638] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 626.023398][T10406] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 626.218435][T10406] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 626.693455][T10406] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 626.777458][T10406] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 627.946571][T10406] 8021q: adding VLAN 0 to HW filter on device bond0 [ 628.028978][T10683] fuse: Unknown parameter 'user_id00000000000000000000' [ 628.051834][T10406] 8021q: adding VLAN 0 to HW filter on device team0 [ 628.082375][ T6001] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.089569][ T6001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 628.146147][ T6001] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.153463][ T6001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 630.345634][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.352074][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.321279][T10715] syz_tun: entered allmulticast mode [ 631.413839][T10714] syz_tun: left allmulticast mode [ 631.697988][ T29] audit: type=1800 audit(1740474258.281:123): pid=10720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1102" name="SYSV00000000" dev="hugetlbfs" ino=5 res=0 errno=0 [ 632.172105][T10406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 632.978778][T10406] veth0_vlan: entered promiscuous mode [ 633.063421][T10406] veth1_vlan: entered promiscuous mode [ 633.347421][T10406] veth0_macvtap: entered promiscuous mode [ 633.457213][T10406] veth1_macvtap: entered promiscuous mode [ 633.672002][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 633.724302][T10745] fuse: Unknown parameter 'user_id00000000000000000000' [ 633.762391][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.813503][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 633.843216][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.888017][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 633.927904][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 634.132059][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 634.142728][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 634.154141][T10406] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 635.045169][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 635.176982][T10759] netlink: 'syz.2.1109': attribute type 11 has an invalid length. [ 635.185093][T10759] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1109'. [ 635.298752][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 635.537938][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 635.567901][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 635.638107][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 635.677743][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 635.702803][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 635.853767][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.608870][T10406] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 636.620330][T10406] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.657966][T10406] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.666742][T10406] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.702429][T10406] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.238166][ T5888] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 638.502974][ T5888] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 638.530126][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.565761][ T1151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 638.577330][ T5888] usb 6-1: config 0 descriptor?? [ 638.604221][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.729986][T10789] netlink: 'syz.6.1118': attribute type 1 has an invalid length. [ 638.743484][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 638.753835][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.761565][T10789] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1118'. [ 638.814735][ T5888] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 638.842169][ T5888] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 638.882268][ T5888] [drm:udl_init] *ERROR* Selecting channel failed [ 639.014969][ T5888] [drm] Initialized udl 0.0.1 for 6-1:0.0 on minor 2 [ 639.126047][ T5888] [drm] Initialized udl on minor 2 [ 639.153345][ T5888] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 639.178700][ T5888] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 639.211314][ T5887] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 639.237457][ T5888] usb 6-1: USB disconnect, device number 11 [ 639.254438][ T5887] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 639.298066][ T5887] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 639.354383][T10802] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1120'. [ 639.800294][T10811] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1123'. [ 640.739168][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.521886][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 642.218464][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 642.493999][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 642.595802][ T9804] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 642.619531][ T9804] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 642.638164][ T9804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 642.651816][ T9804] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 642.666394][ T9804] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 642.674960][ T9804] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 643.966794][ T12] bridge_slave_1: left allmulticast mode [ 643.995947][ T12] bridge_slave_1: left promiscuous mode [ 644.037836][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.087130][ T12] bridge_slave_0: left allmulticast mode [ 644.098367][ T12] bridge_slave_0: left promiscuous mode [ 644.119576][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 645.229566][ T5887] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 645.238053][ T8996] Bluetooth: hci0: command tx timeout [ 645.434106][ T5887] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 645.449894][ T5887] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 645.514223][ T5887] usb 6-1: config 0 descriptor?? [ 646.028167][ T5887] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 646.036739][ T5887] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 646.108076][ T5887] [drm:udl_init] *ERROR* Selecting channel failed [ 646.173553][ T5887] [drm] Initialized udl 0.0.1 for 6-1:0.0 on minor 2 [ 646.187293][ T5887] [drm] Initialized udl on minor 2 [ 646.192665][T10781] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 646.400020][ T5887] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 646.426996][ T5887] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 646.435270][ T5886] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 646.465836][ T5887] usb 6-1: USB disconnect, device number 12 [ 646.489590][T10781] usb 7-1: config 3 has no interfaces? [ 646.495161][T10781] usb 7-1: New USB device found, idVendor=12d1, idProduct=1401, bcdDevice= 0.00 [ 646.506695][ T5886] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 646.538307][T10781] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.550009][ T5886] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 647.255269][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 647.302547][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 647.317887][ T8996] Bluetooth: hci0: command tx timeout [ 647.358840][ T12] bond0 (unregistering): Released all slaves [ 649.398279][ T8996] Bluetooth: hci0: command tx timeout [ 649.960387][ T8996] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 651.857898][ T8996] Bluetooth: hci0: command tx timeout [ 652.126000][ T5887] usb 7-1: USB disconnect, device number 9 [ 652.243046][T10913] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1142'. [ 653.228057][ T12] hsr_slave_0: left promiscuous mode [ 653.339317][ T12] hsr_slave_1: left promiscuous mode [ 653.577853][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 653.585359][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 653.606350][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 653.650304][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 653.821905][ T12] veth1_macvtap: left promiscuous mode [ 653.848107][ T12] veth0_macvtap: left promiscuous mode [ 653.858354][ T12] veth1_vlan: left promiscuous mode [ 653.863854][ T12] veth0_vlan: left promiscuous mode [ 655.182673][T10954] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 655.189644][T10954] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 658.406700][ T12] team0 (unregistering): Port device team_slave_1 removed [ 658.509021][ T12] team0 (unregistering): Port device team_slave_0 removed [ 658.768193][T10982] overlayfs: overlapping lowerdir path [ 658.908693][T10985] program syz.2.1161 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 660.408026][ T5887] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 660.559433][ T5887] usb 7-1: Using ep0 maxpacket: 8 [ 660.567758][ T5887] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 660.579430][ T5887] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 660.592598][ T5887] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 660.603065][ T5887] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 660.616209][ T5887] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 660.625724][ T5887] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.635411][T10995] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 660.652066][T10995] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 660.680576][T10995] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 660.856382][ T5887] usb 7-1: GET_CAPABILITIES returned 0 [ 660.875647][ T5887] usbtmc 7-1:16.0: can't read capabilities [ 660.932704][T10843] chnl_net:caif_netlink_parms(): no params data found [ 661.106916][ C0] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 661.135053][ T5887] usb 7-1: USB disconnect, device number 10 [ 663.290765][T10843] bridge0: port 1(bridge_slave_0) entered blocking state [ 663.331986][T10843] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.365566][T10843] bridge_slave_0: entered allmulticast mode [ 663.403309][T10843] bridge_slave_0: entered promiscuous mode [ 663.500319][T10843] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.558984][T10843] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.593220][T10843] bridge_slave_1: entered allmulticast mode [ 663.717549][T10843] bridge_slave_1: entered promiscuous mode [ 665.624182][T10843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 665.850167][T10843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 665.997351][T11042] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 667.187688][T10843] team0: Port device team_slave_0 added [ 667.286844][T10843] team0: Port device team_slave_1 added [ 667.366910][T11012] syz.2.1169 (11012): drop_caches: 2 [ 667.686498][T10843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 667.741895][T10843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 667.862722][T10843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 668.449882][T10843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 668.475253][T10843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 668.571835][T10843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 668.916151][T10843] hsr_slave_0: entered promiscuous mode [ 668.938503][T10843] hsr_slave_1: entered promiscuous mode [ 668.955822][T10843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 668.994081][T10843] Cannot create hsr debugfs directory [ 669.587941][T11077] Invalid logical block size (137) [ 670.437492][T11082] xt_connbytes: Forcing CT accounting to be enabled [ 670.446105][T11082] --map-set only usable from mangle table [ 675.313743][T10843] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 675.540565][T10843] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 675.752146][T10843] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 675.789391][T11116] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 675.809835][T10843] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 675.816922][T11116] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 676.068677][T11116] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 676.089247][T11116] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 676.146187][T11116] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 676.300415][T11136] (syz.5.1197,11136,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 676.309668][T11136] (syz.5.1197,11136,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 677.076161][T10843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 677.719220][ T8996] Bluetooth: hci3: command 0x0406 tx timeout [ 677.864266][T10843] 8021q: adding VLAN 0 to HW filter on device team0 [ 677.869279][T11148] fuse: Unknown parameter '0x0000000000000003' [ 677.878031][ T8996] Bluetooth: hci5: command 0x0406 tx timeout [ 677.960463][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.967697][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 678.227975][ T8996] Bluetooth: hci0: command 0x0c1a tx timeout [ 678.250258][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.257504][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 679.228354][ T29] audit: type=1326 audit(1740474305.281:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11149 comm="syz.6.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 679.298001][T11157] vxcan1: entered promiscuous mode [ 679.539941][ T29] audit: type=1326 audit(1740474305.281:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11149 comm="syz.6.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 679.549304][T11157] team0: Device vxcan1 is of different type [ 679.562788][ T29] audit: type=1326 audit(1740474305.281:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11149 comm="syz.6.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 679.659858][ T29] audit: type=1326 audit(1740474305.281:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11149 comm="syz.6.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 680.238016][ T29] audit: type=1326 audit(1740474305.291:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11149 comm="syz.6.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 680.297843][ T8996] Bluetooth: hci0: command 0x0c1a tx timeout [ 680.336648][ T29] audit: type=1326 audit(1740474305.291:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11149 comm="syz.6.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f75b518bad0 code=0x7ffc0000 [ 680.361081][ T29] audit: type=1326 audit(1740474305.291:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11149 comm="syz.6.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 680.383789][ T29] audit: type=1326 audit(1740474305.291:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11149 comm="syz.6.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 682.377948][ T8996] Bluetooth: hci0: command 0x0c1a tx timeout [ 682.712819][T10843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 682.965264][T10843] veth0_vlan: entered promiscuous mode [ 683.592882][T10843] veth1_vlan: entered promiscuous mode [ 684.249099][T10843] veth0_macvtap: entered promiscuous mode [ 684.255855][T11213] fuse: Unknown parameter '0x0000000000000003' [ 684.421663][T10843] veth1_macvtap: entered promiscuous mode [ 684.598148][ T29] audit: type=1326 audit(1740474311.171:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11210 comm="syz.2.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c4d8d169 code=0x7ffc0000 [ 685.308577][ T29] audit: type=1326 audit(1740474311.171:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11210 comm="syz.2.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c4d8d169 code=0x7ffc0000 [ 685.344188][T10843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.369576][ T29] audit: type=1326 audit(1740474311.181:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11210 comm="syz.2.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7fd8c4d8d169 code=0x7ffc0000 [ 685.370769][T10843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.455497][ T29] audit: type=1326 audit(1740474311.181:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11210 comm="syz.2.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c4d8d169 code=0x7ffc0000 [ 685.479306][T11223] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 685.479306][T11223] The task syz.2.1216 (11223) triggered the difference, watch for misbehavior. [ 685.548667][ T29] audit: type=1326 audit(1740474311.181:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11210 comm="syz.2.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c4d8d169 code=0x7ffc0000 [ 685.644344][T10843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.656067][T10843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.666036][T10843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.684293][T10843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.694239][T10843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 686.517913][ T29] audit: type=1326 audit(1740474311.181:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11210 comm="syz.2.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd8c4d8bad0 code=0x7ffc0000 [ 686.540364][ T29] audit: type=1326 audit(1740474311.191:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11210 comm="syz.2.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c4d8d169 code=0x7ffc0000 [ 686.578071][T10843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.629522][T10843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 686.665980][ T29] audit: type=1326 audit(1740474311.191:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11210 comm="syz.2.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c4d8d169 code=0x7ffc0000 [ 686.729235][T10843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.903844][T10843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 687.029260][T10843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 687.131166][T10843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 687.302185][T10843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 687.417852][T10843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 687.444944][T10843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 687.469211][T10843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 687.495904][T10843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 687.542006][T10843] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 687.582706][T10843] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 687.608009][T10843] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 687.637580][T10843] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 688.580780][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 688.620763][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 688.770211][ T6123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 688.807897][ T6123] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 689.017062][T11264] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1225'. [ 689.035331][T11267] fuse: Unknown parameter '0x0000000000000003' [ 690.079379][T11264] syz.5.1225: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 690.097355][T11264] CPU: 1 UID: 0 PID: 11264 Comm: syz.5.1225 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 690.097384][T11264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 690.097397][T11264] Call Trace: [ 690.097405][T11264] [ 690.097414][T11264] dump_stack_lvl+0x241/0x360 [ 690.097450][T11264] ? __pfx_dump_stack_lvl+0x10/0x10 [ 690.097476][T11264] ? __pfx__printk+0x10/0x10 [ 690.097508][T11264] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 690.097541][T11264] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 690.097576][T11264] warn_alloc+0x278/0x410 [ 690.097610][T11264] ? __pfx_warn_alloc+0x10/0x10 [ 690.097648][T11264] ? vb2_vmalloc_alloc+0xf2/0x340 [ 690.097674][T11264] ? __get_vm_area_node+0x1c8/0x2d0 [ 690.097694][T11264] ? __get_vm_area_node+0x25c/0x2d0 [ 690.097731][T11264] __vmalloc_node_range_noprof+0x62f/0x1380 [ 690.097809][T11264] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 690.097842][T11264] ? __kasan_kmalloc+0x98/0xb0 [ 690.097880][T11264] vmalloc_user_noprof+0x74/0x80 [ 690.097906][T11264] ? vb2_vmalloc_alloc+0xf2/0x340 [ 690.097932][T11264] vb2_vmalloc_alloc+0xf2/0x340 [ 690.097965][T11264] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 690.098001][T11264] __vb2_queue_alloc+0xa0b/0x16f0 [ 690.098069][T11264] vb2_core_reqbufs+0xd2e/0x17c0 [ 690.098126][T11264] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 690.098187][T11264] v4l2_m2m_ioctl_reqbufs+0x14b/0x230 [ 690.098220][T11264] __video_do_ioctl+0xc23/0xdd0 [ 690.098264][T11264] ? __pfx___video_do_ioctl+0x10/0x10 [ 690.098293][T11264] ? __might_fault+0xaa/0x120 [ 690.098332][T11264] video_usercopy+0x94f/0x12c0 [ 690.098375][T11264] ? __pfx___video_do_ioctl+0x10/0x10 [ 690.098400][T11264] ? __pfx_video_usercopy+0x10/0x10 [ 690.098445][T11264] ? __fget_files+0x2a/0x410 [ 690.098473][T11264] ? __fget_files+0x2a/0x410 [ 690.098501][T11264] v4l2_ioctl+0x189/0x1e0 [ 690.098534][T11264] ? __pfx_v4l2_ioctl+0x10/0x10 [ 690.098571][T11264] __se_sys_ioctl+0xf1/0x160 [ 690.098604][T11264] do_syscall_64+0xf3/0x230 [ 690.098636][T11264] ? clear_bhb_loop+0x45/0xa0 [ 690.098673][T11264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.098703][T11264] RIP: 0033:0x7fe03f18d169 [ 690.098723][T11264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 690.098742][T11264] RSP: 002b:00007fe03ff9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 690.098766][T11264] RAX: ffffffffffffffda RBX: 00007fe03f3a6080 RCX: 00007fe03f18d169 [ 690.098782][T11264] RDX: 0000400000000000 RSI: 00000000c0145608 RDI: 000000000000000a [ 690.098796][T11264] RBP: 00007fe03f20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 690.098809][T11264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 690.098822][T11264] R13: 0000000000000000 R14: 00007fe03f3a6080 R15: 00007ffdd684e8b8 [ 690.098865][T11264] [ 690.428972][T11264] Mem-Info: [ 690.432348][T11264] active_anon:8726 inactive_anon:0 isolated_anon:0 [ 690.432348][T11264] active_file:17337 inactive_file:38551 isolated_file:0 [ 690.432348][T11264] unevictable:768 dirty:116 writeback:0 [ 690.432348][T11264] slab_reclaimable:8256 slab_unreclaimable:103067 [ 690.432348][T11264] mapped:28879 shmem:4323 pagetables:1084 [ 690.432348][T11264] sec_pagetables:0 bounce:0 [ 690.432348][T11264] kernel_misc_reclaimable:0 [ 690.432348][T11264] free:1313828 free_pcp:4666 free_cma:0 [ 690.669194][T11290] syz.4.1231: attempt to access beyond end of device [ 690.669194][T11290] nbd4: rw=0, sector=1, nr_sectors = 1 limit=0 [ 690.683188][T11264] Node 0 active_anon:34856kB inactive_anon:0kB active_file:69348kB inactive_file:154128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:115428kB dirty:472kB writeback:0kB shmem:15756kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11292kB pagetables:4068kB sec_pagetables:0kB all_unreclaimable? no [ 690.759753][T11290] VFS: could not find a valid V7 on nbd4. [ 690.786657][T11264] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 690.873093][T11264] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 690.909208][ T1151] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 690.926607][T11264] lowmem_reserve[]: 0 2489 2490 0 0 [ 690.951776][T11264] Node 0 DMA32 free:1374292kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:34920kB inactive_anon:0kB active_file:69348kB inactive_file:153800kB unevictable:1536kB writepending:480kB present:3129332kB managed:2549508kB mlocked:0kB bounce:0kB free_pcp:18644kB local_pcp:17188kB free_cma:0kB [ 691.062370][T11264] lowmem_reserve[]: 0 0 0 0 0 [ 691.067174][T11264] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:328kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 691.177301][T11264] lowmem_reserve[]: 0 0 0 0 0 [ 691.207937][T11264] Node 1 Normal free:3902760kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 691.239628][ T1151] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.281386][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.287836][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.288812][T11264] lowmem_reserve[]: 0 0 0 0 0 [ 691.348269][T11264] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 691.425833][T11264] Node 0 DMA32: 1599*4kB (UME) 1081*8kB (UME) 1167*16kB (UME) 568*32kB (UME) 374*64kB (UME) 79*128kB (UME) 29*256kB (UME) 46*512kB (UME) 48*1024kB (UM) 5*2048kB (M) 297*4096kB (UM) = 1392820kB [ 691.481597][T11264] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 691.496177][T11264] Node 1 Normal: 218*4kB (UME) 40*8kB (UME) 32*16kB (UME) 202*32kB (UME) 101*64kB (UME) 28*128kB (UM) 16*256kB (UME) 7*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 945*4096kB (M) = 3902760kB [ 691.518627][ T1151] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.530788][T11264] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 691.544659][T11264] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 691.554205][T11264] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 691.574174][T11264] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 691.584242][T11264] 57736 total pagecache pages [ 691.596641][T11264] 0 pages in swap cache [ 691.602280][T11264] Free swap = 124560kB [ 691.606454][T11264] Total swap = 124996kB [ 691.672669][ T1151] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.708043][T11264] 2097051 pages RAM [ 691.734879][T11264] 0 pages HighMem/MovableOnly [ 691.750376][T11264] 427952 pages reserved [ 691.754566][T11264] 0 pages cma reserved [ 693.381174][ T1151] bridge_slave_1: left allmulticast mode [ 693.446767][ T1151] bridge_slave_1: left promiscuous mode [ 693.495987][ T1151] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.595270][ T1151] bridge_slave_0: left allmulticast mode [ 693.627219][ T1151] bridge_slave_0: left promiscuous mode [ 693.662315][ T1151] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.103782][ T9804] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 697.114180][ T9804] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 697.122277][ T9804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 697.130818][ T9804] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 697.139755][ T9804] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 697.147865][ T9804] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 697.592515][T11350] syz.4.1244: attempt to access beyond end of device [ 697.592515][T11350] nbd4: rw=0, sector=1, nr_sectors = 1 limit=0 [ 697.605702][T11350] VFS: could not find a valid V7 on nbd4. [ 698.266180][T11355] netlink: 'syz.4.1245': attribute type 11 has an invalid length. [ 698.275094][T11355] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1245'. [ 698.378262][ T1151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 698.708474][ T1151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 698.808160][ T1151] bond0 (unregistering): Released all slaves [ 699.305736][ T9804] Bluetooth: hci0: command tx timeout [ 700.503681][T11367] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1247'. [ 700.741964][T11368] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1248'. [ 701.418126][ T9804] Bluetooth: hci0: command tx timeout [ 703.478261][ T9804] Bluetooth: hci0: command tx timeout [ 703.986173][ T1151] hsr_slave_0: left promiscuous mode [ 704.015502][ T1151] hsr_slave_1: left promiscuous mode [ 704.029032][ T1151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 704.036583][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 704.061326][ T1151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 704.074797][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 704.125210][ T1151] veth1_macvtap: left promiscuous mode [ 704.136692][ T1151] veth0_macvtap: left promiscuous mode [ 704.149341][ T1151] veth1_vlan: left promiscuous mode [ 704.160347][ T1151] veth0_vlan: left promiscuous mode [ 705.104140][T11409] netlink: 'syz.4.1259': attribute type 11 has an invalid length. [ 705.112530][T11409] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1259'. [ 706.040533][ T9804] Bluetooth: hci0: command tx timeout [ 706.386336][T11413] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1261'. [ 708.708211][ T29] audit: type=1326 audit(1740474335.251:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11427 comm="syz.5.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 708.730620][ C1] vkms_vblank_simulate: vblank timer overrun [ 709.202193][ T29] audit: type=1326 audit(1740474335.251:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11427 comm="syz.5.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 709.380663][ T29] audit: type=1326 audit(1740474335.261:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11427 comm="syz.5.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 709.662544][ T29] audit: type=1326 audit(1740474335.261:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11427 comm="syz.5.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 709.787240][ T29] audit: type=1326 audit(1740474335.261:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11427 comm="syz.5.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 709.865813][ T29] audit: type=1326 audit(1740474335.261:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11427 comm="syz.5.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe03f18bad0 code=0x7ffc0000 [ 709.889411][ T29] audit: type=1326 audit(1740474335.261:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11427 comm="syz.5.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 709.912023][ T29] audit: type=1326 audit(1740474335.271:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11427 comm="syz.5.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 712.148094][T11457] syz.2.1274: attempt to access beyond end of device [ 712.148094][T11457] nbd2: rw=0, sector=1, nr_sectors = 1 limit=0 [ 712.160970][T11457] VFS: could not find a valid V7 on nbd2. [ 712.216618][ T1151] team0 (unregistering): Port device team_slave_1 removed [ 712.618211][ T1151] team0 (unregistering): Port device team_slave_0 removed [ 715.179101][T11343] chnl_net:caif_netlink_parms(): no params data found [ 715.828084][ T23] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 716.247923][ T23] usb 7-1: Using ep0 maxpacket: 32 [ 716.270108][ T23] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 716.703610][ T23] usb 7-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 716.734857][ T23] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 716.772677][ T23] usb 7-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 716.933070][T11504] syz.2.1285: attempt to access beyond end of device [ 716.933070][T11504] nbd2: rw=0, sector=1, nr_sectors = 1 limit=0 [ 716.940718][ T23] usb 7-1: Product: syz [ 716.974358][ T23] usb 7-1: Manufacturer: syz [ 716.982866][T11504] VFS: could not find a valid V7 on nbd2. [ 717.043143][T11343] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.079275][T11343] bridge0: port 1(bridge_slave_0) entered disabled state [ 717.120266][T11343] bridge_slave_0: entered allmulticast mode [ 717.567655][T11343] bridge_slave_0: entered promiscuous mode [ 717.968730][T11511] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1287'. [ 717.977653][T11511] netlink: 'syz.5.1287': attribute type 21 has an invalid length. [ 718.593307][T11343] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.723183][ T23] usb 7-1: USB disconnect, device number 11 [ 718.835133][T11343] bridge0: port 2(bridge_slave_1) entered disabled state [ 718.842518][T11343] bridge_slave_1: entered allmulticast mode [ 718.851528][T11343] bridge_slave_1: entered promiscuous mode [ 719.621795][T11343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.195779][T11343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.673477][T11536] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1294'. [ 720.973291][T11537] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1294'. [ 720.978085][T11343] team0: Port device team_slave_0 added [ 721.186934][T11343] team0: Port device team_slave_1 added [ 721.430618][T11343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 721.446670][T11343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.497115][T11343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 721.524669][T11343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 721.901485][T11343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 722.746018][T11343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 724.080036][T11343] hsr_slave_0: entered promiscuous mode [ 724.106801][T11343] hsr_slave_1: entered promiscuous mode [ 724.144239][T11343] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 724.181261][T11343] Cannot create hsr debugfs directory [ 726.825141][T11604] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 727.356646][T11602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 731.775904][T11343] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 731.802989][T11343] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 732.042913][T11343] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 732.952603][T11343] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 734.601040][T11343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 735.274097][T11343] 8021q: adding VLAN 0 to HW filter on device team0 [ 735.365617][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 735.373047][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 735.537545][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 735.544837][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 736.133161][T11681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1328'. [ 736.321812][T11681] team_slave_0: left promiscuous mode [ 736.327910][T11681] team_slave_1: left promiscuous mode [ 738.219782][T11681] team0 (unregistering): Port device team_slave_0 removed [ 738.245595][T11681] team0 (unregistering): Port device team_slave_1 removed [ 739.191597][T11343] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 740.016923][T11343] veth0_vlan: entered promiscuous mode [ 740.042980][T11343] veth1_vlan: entered promiscuous mode [ 740.517126][T11728] netlink: 'syz.6.1336': attribute type 11 has an invalid length. [ 740.525228][T11728] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1336'. [ 740.893715][T11343] veth0_macvtap: entered promiscuous mode [ 740.960865][T11343] veth1_macvtap: entered promiscuous mode [ 741.050414][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 741.109953][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.147975][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 741.188003][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.217862][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 741.258109][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.297026][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 741.323771][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.367465][T11343] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 741.436859][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.704355][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.826290][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 742.072789][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 742.107818][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 742.167897][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 742.198639][T11759] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1344'. [ 742.212336][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 742.223139][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 742.259240][T11343] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 742.345777][T11343] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 742.391721][T11343] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 742.418025][T11343] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 742.463043][T11343] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 742.690576][T11766] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1347'. [ 743.891543][ T6122] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 743.934638][ T6122] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 744.226565][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 744.268047][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 744.451398][T11779] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 746.057308][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 746.290671][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 746.500252][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 746.664084][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 746.827894][ T35] bridge_slave_1: left allmulticast mode [ 746.833607][ T35] bridge_slave_1: left promiscuous mode [ 746.846448][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 746.870992][ T35] bridge_slave_0: left allmulticast mode [ 746.876698][ T35] bridge_slave_0: left promiscuous mode [ 746.884569][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 747.313192][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 747.326956][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 747.337979][ T35] bond0 (unregistering): Released all slaves [ 747.705515][ T35] hsr_slave_0: left promiscuous mode [ 747.725586][ T35] hsr_slave_1: left promiscuous mode [ 747.746727][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 747.754295][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.766462][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 747.781590][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 747.817452][ T35] veth1_macvtap: left promiscuous mode [ 747.825518][ T35] veth0_macvtap: left promiscuous mode [ 747.842556][ T35] veth1_vlan: left promiscuous mode [ 747.851695][ T35] veth0_vlan: left promiscuous mode [ 750.377880][ T9779] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 750.651002][ T8996] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 750.661391][ T8996] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 750.674005][ T8996] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 750.683367][ T8996] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 750.694888][ T8996] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 750.702512][ T8996] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 750.737844][ T9779] usb 5-1: Using ep0 maxpacket: 32 [ 750.746513][ T9779] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 750.788200][ T9779] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 751.237823][ T9779] usb 5-1: config 0 descriptor?? [ 751.451252][ T9779] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 752.698620][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.705025][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.757907][ T8996] Bluetooth: hci0: command tx timeout [ 752.999110][ T9779] gspca_nw80x: reg_w err -71 [ 753.003971][ T9779] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 753.061578][ T9779] usb 5-1: USB disconnect, device number 16 [ 753.412501][ T35] team0 (unregistering): Port device team_slave_1 removed [ 754.044858][ T35] team0 (unregistering): Port device team_slave_0 removed [ 754.836597][T11878] overlayfs: overlapping lowerdir path [ 754.844956][ T8996] Bluetooth: hci0: command tx timeout [ 756.971158][ T8996] Bluetooth: hci0: command tx timeout [ 757.392962][ T29] audit: type=1326 audit(1740474384.011:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.6.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 757.416817][ T29] audit: type=1326 audit(1740474384.011:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.6.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 757.439675][ T29] audit: type=1326 audit(1740474384.011:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.6.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 757.464404][ T29] audit: type=1326 audit(1740474384.011:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.6.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 757.490065][ T29] audit: type=1326 audit(1740474384.011:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.6.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 757.544995][ T29] audit: type=1326 audit(1740474384.031:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.6.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f75b518bad0 code=0x7ffc0000 [ 757.600527][ T29] audit: type=1326 audit(1740474384.031:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.6.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 757.653588][ T29] audit: type=1326 audit(1740474384.031:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.6.1374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75b518d169 code=0x7ffc0000 [ 757.899015][T11861] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1365'. [ 758.998029][ T8996] Bluetooth: hci0: command tx timeout [ 759.493135][T11906] SET target dimension over the limit! [ 762.098302][T11937] program syz.4.1386 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 763.696452][T11941] Oops: general protection fault, probably for non-canonical address 0xdffffc000000002b: 0000 [#1] PREEMPT SMP KASAN PTI [ 763.709078][T11941] KASAN: null-ptr-deref in range [0x0000000000000158-0x000000000000015f] [ 763.717507][T11941] CPU: 1 UID: 0 PID: 11941 Comm: syz.2.1388 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 763.721200][T11848] chnl_net:caif_netlink_parms(): no params data found [ 763.727745][T11941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 763.727761][T11941] RIP: 0010:qca_close+0x72/0x2e0 [ 763.727796][T11941] Code: e4 77 eb f8 48 89 2c 24 42 80 7c 2d 00 00 74 08 4c 89 f7 e8 70 f9 52 f9 4d 8b 26 49 8d bc 24 5a 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 4c 89 eb 0f 85 de 01 00 00 45 0f b6 ac 24 5a [ 763.769145][T11941] RSP: 0018:ffffc90003d6fb90 EFLAGS: 00010206 [ 763.775216][T11941] RAX: 000000000000002b RBX: ffff88807aea8400 RCX: ffff888032e89e00 [ 763.783222][T11941] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000015a [ 763.791200][T11941] RBP: 1ffff1100f5d50b7 R08: ffffffff8189c813 R09: 1ffffffff28ad628 [ 763.799172][T11941] R10: dffffc0000000000 R11: ffffffff88d686b0 R12: 0000000000000000 [ 763.807139][T11941] R13: dffffc0000000000 R14: ffff88807aea85b8 R15: 0000000000000000 [ 763.815104][T11941] FS: 00005555952b8500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 763.824023][T11941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 763.830613][T11941] CR2: 00007fad4b8d7d60 CR3: 000000005e614000 CR4: 00000000003526f0 [ 763.838585][T11941] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 763.846553][T11941] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 763.854526][T11941] Call Trace: [ 763.857806][T11941] [ 763.860750][T11941] ? __die_body+0x5f/0xb0 [ 763.865091][T11941] ? die_addr+0xb0/0xe0 [ 763.869260][T11941] ? exc_general_protection+0x3dd/0x5d0 [ 763.874815][T11941] ? asm_exc_general_protection+0x26/0x30 [ 763.880539][T11941] ? __pfx_qca_close+0x10/0x10 [ 763.885304][T11941] ? enable_work+0x2e3/0x360 [ 763.889900][T11941] ? qca_close+0x72/0x2e0 [ 763.894236][T11941] hci_uart_tty_close+0x205/0x290 [ 763.899263][T11941] tty_ldisc_kill+0xa3/0x1a0 [ 763.903857][T11941] tty_ldisc_release+0x1a1/0x200 [ 763.908805][T11941] tty_release_struct+0x2b/0xe0 [ 763.913661][T11941] tty_release+0xd06/0x12c0 [ 763.918176][T11941] ? __pfx_tty_release+0x10/0x10 [ 763.923116][T11941] __fput+0x3e9/0x9f0 [ 763.927108][T11941] task_work_run+0x24f/0x310 [ 763.931699][T11941] ? _raw_spin_unlock+0x28/0x50 [ 763.936554][T11941] ? __pfx_task_work_run+0x10/0x10 [ 763.941670][T11941] ? syscall_exit_to_user_mode+0xa3/0x340 [ 763.947659][T11941] syscall_exit_to_user_mode+0x13f/0x340 [ 763.953304][T11941] do_syscall_64+0x100/0x230 [ 763.957904][T11941] ? clear_bhb_loop+0x45/0xa0 [ 763.962589][T11941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.968487][T11941] RIP: 0033:0x7fd8c4d8d169 [ 763.972901][T11941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 763.992628][T11941] RSP: 002b:00007ffc1af56e48 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 764.001048][T11941] RAX: 0000000000000000 RBX: 00007fd8c4fa7ba0 RCX: 00007fd8c4d8d169 [ 764.009019][T11941] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 764.016988][T11941] RBP: 00007fd8c4fa7ba0 R08: 0000000000000230 R09: 0000001c1af5713f [ 764.024962][T11941] R10: 00000000003ffbac R11: 0000000000000246 R12: 00000000000ba76d [ 764.032937][T11941] R13: 00007fd8c4fa6080 R14: ffffffffffffffff R15: 00007ffc1af56f60 [ 764.040921][T11941] [ 764.043940][T11941] Modules linked in: [ 764.049059][T11941] ---[ end trace 0000000000000000 ]--- [ 764.099119][T11941] RIP: 0010:qca_close+0x72/0x2e0 [ 764.104294][T11941] Code: e4 77 eb f8 48 89 2c 24 42 80 7c 2d 00 00 74 08 4c 89 f7 e8 70 f9 52 f9 4d 8b 26 49 8d bc 24 5a 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 4c 89 eb 0f 85 de 01 00 00 45 0f b6 ac 24 5a [ 764.176853][T11941] RSP: 0018:ffffc90003d6fb90 EFLAGS: 00010206 [ 764.211469][T11941] RAX: 000000000000002b RBX: ffff88807aea8400 RCX: ffff888032e89e00 [ 764.249021][T11941] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000015a [ 764.276841][T11848] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.288416][T11941] RBP: 1ffff1100f5d50b7 R08: ffffffff8189c813 R09: 1ffffffff28ad628 [ 764.296563][T11848] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.306332][T11848] bridge_slave_0: entered allmulticast mode [ 764.319157][T11848] bridge_slave_0: entered promiscuous mode [ 764.342251][T11941] R10: dffffc0000000000 R11: ffffffff88d686b0 R12: 0000000000000000 [ 764.349760][T11848] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.357408][T11848] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.364602][T11848] bridge_slave_1: entered allmulticast mode [ 764.371587][T11848] bridge_slave_1: entered promiscuous mode [ 764.380504][ T29] audit: type=1326 audit(1740474391.001:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11929 comm="syz.5.1385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 764.413359][T11941] R13: dffffc0000000000 R14: ffff88807aea85b8 R15: 0000000000000000 [ 764.430179][T11941] FS: 00005555952b8500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 764.440387][T11941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 764.451035][T11941] CR2: 000000110c2ac905 CR3: 000000005e614000 CR4: 00000000003526f0 [ 764.471042][ T29] audit: type=1326 audit(1740474391.001:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11929 comm="syz.5.1385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 764.478018][T11941] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 764.531090][ T29] audit: type=1326 audit(1740474391.001:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11929 comm="syz.5.1385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 764.531406][T11848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 764.586675][T11941] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 764.605116][ T29] audit: type=1326 audit(1740474391.001:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11929 comm="syz.5.1385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03f18d169 code=0x7ffc0000 [ 764.627846][T11941] Kernel panic - not syncing: Fatal exception [ 764.628192][T11941] Kernel Offset: disabled