last executing test programs: 25.368503101s ago: executing program 2 (id=5883): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, 0x0, 0x0) open$dir(0x0, 0x800, 0x100) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000002080)={0x0, &(0x7f0000002080)}) r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300) poll(&(0x7f00000020c0)=[{r3, 0x9012}], 0x1, 0x0) read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0x2020) bpf$PROG_LOAD(0x5, &(0x7f0000004180)={0x8, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000030000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000022c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b7040000000000008500000001"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r6, 0x0, 0x2}, 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) 22.766896017s ago: executing program 2 (id=5886): r0 = syz_open_procfs(0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x8000000, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x4) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000040)=0x32) socket$inet_udplite(0x2, 0x2, 0x88) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r7}, 0x18) syz_open_procfs(0x0, 0x0) connect$pppl2tp(r6, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendfile(r0, r0, &(0x7f0000000000)=0x2eb4, 0x2000007ff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x214, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xd8}]}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x1cc, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x1b4, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x180, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x149, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bfb320865cee27f05adfbc7dae04880a34e7bf775010128401ec5a80f551da79136f2a4ff74f3588c03c976e1c54366c6747dbbdd2e1e0d6da659b84a2ea14191b4223d2b6eeb465498ad518ee2114b5e4ab0d52289fe809788321e04d9b1d9f82a03fbb49229585f49ce943954da5ad28e25a9ba91b24d4c96612e2188dd3fa1dea6994033514d8f93add809a6ee955d65ac8c2ae97714a5c600000ddb671382ebf29bf9b3697264083e1c85729597a3ff8fed60b904846b3d3955fa8fb80d13071a6350787c602901f51cad731448dd41993df7ef9f434d1a4533587161592c6fe94ead92d1abe8db622fe41bdfc9e7e77e622e4cd9daf9cf848a0fdb789c422158c377c9481151ac442477a553fa8408e0c0d9fd0e900e4fadb2f93af46bde3ccb18564953d5e13bb0d30"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0x214}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r8 = socket(0x10, 0x803, 0x0) syz_io_uring_setup(0x7125, &(0x7f0000000300)={0x0, 0x9ea8, 0x10000, 0x8, 0x326, 0x0, r0}, &(0x7f0000000540), &(0x7f0000000580)) sendto(r8, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) 20.996450158s ago: executing program 2 (id=5889): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, 0x0, &(0x7f0000000380)) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100000000000000000100000209000b0073797a31000000000900010073797a300000000008000a4000000004d4010000020a05"], 0x250}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r7 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x5) dup(r7) 19.46898057s ago: executing program 2 (id=5891): socket(0x1, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000010000009500200c00"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2}, 0x94) openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) r5 = socket$kcm(0x23, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89ef, 0x0) r6 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x3232, 0x100, 0x0, 0x3de}, &(0x7f0000000040), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_FILES(r6, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) socket(0x200000000000011, 0x2, 0x0) sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100626174616476000004000280", @ANYRES32], 0x3c}}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000840)={r4, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c) 17.432471757s ago: executing program 2 (id=5895): move_pages(0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0)=[0xa7], 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket(0xa, 0x3, 0x3a) openat$ppp(0xffffffffffffff9c, 0x0, 0xc8902, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r0, 0x80044dff, &(0x7f00000003c0)) bind$packet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000280)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20) preadv(r5, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x2, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x0, 0x96, 0xd1, 0xca}}]}}]}}, 0x0) read$FUSE(r5, &(0x7f0000005b80)={0x2020}, 0x2020) ioctl$BTRFS_IOC_ADD_DEV(r4, 0xff08, 0x0) r6 = gettid() r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0) write$rfkill(r7, 0x0, 0x0) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, &(0x7f0000000000)='\x00', 0x1) write$rfkill(r7, &(0x7f0000000340)={0x53, 0x8, 0x0, 0x1, 0xcc}, 0x8) timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) 16.229545037s ago: executing program 3 (id=5896): syz_open_dev$vbi(&(0x7f0000000140), 0x0, 0x2) signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) gettid() socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r2, 0x0, 0x0, 0x200) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x2042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019100)) r3 = timerfd_create(0x0, 0x0) timerfd_settime(r3, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) readv(r3, &(0x7f0000000000)=[{0x0}], 0x1) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) r6 = syz_clone(0x12800100, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r6, 0x39) syz_clone3(&(0x7f00000004c0)={0x80000, 0x0, 0x0, &(0x7f0000000300), {0x15}, 0x0, 0x0, &(0x7f00000003c0)=""/172, 0x0}, 0x58) r7 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r8}) syz_emit_ethernet(0x82, &(0x7f0000000040)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x80}, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, '\x00', 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0) syz_emit_ethernet(0x5e, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 16.207623386s ago: executing program 1 (id=5897): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, 0x0, &(0x7f0000000380)) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100000000000000000100000209000b0073797a31000000000900010073797a300000000008000a4000000004d4010000020a05"], 0x250}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r7 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x5) dup(r7) 15.860816028s ago: executing program 4 (id=5898): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x8000000, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x4) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000040)=0x32) socket$inet_udplite(0x2, 0x2, 0x88) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r7}, 0x18) syz_open_procfs(0x0, 0x0) connect$pppl2tp(r6, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendfile(r0, r0, &(0x7f0000000000)=0x2eb4, 0x2000007ff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x214, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xd8}]}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x1cc, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x1b4, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x180, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x149, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bfb320865cee27f05adfbc7dae04880a34e7bf775010128401ec5a80f551da79136f2a4ff74f3588c03c976e1c54366c6747dbbdd2e1e0d6da659b84a2ea14191b4223d2b6eeb465498ad518ee2114b5e4ab0d52289fe809788321e04d9b1d9f82a03fbb49229585f49ce943954da5ad28e25a9ba91b24d4c96612e2188dd3fa1dea6994033514d8f93add809a6ee955d65ac8c2ae97714a5c600000ddb671382ebf29bf9b3697264083e1c85729597a3ff8fed60b904846b3d3955fa8fb80d13071a6350787c602901f51cad731448dd41993df7ef9f434d1a4533587161592c6fe94ead92d1abe8db622fe41bdfc9e7e77e622e4cd9daf9cf848a0fdb789c422158c377c9481151ac442477a553fa8408e0c0d9fd0e900e4fadb2f93af46bde3ccb18564953d5e13bb0d30"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0x214}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r8 = socket(0x10, 0x803, 0x0) syz_io_uring_setup(0x7125, &(0x7f0000000300)={0x0, 0x9ea8, 0x10000, 0x8, 0x326, 0x0, r0}, &(0x7f0000000540), &(0x7f0000000580)) sendto(r8, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) 14.475543674s ago: executing program 3 (id=5899): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, 0x0, &(0x7f0000000380)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100000000000000000100000209000b0073797a31000000000900010073797a300000000008000a4000000004d4010000020a05"], 0x250}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r7 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x5) dup(r7) 14.374048031s ago: executing program 2 (id=5900): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r5 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r5, &(0x7f00000032c0), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000480)={0xb8, 0x0, &(0x7f0000000380)=[@request_death={0x400c630e, 0x1}, @enter_looper, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x1100}, @fda={0x66646185, 0x5, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000000)=""/98, 0x62, 0x0, 0x24}}, &(0x7f0000000180)={0x0, 0x18, 0x38}}, 0x400}, @register_looper, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f00000002c0)={@fda={0x66646185, 0x2, 0x2, 0x18}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/209, 0xd1, 0x1, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000540)=""/4096, 0x1000, 0x0, 0x28}}, &(0x7f0000000340)={0x0, 0x20, 0x48}}, 0x40}], 0x6, 0x0, &(0x7f0000000440)="553fc696f4b1"}) r6 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$printer(r6, 0x0, &(0x7f0000000780)={0xfc78, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x1, 0x1, 0x1}, 0x0}) syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r7, 0x5b03, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x74}}, 0x0) 14.349720096s ago: executing program 1 (id=5901): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x60}, 0x1, 0x0, 0x0, 0xc0c0}, 0x0) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r4, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r4, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) 14.267644882s ago: executing program 4 (id=5902): syz_open_dev$vbi(&(0x7f0000000140), 0x0, 0x2) signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) gettid() socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r2, 0x0, 0x0, 0x200) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x2042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019100)) r3 = timerfd_create(0x0, 0x0) timerfd_settime(r3, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) readv(r3, &(0x7f0000000000)=[{0x0}], 0x1) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) r6 = syz_clone(0x12800100, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r6, 0x39) syz_clone3(&(0x7f00000004c0)={0x80000, 0x0, 0x0, &(0x7f0000000300), {0x15}, 0x0, 0x0, &(0x7f00000003c0)=""/172, 0x0}, 0x58) r7 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r8}) syz_emit_ethernet(0x82, &(0x7f0000000040)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x80}, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, '\x00', 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0) syz_emit_ethernet(0x5e, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 12.537866635s ago: executing program 4 (id=5903): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r2, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001180)=""/4096, 0x1000}, {0x0}], 0x2, &(0x7f00000004c0)=""/193, 0xc1}, 0x7f}, {{&(0x7f00000005c0)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/127, 0x7f}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x2, 0x40012100, 0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x8001}, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r7}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) setrlimit(0x9, &(0x7f00000001c0)={0x5, 0xdbc}) 12.000539369s ago: executing program 0 (id=5865): syz_open_dev$vbi(&(0x7f0000000140), 0x0, 0x2) signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) gettid() socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r2, 0x0, 0x0, 0x200) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x2042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019100)) r3 = timerfd_create(0x0, 0x0) timerfd_settime(r3, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) readv(r3, &(0x7f0000000000)=[{0x0}], 0x1) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) r6 = syz_clone(0x12800100, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r6, 0x39) syz_clone3(&(0x7f00000004c0)={0x80000, 0x0, 0x0, &(0x7f0000000300), {0x15}, 0x0, 0x0, &(0x7f00000003c0)=""/172, 0x0}, 0x58) r7 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022}) syz_emit_ethernet(0x82, &(0x7f0000000040)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x80}, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, '\x00', 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0) syz_emit_ethernet(0x5e, &(0x7f00000004c0)=ANY=[], 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 11.527648574s ago: executing program 3 (id=5904): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r2, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001180)=""/4096, 0x1000}, {0x0}], 0x2, &(0x7f00000004c0)=""/193, 0xc1}, 0x7f}, {{&(0x7f00000005c0)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/127, 0x7f}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x2, 0x40012100, 0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x3a, 0x37, 0x5, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe6, 0x2, 0x2, 0x5b, 0xbd, 0x97, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r7}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) setrlimit(0x9, &(0x7f00000001c0)={0x5, 0xdbc}) 10.752742476s ago: executing program 1 (id=5905): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000280)='./file0/file0\x00', &(0x7f00000000c0), 0x228a034, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000b00)='./file0/file0\x00', 0x48) mount$bind(&(0x7f0000000240)='./file0/file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1885006, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a0000000000000008000100010000000400"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) getrlimit(0x6, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r6, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="a0000000000101040000000000000000020000002400018014000180080001000000000008000200ac1414000c0002800500010000000000240002800c00028005000100000000001400018008000100e0000002080002000000000008000740000000003c00188008000000000000000800024000000000"], 0xa0}}, 0x0) 9.739976826s ago: executing program 0 (id=5907): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(0xffffffffffffffff, 0xffffffff80000502, 0x0, &(0x7f0000000380)) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100000000000000000100000209000b0073797a31000000000900010073797a300000000008000a4000000004d4010000020a05"], 0x250}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x5) dup(r6) 9.694791205s ago: executing program 1 (id=5908): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r5 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r5, &(0x7f00000032c0), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000480)={0xb8, 0x0, &(0x7f0000000380)=[@request_death={0x400c630e, 0x1}, @enter_looper, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x1100}, @fda={0x66646185, 0x5, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000000)=""/98, 0x62, 0x0, 0x24}}, &(0x7f0000000180)={0x0, 0x18, 0x38}}, 0x400}, @register_looper, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f00000002c0)={@fda={0x66646185, 0x2, 0x2, 0x18}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/209, 0xd1, 0x1, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000540)=""/4096, 0x1000, 0x0, 0x28}}, &(0x7f0000000340)={0x0, 0x20, 0x48}}, 0x40}], 0x6, 0x0, &(0x7f0000000440)="553fc696f4b1"}) r6 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$printer(r6, 0x0, &(0x7f0000000780)={0xfc78, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x1, 0x1, 0x1}, 0x0}) syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r7, 0x5b03, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, 0x0, 0x0) 7.838278203s ago: executing program 4 (id=5909): syz_open_dev$vbi(&(0x7f0000000140), 0x0, 0x2) signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) gettid() socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r2, 0x0, 0x0, 0x200) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x2042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019100)) r3 = timerfd_create(0x0, 0x0) timerfd_settime(r3, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) readv(r3, &(0x7f0000000000)=[{0x0}], 0x1) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) r6 = syz_clone(0x12800100, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r6, 0x39) syz_clone3(&(0x7f00000004c0)={0x80000, 0x0, 0x0, &(0x7f0000000300), {0x15}, 0x0, 0x0, &(0x7f00000003c0)=""/172, 0x0}, 0x58) r7 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r8}) syz_emit_ethernet(0x82, &(0x7f0000000040)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x80}, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, '\x00', 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0) syz_emit_ethernet(0x5e, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 6.844705455s ago: executing program 3 (id=5910): r0 = syz_open_procfs(0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x8000000, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x4) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000040)=0x32) socket$inet_udplite(0x2, 0x2, 0x88) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r7}, 0x18) syz_open_procfs(0x0, 0x0) connect$pppl2tp(r6, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendfile(r0, r0, &(0x7f0000000000)=0x2eb4, 0x2000007ff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x214, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xd8}]}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x1cc, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x1b4, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x180, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x149, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bfb320865cee27f05adfbc7dae04880a34e7bf775010128401ec5a80f551da79136f2a4ff74f3588c03c976e1c54366c6747dbbdd2e1e0d6da659b84a2ea14191b4223d2b6eeb465498ad518ee2114b5e4ab0d52289fe809788321e04d9b1d9f82a03fbb49229585f49ce943954da5ad28e25a9ba91b24d4c96612e2188dd3fa1dea6994033514d8f93add809a6ee955d65ac8c2ae97714a5c600000ddb671382ebf29bf9b3697264083e1c85729597a3ff8fed60b904846b3d3955fa8fb80d13071a6350787c602901f51cad731448dd41993df7ef9f434d1a4533587161592c6fe94ead92d1abe8db622fe41bdfc9e7e77e622e4cd9daf9cf848a0fdb789c422158c377c9481151ac442477a553fa8408e0c0d9fd0e900e4fadb2f93af46bde3ccb18564953d5e13bb0d30"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0x214}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r8 = socket(0x10, 0x803, 0x0) syz_io_uring_setup(0x7125, &(0x7f0000000300)={0x0, 0x9ea8, 0x10000, 0x8, 0x326, 0x0, r0}, &(0x7f0000000540), &(0x7f0000000580)) sendto(r8, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) 6.398218614s ago: executing program 0 (id=5911): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, 0x0, 0x0) open$dir(0x0, 0x800, 0x100) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000002080)={0x0, &(0x7f0000002080)}) r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300) poll(&(0x7f00000020c0)=[{r3, 0x9012}], 0x1, 0x0) read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0x2020) bpf$PROG_LOAD(0x5, &(0x7f0000004180)={0x8, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000030000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000022c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b7040000000000008500000001"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r6, 0x0, 0x2}, 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) 6.194182791s ago: executing program 4 (id=5912): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r2, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001180)=""/4096, 0x1000}, {0x0}], 0x2, &(0x7f00000004c0)=""/193, 0xc1}, 0x7f}, {{&(0x7f00000005c0)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/127, 0x7f}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x2, 0x40012100, 0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x3a, 0x37, 0x5, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe6, 0x2, 0x1, 0x5b, 0xbd, 0x97, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}]}}]}}]}}, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x8001}, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r7}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) setrlimit(0x9, &(0x7f00000001c0)={0x5, 0xdbc}) 4.834434252s ago: executing program 0 (id=5913): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000180)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x60}, 0x1, 0x0, 0x0, 0xc0c0}, 0x0) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r4, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r4, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) 4.427130753s ago: executing program 1 (id=5914): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, 0x0, 0x0) open$dir(0x0, 0x800, 0x100) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000002080)={0x0, &(0x7f0000002080)}) r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300) poll(&(0x7f00000020c0)=[{r3, 0x9012}], 0x1, 0x0) read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0x2020) bpf$PROG_LOAD(0x5, &(0x7f0000004180)={0x8, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000030000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000022c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r6, 0x0, 0x2}, 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) 4.137370351s ago: executing program 3 (id=5915): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000180)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x60}, 0x1, 0x0, 0x0, 0xc0c0}, 0x0) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r4, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r4, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) 3.133984361s ago: executing program 4 (id=5916): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r5 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r5, &(0x7f00000032c0), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000480)={0xb8, 0x0, &(0x7f0000000380)=[@request_death={0x400c630e, 0x1}, @enter_looper, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x1100}, @fda={0x66646185, 0x5, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000000)=""/98, 0x62, 0x0, 0x24}}, &(0x7f0000000180)={0x0, 0x18, 0x38}}, 0x400}, @register_looper, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f00000002c0)={@fda={0x66646185, 0x2, 0x2, 0x18}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/209, 0xd1, 0x1, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000540)=""/4096, 0x1000, 0x0, 0x28}}, &(0x7f0000000340)={0x0, 0x20, 0x48}}, 0x40}], 0x6, 0x0, &(0x7f0000000440)="553fc696f4b1"}) r6 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$printer(r6, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r7, 0x5b03, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c000280080005000100000014000700000000000000000500000000"], 0x74}}, 0x0) 1.938972256s ago: executing program 0 (id=5917): socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(0xffffffffffffffff, 0xffffffff80000502, 0x0, &(0x7f0000000380)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100000000000000000100000209000b0073797a31000000000900010073797a300000000008000a4000000004d4010000020a05"], 0x250}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x5) dup(r6) 1.329789064s ago: executing program 3 (id=5918): r0 = syz_open_procfs(0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x8000000, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x4) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000040)=0x32) socket$inet_udplite(0x2, 0x2, 0x88) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r7}, 0x18) syz_open_procfs(0x0, 0x0) connect$pppl2tp(r6, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendfile(r0, r0, &(0x7f0000000000)=0x2eb4, 0x2000007ff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x214, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xd8}]}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x1cc, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x1b4, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x180, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x149, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bfb320865cee27f05adfbc7dae04880a34e7bf775010128401ec5a80f551da79136f2a4ff74f3588c03c976e1c54366c6747dbbdd2e1e0d6da659b84a2ea14191b4223d2b6eeb465498ad518ee2114b5e4ab0d52289fe809788321e04d9b1d9f82a03fbb49229585f49ce943954da5ad28e25a9ba91b24d4c96612e2188dd3fa1dea6994033514d8f93add809a6ee955d65ac8c2ae97714a5c600000ddb671382ebf29bf9b3697264083e1c85729597a3ff8fed60b904846b3d3955fa8fb80d13071a6350787c602901f51cad731448dd41993df7ef9f434d1a4533587161592c6fe94ead92d1abe8db622fe41bdfc9e7e77e622e4cd9daf9cf848a0fdb789c422158c377c9481151ac442477a553fa8408e0c0d9fd0e900e4fadb2f93af46bde3ccb18564953d5e13bb0d30"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0x214}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r8 = socket(0x10, 0x803, 0x0) syz_io_uring_setup(0x7125, &(0x7f0000000300)={0x0, 0x9ea8, 0x10000, 0x8, 0x326, 0x0, r0}, &(0x7f0000000540), &(0x7f0000000580)) sendto(r8, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) 534.127969ms ago: executing program 0 (id=5919): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(0xffffffffffffffff, 0xffffffff80000502, 0x0, &(0x7f0000000380)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100000000000000000100000209000b0073797a31000000000900010073797a300000000008000a4000000004d4010000020a05"], 0x250}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x5) dup(r6) 0s ago: executing program 1 (id=5920): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000001c0)=ANY=[], 0xd0060) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f00000003c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x15) recvmmsg(r4, &(0x7f0000007e00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe2$9p(&(0x7f00000001c0), 0x0) writev(r4, &(0x7f0000000140)=[{&(0x7f0000000000)="3900000013000b4700bb65e1c3e4ffff0100000035000000560000022500000019000a00100000ad07fd17e5ffff080c38000000000000000a", 0x39}], 0xc) kernel console output (not intermixed with test programs): netlink: 'syz.4.4942': attribute type 5 has an invalid length. [ 970.105031][T21571] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4942'. [ 971.108413][T21583] netlink: 'syz.0.4943': attribute type 4 has an invalid length. [ 971.512396][ T43] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 971.869630][ T43] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 971.893777][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 971.951126][ T43] usb 4-1: Product: syz [ 971.977149][ T43] usb 4-1: Manufacturer: syz [ 971.994459][ T43] usb 4-1: SerialNumber: syz [ 972.075936][ T43] usb 4-1: config 0 descriptor?? [ 972.323087][ T43] ttusb_dec_send_command: command bulk message failed: error -22 [ 972.340304][ T43] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22 [ 972.412140][T21601] siw: device registration error -23 [ 972.572118][T21584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 972.591327][T21584] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 973.047371][ T43] usb 4-1: USB disconnect, device number 108 [ 973.222754][T21614] netlink: 'syz.4.4953': attribute type 4 has an invalid length. [ 976.872308][T21366] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 977.556386][T21366] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 977.585787][T21366] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 977.726533][T21366] usb 4-1: Product: syz [ 977.730764][T21366] usb 4-1: Manufacturer: syz [ 977.737443][T21366] usb 4-1: SerialNumber: syz [ 977.746503][T21366] usb 4-1: config 0 descriptor?? [ 977.771828][T21366] ttusb_dec_send_command: command bulk message failed: error -22 [ 978.039571][T21366] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22 [ 978.180943][T21638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 978.212616][T21638] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 978.392193][T21366] usb 4-1: USB disconnect, device number 109 [ 980.444837][T21697] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 980.644707][ T67] Bluetooth: hci4: Frame reassembly failed (-84) [ 980.717476][T21703] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 982.691882][T19048] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 983.387553][T21729] 8021q: adding VLAN 0 to HW filter on device bond3 [ 986.491220][T21770] siw: device registration error -23 [ 986.519387][T21762] netlink: 'syz.1.4982': attribute type 4 has an invalid length. [ 987.127950][T21785] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 987.173933][ T3506] Bluetooth: hci4: Frame reassembly failed (-84) [ 989.242162][T19048] Bluetooth: hci4: command 0x1003 tx timeout [ 989.242213][ T5861] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 990.952518][T21828] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4996'. [ 992.858351][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.867180][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.752199][ T43] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 993.985888][ T43] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 994.006932][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 994.028335][ T43] usb 4-1: Product: syz [ 994.038487][ T43] usb 4-1: Manufacturer: syz [ 994.043495][ T43] usb 4-1: SerialNumber: syz [ 994.058638][ T43] usb 4-1: config 0 descriptor?? [ 994.066383][ T43] ttusb_dec_send_command: command bulk message failed: error -22 [ 994.179361][ T43] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22 [ 994.819516][T21873] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5006'. [ 995.648836][T21854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 995.722657][T21854] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 995.880736][T21366] usb 4-1: USB disconnect, device number 110 [ 997.560157][T21911] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5011'. [ 999.552575][T21929] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 999.617123][ T67] Bluetooth: hci4: Frame reassembly failed (-84) [ 1000.287368][T21933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5017'. [ 1000.296576][T21933] netlink: 'syz.4.5017': attribute type 5 has an invalid length. [ 1000.304848][T21933] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5017'. [ 1000.982311][T21947] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5021'. [ 1001.001232][T21947] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5021'. [ 1001.902693][ T5861] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1007.523201][T22010] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5031'. [ 1008.443657][T22030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5035'. [ 1008.463386][T22030] netlink: 'syz.2.5035': attribute type 5 has an invalid length. [ 1008.492359][T22030] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5035'. [ 1009.105983][T22043] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5039'. [ 1009.141383][T22043] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5039'. [ 1011.112106][ T5855] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 1011.532179][ T5855] usb 4-1: Using ep0 maxpacket: 8 [ 1011.540650][ T5855] usb 4-1: config 0 has no interfaces? [ 1011.548014][ T5855] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1011.560803][ T5855] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1011.583443][ T5855] usb 4-1: config 0 descriptor?? [ 1013.261667][T22092] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5047'. [ 1013.270862][T22092] netlink: 'syz.1.5047': attribute type 5 has an invalid length. [ 1013.283141][T22092] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5047'. [ 1013.833658][T21366] usb 4-1: USB disconnect, device number 111 [ 1014.221122][T22107] netlink: 'syz.3.5049': attribute type 4 has an invalid length. [ 1018.378320][T22156] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1018.641491][T22159] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5059'. [ 1019.246265][T22161] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5061'. [ 1019.429038][T22169] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1019.667746][ T3506] Bluetooth: hci4: Frame reassembly failed (-84) [ 1020.268347][T22180] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5066'. [ 1020.491023][T22180] netlink: 'syz.2.5066': attribute type 5 has an invalid length. [ 1020.612337][T22180] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5066'. [ 1021.682445][T19048] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1023.501856][T22219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5073'. [ 1023.851224][T22219] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5073'. [ 1023.860193][T22219] netlink: 'syz.1.5073': attribute type 5 has an invalid length. [ 1023.868026][T22219] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5073'. [ 1025.861332][T22237] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5077'. [ 1029.235770][T22280] netlink: 'syz.4.5084': attribute type 4 has an invalid length. [ 1030.167753][T22294] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5087'. [ 1030.374000][T22297] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1030.834696][ T5920] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 1031.056029][ T5920] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 1031.065296][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1031.081389][ T5920] usb 4-1: Product: syz [ 1031.094055][ T5920] usb 4-1: Manufacturer: syz [ 1031.098721][ T5920] usb 4-1: SerialNumber: syz [ 1031.123491][ T5920] usb 4-1: config 0 descriptor?? [ 1031.148374][ T5920] ttusb_dec_send_command: command bulk message failed: error -22 [ 1031.180641][ T5920] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22 [ 1032.416104][T22277] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1032.436436][T22277] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1032.941031][ T24] usb 4-1: USB disconnect, device number 112 [ 1033.031294][T22315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5091'. [ 1033.040832][T22315] netlink: 'syz.2.5091': attribute type 5 has an invalid length. [ 1033.050379][T22315] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5091'. [ 1033.514236][T22324] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5095'. [ 1033.523341][T22324] netlink: 'syz.0.5095': attribute type 5 has an invalid length. [ 1033.531096][T22324] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5095'. [ 1033.845735][T22337] netlink: 'syz.4.5096': attribute type 4 has an invalid length. [ 1034.208626][T22340] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1034.318825][ T67] Bluetooth: hci4: Frame reassembly failed (-84) [ 1036.401838][T19048] Bluetooth: hci4: command 0x1003 tx timeout [ 1036.443127][ T5861] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1040.651509][T22393] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5108'. [ 1040.920753][T22390] netlink: 'syz.0.5109': attribute type 4 has an invalid length. [ 1041.042121][ T5920] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 1041.236605][T22405] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5111'. [ 1041.294288][ T5920] usb 4-1: Using ep0 maxpacket: 8 [ 1041.336939][ T5920] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1041.364553][ T5920] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1042.016969][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1042.027300][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1042.037719][ T5920] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1042.056160][ T5920] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1042.323407][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1042.926714][ T5920] usb 4-1: usb_control_msg returned -32 [ 1043.548488][ T5920] usbtmc 4-1:16.0: can't read capabilities [ 1044.139350][ T5920] usb 4-1: USB disconnect, device number 113 [ 1045.483809][T22447] netlink: 'syz.1.5118': attribute type 4 has an invalid length. [ 1047.002086][ T24] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 1047.035249][T22462] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5123'. [ 1047.341860][T22462] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5123'. [ 1047.361465][T22462] netlink: 'syz.4.5123': attribute type 5 has an invalid length. [ 1047.369337][T22462] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5123'. [ 1047.445414][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 1047.508009][ T24] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1047.562095][ T24] usb 4-1: config 0 has no interface number 0 [ 1047.612935][ T24] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1047.734727][ T24] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1047.859301][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1047.943639][ T24] usb 4-1: Product: syz [ 1047.950907][ T24] usb 4-1: Manufacturer: syz [ 1047.957413][ T24] usb 4-1: SerialNumber: syz [ 1047.986642][ T24] usb 4-1: config 0 descriptor?? [ 1048.008293][ T24] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1048.033431][ T24] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1050.696002][ T24] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1050.784991][ T24] usb 4-1: USB disconnect, device number 114 [ 1051.653847][ T24] usb 4-1: new high-speed USB device number 115 using dummy_hcd [ 1052.252299][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 1052.373309][ T24] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1052.457933][T22516] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5134'. [ 1052.516285][ T24] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1052.566614][ T24] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1052.634279][ T24] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1052.694681][ T24] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1052.709536][ T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1052.734720][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1053.273249][ T24] usb 4-1: usb_control_msg returned -32 [ 1053.278827][ T24] usbtmc 4-1:16.0: can't read capabilities [ 1054.315198][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.323106][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.563750][T22500] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1054.570130][T22498] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5130'. [ 1054.615279][T22498] netlink: 'syz.3.5130': attribute type 5 has an invalid length. [ 1054.625351][T22498] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5130'. [ 1055.093420][T22546] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1055.306850][T22551] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5141'. [ 1055.966549][ T5920] usb 4-1: USB disconnect, device number 115 [ 1056.393291][T22564] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1058.326606][T22582] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5149'. [ 1058.497033][T22579] netlink: 'syz.1.5148': attribute type 4 has an invalid length. [ 1060.038625][ T9] usb 4-1: new high-speed USB device number 116 using dummy_hcd [ 1060.184306][T22601] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5150'. [ 1060.214878][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1060.222815][ T9] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1060.249392][ T9] usb 4-1: config 0 has no interface number 0 [ 1060.268622][ T9] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1060.789242][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1060.805737][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1060.841690][ T9] usb 4-1: Product: syz [ 1060.937355][ T9] usb 4-1: Manufacturer: syz [ 1060.962241][ T9] usb 4-1: SerialNumber: syz [ 1060.974841][ T9] usb 4-1: config 0 descriptor?? [ 1061.003377][ T9] smsc75xx v1.0.0 [ 1061.512899][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1061.528311][ T9] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -22 [ 1063.015871][T21366] usb 4-1: USB disconnect, device number 116 [ 1063.365294][T22633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5161'. [ 1063.652097][T21366] usb 4-1: new high-speed USB device number 117 using dummy_hcd [ 1063.817173][T21366] usb 4-1: Using ep0 maxpacket: 8 [ 1064.003318][T21366] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1064.031730][T21366] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1064.301648][T21366] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1064.312167][T21366] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1064.335903][T21366] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1064.367204][T21366] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1064.792629][T21366] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1064.803986][T22637] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5162'. [ 1064.991237][T22637] netlink: 'syz.0.5162': attribute type 5 has an invalid length. [ 1065.272021][T22637] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5162'. [ 1065.432043][T21366] usb 4-1: usb_control_msg returned -32 [ 1065.461990][T21366] usbtmc 4-1:16.0: can't read capabilities [ 1065.998066][T22664] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1066.012099][T22665] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5167'. [ 1066.025317][T22665] netlink: 'syz.2.5167': attribute type 5 has an invalid length. [ 1066.033114][T22665] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5167'. [ 1066.781603][T22633] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5161'. [ 1066.792495][T22633] netlink: 'syz.3.5161': attribute type 5 has an invalid length. [ 1066.794440][T22632] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1066.800233][T22633] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5161'. [ 1067.292388][T22684] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5171'. [ 1067.863920][T22691] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1068.018793][T22695] netlink: 'syz.1.5174': attribute type 4 has an invalid length. [ 1068.092613][T21366] usb 4-1: USB disconnect, device number 117 [ 1068.613421][T22704] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5176'. [ 1069.192236][T22705] netlink: 'syz.2.5175': attribute type 4 has an invalid length. [ 1074.034597][T22763] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5186'. [ 1074.201513][T22765] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5188'. [ 1074.642105][ T5920] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 1075.233210][ T5920] usb 4-1: Using ep0 maxpacket: 8 [ 1075.257059][ T5920] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1075.265752][ T5920] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1075.736844][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1075.784503][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1075.794941][ T5920] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1076.052060][ T5920] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1076.061278][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1076.458600][ T5920] usb 4-1: usb_control_msg returned -32 [ 1076.464567][ T5920] usbtmc 4-1:16.0: can't read capabilities [ 1077.156844][T22800] netlink: 'syz.2.5193': attribute type 4 has an invalid length. [ 1077.567118][ T5855] usb 4-1: USB disconnect, device number 118 [ 1078.081457][T22812] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5195'. [ 1078.296928][T22817] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5197'. [ 1078.386495][T22819] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5195'. [ 1078.409138][T22819] netlink: 'syz.0.5195': attribute type 5 has an invalid length. [ 1078.482997][T22819] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5195'. [ 1080.500851][T22837] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1080.562067][T22847] netlink: 'syz.2.5202': attribute type 4 has an invalid length. [ 1082.566202][T22866] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5205'. [ 1083.629478][T22876] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5207'. [ 1084.480627][T22892] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5212'. [ 1084.698279][T22892] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5212'. [ 1084.707352][T22892] netlink: 'syz.1.5212': attribute type 5 has an invalid length. [ 1084.715143][T22892] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5212'. [ 1086.751155][T22907] netlink: 'syz.3.5214': attribute type 4 has an invalid length. [ 1087.323260][T22915] netlink: 'syz.4.5216': attribute type 4 has an invalid length. [ 1088.426607][T22925] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5218'. [ 1092.182032][T14794] usb 4-1: new high-speed USB device number 119 using dummy_hcd [ 1092.345890][T14794] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 1092.355132][T14794] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1092.392882][T14794] usb 4-1: Product: syz [ 1092.415915][T14794] usb 4-1: Manufacturer: syz [ 1092.435085][T14794] usb 4-1: SerialNumber: syz [ 1092.459223][T14794] usb 4-1: config 0 descriptor?? [ 1092.544614][T14794] ttusb_dec_send_command: command bulk message failed: error -22 [ 1092.562885][T14794] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22 [ 1092.845790][T22959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1092.912425][T22959] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1092.929038][T12987] usb 4-1: USB disconnect, device number 119 [ 1093.584145][T22987] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5232'. [ 1094.980558][ T9] usb 4-1: new high-speed USB device number 120 using dummy_hcd [ 1095.175114][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1095.191363][ T9] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1095.339170][ T9] usb 4-1: config 0 has no interface number 0 [ 1095.371816][ T9] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1095.767624][ T9] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1095.970462][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1096.142414][ T9] usb 4-1: Product: syz [ 1096.295160][ T9] usb 4-1: Manufacturer: syz [ 1096.306238][ T9] usb 4-1: SerialNumber: syz [ 1096.349204][ T9] usb 4-1: config 0 descriptor?? [ 1096.407069][ T9] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1096.557915][ T9] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1098.539715][ T9] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1098.551554][T23040] netlink: 'syz.0.5243': attribute type 4 has an invalid length. [ 1098.603179][T23047] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5244'. [ 1099.069706][ T9] usb 4-1: USB disconnect, device number 120 [ 1099.812016][ T9] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 1099.884546][T23062] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5248'. [ 1100.134193][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 1100.229589][T23063] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5248'. [ 1100.238732][T23063] netlink: 'syz.0.5248': attribute type 5 has an invalid length. [ 1100.258701][T23063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5248'. [ 1100.499190][ T9] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1100.509110][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1100.529785][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1100.543309][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1100.713631][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1100.746715][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1100.760305][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1100.998788][ T9] usb 4-1: usb_control_msg returned -32 [ 1101.004748][ T9] usbtmc 4-1:16.0: can't read capabilities [ 1101.031894][T23070] netlink: 'syz.2.5249': attribute type 4 has an invalid length. [ 1101.998141][T23074] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5244'. [ 1102.008647][T23074] netlink: 'syz.3.5244': attribute type 5 has an invalid length. [ 1102.017301][T23074] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5244'. [ 1102.057693][T23045] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1102.116593][T23079] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1103.157126][T23092] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5252'. [ 1103.196617][T14794] usb 4-1: USB disconnect, device number 121 [ 1103.644417][T23108] netlink: 'syz.3.5256': attribute type 4 has an invalid length. [ 1105.792067][ T9] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 1106.225853][ T9] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 1106.235722][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1106.244282][ T9] usb 4-1: Product: syz [ 1106.248646][ T9] usb 4-1: Manufacturer: syz [ 1106.257061][ T9] usb 4-1: SerialNumber: syz [ 1106.265956][ T9] usb 4-1: config 0 descriptor?? [ 1106.285997][ T9] ttusb_dec_send_command: command bulk message failed: error -22 [ 1106.300255][ T9] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22 [ 1106.674386][T23119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1106.697675][T23119] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1106.735401][ T9] usb 4-1: USB disconnect, device number 122 [ 1107.636527][T23147] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5264'. [ 1108.445773][T23154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5266'. [ 1108.630981][T23154] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5266'. [ 1108.639948][T23154] netlink: 'syz.2.5266': attribute type 5 has an invalid length. [ 1108.647744][T23154] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5266'. [ 1109.454298][ T9] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 1109.532793][T23167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5269'. [ 1109.904901][T23167] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5269'. [ 1109.942247][T23167] netlink: 'syz.1.5269': attribute type 5 has an invalid length. [ 1109.950209][T23167] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5269'. [ 1110.022138][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1110.029657][ T9] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1110.040944][ T9] usb 4-1: config 0 has no interface number 0 [ 1110.048046][ T9] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1110.098418][ T9] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1110.128446][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1110.175399][T23172] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1110.401186][ T9] usb 4-1: Product: syz [ 1110.419054][ T9] usb 4-1: Manufacturer: syz [ 1110.442417][ T9] usb 4-1: SerialNumber: syz [ 1110.501402][ T9] usb 4-1: config 0 descriptor?? [ 1110.529339][ T9] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1110.554389][ T9] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1110.744275][T23180] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5272'. [ 1110.950099][T23180] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5272'. [ 1110.959127][T23180] netlink: 'syz.4.5272': attribute type 5 has an invalid length. [ 1110.966955][T23180] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5272'. [ 1113.415004][ T9] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1113.465550][ T9] usb 4-1: USB disconnect, device number 123 [ 1113.612132][T23216] __nla_validate_parse: 1 callbacks suppressed [ 1113.612155][T23216] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5278'. [ 1113.630402][T23216] netlink: 'syz.0.5278': attribute type 5 has an invalid length. [ 1113.639958][T23216] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5278'. [ 1114.254277][T23222] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5280'. [ 1115.734844][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.741195][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.110554][T23243] netlink: 'syz.2.5283': attribute type 4 has an invalid length. [ 1117.272023][ T5920] usb 4-1: new high-speed USB device number 124 using dummy_hcd [ 1117.436085][ T5920] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 1117.445729][T23255] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5287'. [ 1117.455263][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1117.482614][ T5920] usb 4-1: Product: syz [ 1117.492373][ T5920] usb 4-1: Manufacturer: syz [ 1117.507227][ T5920] usb 4-1: SerialNumber: syz [ 1117.536742][ T5920] usb 4-1: config 0 descriptor?? [ 1117.554166][ T5920] ttusb_dec_send_command: command bulk message failed: error -22 [ 1117.566630][ T5920] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22 [ 1117.842645][T23260] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5287'. [ 1117.851779][T23260] netlink: 'syz.0.5287': attribute type 5 has an invalid length. [ 1117.867225][T23260] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5287'. [ 1118.390937][T23247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1118.525843][T23266] netlink: 'syz.4.5289': attribute type 4 has an invalid length. [ 1118.567240][T23247] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1118.655836][ T9] usb 4-1: USB disconnect, device number 124 [ 1119.988341][ T54] Bluetooth: hci4: Frame reassembly failed (-84) [ 1120.057460][T23282] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1120.337475][T23290] netlink: 'syz.4.5293': attribute type 4 has an invalid length. [ 1120.728491][T23297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5296'. [ 1120.972707][T23297] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5296'. [ 1120.981698][T23297] netlink: 'syz.0.5296': attribute type 5 has an invalid length. [ 1120.989497][T23297] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5296'. [ 1122.045799][T19048] Bluetooth: hci4: command 0x1003 tx timeout [ 1122.054736][ T5861] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1124.166441][T23333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5302'. [ 1124.908259][T23333] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5302'. [ 1124.917229][T23333] netlink: 'syz.0.5302': attribute type 5 has an invalid length. [ 1124.925168][T23333] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5302'. [ 1125.608404][T23337] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1126.164968][T23346] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5305'. [ 1126.703435][T23352] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5306'. [ 1126.939370][T23352] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5306'. [ 1126.948372][T23352] netlink: 'syz.4.5306': attribute type 5 has an invalid length. [ 1126.956187][T23352] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5306'. [ 1129.031387][T23371] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1130.370564][T23389] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5314'. [ 1131.146598][T23389] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5314'. [ 1131.205773][T23389] netlink: 'syz.2.5314': attribute type 5 has an invalid length. [ 1131.213936][T23389] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5314'. [ 1131.802068][T14794] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 1131.952124][T14794] usb 4-1: Using ep0 maxpacket: 32 [ 1131.960410][T14794] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1131.969023][T14794] usb 4-1: config 0 has no interface number 0 [ 1131.979738][T14794] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1132.000021][T14794] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1132.010774][T14794] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1132.024885][T14794] usb 4-1: Product: syz [ 1132.029144][T14794] usb 4-1: Manufacturer: syz [ 1132.037222][T14794] usb 4-1: SerialNumber: syz [ 1132.068373][T14794] usb 4-1: config 0 descriptor?? [ 1132.109748][T14794] smsc75xx v1.0.0 [ 1132.115855][T14794] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1132.170717][T14794] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -22 [ 1132.605196][T23413] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5318'. [ 1132.874837][T23413] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5318'. [ 1132.883866][T23413] netlink: 'syz.4.5318': attribute type 5 has an invalid length. [ 1132.891829][T23413] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5318'. [ 1133.737508][T23425] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5320'. [ 1134.302474][T23426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5320'. [ 1134.311484][T23426] netlink: 'syz.0.5320': attribute type 5 has an invalid length. [ 1134.326921][T23426] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5320'. [ 1134.657529][T12987] usb 4-1: USB disconnect, device number 125 [ 1134.708351][T23428] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1135.602081][T14794] usb 4-1: new high-speed USB device number 126 using dummy_hcd [ 1135.775449][T14794] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 1135.813886][T14794] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1135.830690][T14794] usb 4-1: Product: syz [ 1135.840362][T14794] usb 4-1: Manufacturer: syz [ 1135.851538][T14794] usb 4-1: SerialNumber: syz [ 1135.872548][T14794] usb 4-1: config 0 descriptor?? [ 1135.882978][T14794] ttusb_dec_send_command: command bulk message failed: error -22 [ 1135.893831][T14794] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22 [ 1136.151107][T23448] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5327'. [ 1136.170819][T23448] netlink: 'syz.2.5327': attribute type 5 has an invalid length. [ 1136.188121][T23448] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5327'. [ 1136.315419][T23430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1136.348631][T23430] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1136.401542][T14794] usb 4-1: USB disconnect, device number 126 [ 1136.838389][T23455] netlink: 'syz.2.5329': attribute type 10 has an invalid length. [ 1137.174208][T23461] netlink: 'syz.4.5330': attribute type 4 has an invalid length. [ 1137.547416][T23468] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5331'. [ 1138.736364][T23478] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5333'. [ 1140.187515][T23498] netlink: 'syz.2.5337': attribute type 4 has an invalid length. [ 1140.832035][ T5855] usb 4-1: new high-speed USB device number 127 using dummy_hcd [ 1141.312236][ T5855] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 1141.321369][ T5855] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1141.359969][ T5855] usb 4-1: Product: syz [ 1141.375678][ T5855] usb 4-1: Manufacturer: syz [ 1141.389799][ T5855] usb 4-1: SerialNumber: syz [ 1141.430892][ T5855] usb 4-1: config 0 descriptor?? [ 1141.437895][ T5855] ttusb_dec_send_command: command bulk message failed: error -22 [ 1141.450868][ T5855] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22 [ 1141.746041][T23517] netlink: 'syz.2.5342': attribute type 10 has an invalid length. [ 1142.557273][T23497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1142.740630][T23497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1142.869118][T23531] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1142.942206][ T9] usb 4-1: USB disconnect, device number 127 [ 1143.335153][T23538] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5346'. [ 1145.134445][T23559] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5350'. [ 1145.849284][T23567] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1145.874047][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 1146.013344][T23566] netlink: 'syz.0.5353': attribute type 10 has an invalid length. [ 1146.425972][T23579] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5354'. [ 1147.882135][T19048] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1147.882191][ T5861] Bluetooth: hci4: command 0x1003 tx timeout [ 1148.527635][T23608] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5358'. [ 1150.222848][T23615] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1150.491368][T23621] netlink: 'syz.0.5365': attribute type 10 has an invalid length. [ 1153.717557][ T5855] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 1153.927105][ T5855] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 1153.968635][ T5855] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1153.988627][ T5855] usb 4-1: Product: syz [ 1154.000587][ T5855] usb 4-1: Manufacturer: syz [ 1154.022613][T23669] netlink: 'syz.4.5372': attribute type 4 has an invalid length. [ 1154.155302][ T5855] usb 4-1: SerialNumber: syz [ 1154.179989][ T5855] usb 4-1: config 0 descriptor?? [ 1154.201150][ T5855] ttusb_dec_send_command: command bulk message failed: error -22 [ 1154.237696][ T5855] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22 [ 1154.722346][T23640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1154.735040][T23640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1154.843995][ T5855] usb 4-1: USB disconnect, device number 2 [ 1156.633597][T23695] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5378'. [ 1158.207108][T23713] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1158.370611][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 1160.362015][T19048] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1160.431233][T23729] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5386'. [ 1160.719676][T23733] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5387'. [ 1161.282312][ T5855] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 1162.390462][ T5855] usb 4-1: Using ep0 maxpacket: 8 [ 1162.432572][ T5855] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1162.444247][ T5855] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1162.477433][ T5855] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1162.493439][ T5855] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1162.547972][ T5855] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1162.891974][ T5855] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1162.976562][ T5855] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1163.502564][ T5855] usb 4-1: usb_control_msg returned -32 [ 1163.508278][ T5855] usbtmc 4-1:16.0: can't read capabilities [ 1164.830239][ T5981] usb 4-1: USB disconnect, device number 3 [ 1165.652225][T23782] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5396'. [ 1166.103253][T23784] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5396'. [ 1166.117472][T23784] netlink: 'syz.2.5396': attribute type 5 has an invalid length. [ 1166.136451][T23793] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5399'. [ 1166.310498][T23795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5399'. [ 1166.319477][T23795] netlink: 'syz.0.5399': attribute type 5 has an invalid length. [ 1166.327267][T23795] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5399'. [ 1166.616921][T23784] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5396'. [ 1169.947872][T23839] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5406'. [ 1171.765224][ T5855] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1172.411940][ T5855] usb 4-1: Using ep0 maxpacket: 32 [ 1172.425583][ T5855] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1172.487693][ T5855] usb 4-1: config 0 has no interface number 0 [ 1172.515630][ T5855] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1172.707345][ T5855] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1172.722857][ T5855] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1172.769191][ T5855] usb 4-1: Product: syz [ 1172.791273][ T5855] usb 4-1: Manufacturer: syz [ 1172.808504][ T5855] usb 4-1: SerialNumber: syz [ 1173.057629][ T5855] usb 4-1: config 0 descriptor?? [ 1173.104069][ T5855] smsc75xx v1.0.0 [ 1173.112477][ T5855] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1173.170755][ T5855] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -22 [ 1174.523060][T23886] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5417'. [ 1174.722414][T23888] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5416'. [ 1174.750480][T23886] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5417'. [ 1174.759469][T23886] netlink: 'syz.0.5417': attribute type 5 has an invalid length. [ 1174.767460][T23886] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5417'. [ 1174.881521][T12987] usb 4-1: USB disconnect, device number 4 [ 1176.757179][T23904] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 1177.165340][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.174590][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.601071][T23929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5427'. [ 1179.720594][T23930] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5427'. [ 1179.729728][T23930] netlink: 'syz.0.5427': attribute type 5 has an invalid length. [ 1179.737972][T23930] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5427'. [ 1180.468032][T23937] bond0: entered promiscuous mode [ 1180.473132][T23937] bond_slave_0: entered promiscuous mode [ 1180.478918][T23937] bond_slave_1: entered promiscuous mode [ 1180.484735][T23937] mac80211_hwsim hwsim18 wlan1: entered promiscuous mode [ 1180.493310][T23937] batadv0: entered promiscuous mode [ 1180.500996][T23937] debugfs: 'hsr1' already exists in 'hsr' [ 1180.507440][T23937] Cannot create hsr debugfs directory [ 1180.513521][T23937] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 1181.702143][ T5855] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1181.867642][T23959] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5433'. [ 1181.972031][ T5855] usb 4-1: Using ep0 maxpacket: 32 [ 1182.010752][ T5855] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1182.190983][ T5855] usb 4-1: config 0 has no interface number 0 [ 1182.224314][ T5855] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1182.264110][ T5855] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1182.273400][ T5855] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1182.358081][ T5855] usb 4-1: Product: syz [ 1182.394945][ T5855] usb 4-1: Manufacturer: syz [ 1182.416752][ T5855] usb 4-1: SerialNumber: syz [ 1182.449753][ T5855] usb 4-1: config 0 descriptor?? [ 1182.482160][ T5855] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1182.515032][ T5855] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1183.032248][T23969] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5434'. [ 1185.301217][ T5855] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1185.730323][ T5855] usb 4-1: USB disconnect, device number 5 [ 1186.341941][ T5855] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1186.537880][ T5855] usb 4-1: Using ep0 maxpacket: 32 [ 1186.668556][ T5855] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1186.676940][ T5855] usb 4-1: config 0 has no interface number 0 [ 1186.683343][ T5855] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1186.692935][ T5855] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1186.704551][ T5855] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1186.712993][ T5855] usb 4-1: Product: syz [ 1186.719220][ T5855] usb 4-1: Manufacturer: syz [ 1186.724168][ T5855] usb 4-1: SerialNumber: syz [ 1186.737084][ T5855] usb 4-1: config 0 descriptor?? [ 1186.797400][ T5855] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1186.825732][ T5855] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1188.470960][ T5855] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1188.494262][ T5855] usb 4-1: USB disconnect, device number 6 [ 1189.104227][T24036] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5449'. [ 1189.120919][ T5855] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1189.859383][ T5855] usb 4-1: Using ep0 maxpacket: 32 [ 1189.883085][ T5855] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1189.891404][ T5855] usb 4-1: config 0 has no interface number 0 [ 1190.059186][ T5855] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1190.597301][ T5855] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1190.617311][ T5855] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1190.639670][ T5855] usb 4-1: Product: syz [ 1190.646957][ T5855] usb 4-1: Manufacturer: syz [ 1190.656056][ T5855] usb 4-1: SerialNumber: syz [ 1190.679686][ T5855] usb 4-1: config 0 descriptor?? [ 1190.717447][ T5855] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1190.762265][ T5855] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1190.917753][T24050] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5446'. [ 1192.543105][ T5855] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1192.693275][ T5855] usb 4-1: USB disconnect, device number 7 [ 1195.030624][T24106] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1195.071656][ T67] Bluetooth: hci4: Frame reassembly failed (-84) [ 1197.247380][T19048] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1197.255002][T23714] Bluetooth: hci4: command 0x1003 tx timeout [ 1197.590356][T24137] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5467'. [ 1197.882949][T24137] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5467'. [ 1197.892748][T24137] netlink: 'syz.0.5467': attribute type 5 has an invalid length. [ 1197.903982][T24137] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5467'. [ 1198.767943][T24148] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5469'. [ 1199.442052][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1199.710779][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 1199.744436][ T9] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1199.752815][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1199.778027][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1199.892869][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1199.903354][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1199.916666][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1199.925992][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1200.155533][T24159] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5470'. [ 1200.713962][ T9] usb 4-1: usb_control_msg returned -32 [ 1200.746915][ T9] usbtmc 4-1:16.0: can't read capabilities [ 1201.295137][T24178] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5469'. [ 1201.304463][T24178] netlink: 'syz.3.5469': attribute type 5 has an invalid length. [ 1201.312350][T24178] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5469'. [ 1201.449886][T24174] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1201.532797][T24182] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5475'. [ 1202.913562][T24187] netlink: 'syz.0.5476': attribute type 11 has an invalid length. [ 1202.921990][T24187] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5476'. [ 1202.948887][T14794] usb 4-1: USB disconnect, device number 8 [ 1204.270472][T24208] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5479'. [ 1204.796807][T24213] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1204.912204][ T3584] Bluetooth: hci4: Frame reassembly failed (-84) [ 1206.263178][T24227] netlink: 'syz.2.5485': attribute type 11 has an invalid length. [ 1206.275183][T24227] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5485'. [ 1206.862048][T23714] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1208.907427][T24251] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1210.150491][T24262] netlink: 'syz.0.5493': attribute type 11 has an invalid length. [ 1210.158455][T24262] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5493'. [ 1210.718455][T24278] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5496'. [ 1210.840526][T24274] netlink: 'syz.1.5494': attribute type 11 has an invalid length. [ 1210.849385][T24274] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5494'. [ 1211.196006][T24283] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5496'. [ 1211.205001][T24283] netlink: 'syz.2.5496': attribute type 5 has an invalid length. [ 1211.213051][T24283] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5496'. [ 1211.583846][T24282] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5497'. [ 1212.898440][ T5920] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1213.061912][ T5920] usb 4-1: Using ep0 maxpacket: 8 [ 1213.448685][ T5920] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1213.465137][ T5920] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1213.475780][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1213.488683][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1213.507465][ T5920] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1213.549516][ T5920] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1213.559021][T24303] netlink: 'syz.1.5501': attribute type 11 has an invalid length. [ 1213.600374][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1213.604848][T24303] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5501'. [ 1213.847402][T24308] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5502'. [ 1214.048876][T24308] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5502'. [ 1214.058281][T24308] netlink: 'syz.0.5502': attribute type 5 has an invalid length. [ 1214.066115][T24308] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5502'. [ 1214.138025][ T5920] usb 4-1: usb_control_msg returned -71 [ 1214.174927][ T5920] usbtmc 4-1:16.0: can't read capabilities [ 1214.255178][ T5920] usb 4-1: USB disconnect, device number 9 [ 1215.299695][ T5920] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1215.987563][ T5920] usb 4-1: Using ep0 maxpacket: 8 [ 1216.012275][ T5920] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1216.020914][ T5920] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1216.053668][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1216.095161][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1216.220122][ T5920] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1216.341281][ T5920] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1216.414489][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1216.664818][ T5920] usb 4-1: usb_control_msg returned -32 [ 1216.670543][ T5920] usbtmc 4-1:16.0: can't read capabilities [ 1217.682722][T24342] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1217.718365][T24316] __nla_validate_parse: 2 callbacks suppressed [ 1217.718379][T24316] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5504'. [ 1217.745664][T24316] netlink: 'syz.3.5504': attribute type 5 has an invalid length. [ 1217.762115][T24316] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5504'. [ 1217.937094][T24349] netlink: 'syz.4.5510': attribute type 11 has an invalid length. [ 1217.945164][T24349] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5510'. [ 1217.991423][T24350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5509'. [ 1218.285077][T24352] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5509'. [ 1218.424793][T24352] netlink: 'syz.0.5509': attribute type 5 has an invalid length. [ 1218.437901][T24352] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5509'. [ 1218.869719][ T5981] usb 4-1: USB disconnect, device number 10 [ 1219.398025][T24361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5512'. [ 1219.808500][T24365] netlink: 'syz.4.5513': attribute type 11 has an invalid length. [ 1219.816958][T24365] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5513'. [ 1219.841978][ T5920] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1220.016520][ T5920] usb 4-1: Using ep0 maxpacket: 8 [ 1220.077127][ T5920] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1220.085900][ T5920] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1220.230890][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1220.259046][T24375] netlink: 'syz.2.5515': attribute type 11 has an invalid length. [ 1220.275775][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1220.285973][T24375] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5515'. [ 1220.369303][ T5920] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1220.552173][ T5920] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1220.634756][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1221.106424][ T5920] usb 4-1: usb_control_msg returned -32 [ 1221.112925][ T5920] usbtmc 4-1:16.0: can't read capabilities [ 1221.875911][T24386] netlink: 'syz.2.5517': attribute type 11 has an invalid length. [ 1221.886966][T24386] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5517'. [ 1222.023044][T24389] netlink: 'syz.3.5512': attribute type 5 has an invalid length. [ 1222.041548][T24360] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1223.275007][ T5981] usb 4-1: USB disconnect, device number 11 [ 1224.468790][T24410] netlink: 'syz.1.5521': attribute type 11 has an invalid length. [ 1224.483154][ T5981] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 1224.802612][T24418] __nla_validate_parse: 2 callbacks suppressed [ 1224.802654][T24418] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5524'. [ 1225.104279][T24410] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5521'. [ 1225.125964][T24419] netlink: 'syz.4.5523': attribute type 11 has an invalid length. [ 1225.134041][T24419] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5523'. [ 1225.247944][ T5981] usb 4-1: Using ep0 maxpacket: 32 [ 1225.273177][ T5981] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1225.578232][ T5981] usb 4-1: config 0 has no interface number 0 [ 1225.630679][ T5981] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1225.660059][ T5981] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1225.691326][ T5981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1225.708379][ T5981] usb 4-1: Product: syz [ 1225.719255][ T5981] usb 4-1: Manufacturer: syz [ 1225.774376][ T5981] usb 4-1: SerialNumber: syz [ 1225.820496][ T5981] usb 4-1: config 0 descriptor?? [ 1225.846035][ T5981] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1225.968867][ T5981] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1227.776021][ T5981] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1227.796916][ T5981] usb 4-1: USB disconnect, device number 12 [ 1227.976062][T24443] netlink: 'syz.3.5529': attribute type 11 has an invalid length. [ 1227.984480][T24443] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5529'. [ 1228.164075][T24443] mkiss: ax0: crc mode is auto. [ 1232.520830][T24496] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5539'. [ 1234.474281][T24524] netlink: 'syz.4.5544': attribute type 11 has an invalid length. [ 1234.499538][T24524] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5544'. [ 1235.707563][T24539] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5547'. [ 1236.114133][T24542] netlink: 'syz.0.5548': attribute type 11 has an invalid length. [ 1236.122396][T24542] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5548'. [ 1237.120646][T24554] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5550'. [ 1237.823629][T24567] netlink: 'syz.3.5553': attribute type 11 has an invalid length. [ 1237.833492][T24567] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5553'. [ 1237.878553][T24566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5552'. [ 1238.085666][T24566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5552'. [ 1238.094741][T24566] netlink: 'syz.2.5552': attribute type 5 has an invalid length. [ 1238.102600][T24566] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5552'. [ 1238.501053][T24567] mkiss: ax0: crc mode is auto. [ 1238.688999][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.696575][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.442476][T24587] netlink: 'syz.4.5555': attribute type 11 has an invalid length. [ 1239.450655][T24587] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5555'. [ 1239.812068][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 1239.818528][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 1239.828445][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 1240.097503][T24590] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1240.755416][T24597] netlink: 'syz.1.5558': attribute type 4 has an invalid length. [ 1241.260161][T24607] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1241.906411][T19048] Bluetooth: hci4: command 0x1003 tx timeout [ 1241.914139][T23714] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1242.366356][T24612] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5562'. [ 1242.558887][T24618] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5561'. [ 1243.448242][T24631] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5565'. [ 1244.179480][T24637] netlink: 'syz.0.5564': attribute type 4 has an invalid length. [ 1245.305514][T24646] netlink: 'syz.4.5568': attribute type 4 has an invalid length. [ 1245.799915][T24653] netlink: 'syz.3.5570': attribute type 11 has an invalid length. [ 1245.928437][T24653] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5570'. [ 1246.160963][T24653] mkiss: ax0: crc mode is auto. [ 1246.528171][T24666] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5572'. [ 1247.168744][T24671] netlink: 'syz.0.5573': attribute type 11 has an invalid length. [ 1247.177626][T24671] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5573'. [ 1247.431758][T24675] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1248.401182][T24683] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5575'. [ 1249.001641][T24704] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5580'. [ 1249.796353][T24709] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1249.837454][ T67] Bluetooth: hci4: Frame reassembly failed (-84) [ 1250.828857][T24718] netlink: 'syz.2.5583': attribute type 11 has an invalid length. [ 1250.845647][T24718] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5583'. [ 1251.698329][T24727] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5584'. [ 1251.900506][T19048] Bluetooth: hci4: command 0x1003 tx timeout [ 1251.946942][T23714] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1252.174814][T24727] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5584'. [ 1252.184110][T24727] netlink: 'syz.4.5584': attribute type 5 has an invalid length. [ 1252.191919][T24727] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5584'. [ 1253.129823][T24746] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5588'. [ 1253.743441][T24749] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1253.897424][T24755] netlink: 'syz.3.5590': attribute type 11 has an invalid length. [ 1253.905697][T24755] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5590'. [ 1254.105099][T24755] mkiss: ax0: crc mode is auto. [ 1254.359816][T24762] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5591'. [ 1254.726593][T24764] netlink: 'syz.0.5592': attribute type 11 has an invalid length. [ 1254.734934][T24764] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5592'. [ 1254.793619][T24771] netlink: 'syz.4.5593': attribute type 11 has an invalid length. [ 1254.801761][T24771] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5593'. [ 1255.991938][ T5920] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1256.146813][ T5920] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 1256.157948][ T5920] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1256.740698][ T5920] usb 4-1: config 220 has 2 interfaces, different from the descriptor's value: 3 [ 1256.769815][ T5920] usb 4-1: config 220 has no interface number 1 [ 1256.793189][ T5920] usb 4-1: config 220 interface 0 has no altsetting 0 [ 1256.802566][ T5920] usb 4-1: config 220 interface 76 has no altsetting 0 [ 1256.819264][ T5920] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1256.842378][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1256.853205][ T5920] usb 4-1: Product: syz [ 1256.857874][ T5920] usb 4-1: Manufacturer: syz [ 1256.963903][T24800] netlink: 'syz.1.5599': attribute type 11 has an invalid length. [ 1256.971970][T24800] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5599'. [ 1257.062070][ T5920] usb 4-1: SerialNumber: syz [ 1257.123319][T24801] netlink: 'syz.0.5600': attribute type 11 has an invalid length. [ 1257.131790][T24801] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5600'. [ 1257.390669][ T5920] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 1257.397660][ T5920] usb 4-1: No valid video chain found. [ 1257.536413][ T5920] usb 4-1: USB disconnect, device number 13 [ 1258.313542][T24816] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5602'. [ 1259.238788][T24832] netlink: 'syz.0.5606': attribute type 11 has an invalid length. [ 1259.247038][T24832] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5606'. [ 1259.318327][T24828] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1259.361997][ T5981] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1259.544138][ T5981] usb 4-1: Using ep0 maxpacket: 32 [ 1259.561106][ T5981] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1259.572196][ T5981] usb 4-1: config 0 has no interface number 0 [ 1259.583861][ T5981] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1259.600685][ T5981] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1259.610368][ T5981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1259.619752][ T5981] usb 4-1: Product: syz [ 1259.631156][ T5981] usb 4-1: Manufacturer: syz [ 1259.650745][ T5981] usb 4-1: SerialNumber: syz [ 1259.677285][ T5981] usb 4-1: config 0 descriptor?? [ 1259.694827][ T5981] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1259.877302][ T5981] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1261.962720][ T5981] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1262.064341][ T5981] usb 4-1: USB disconnect, device number 14 [ 1262.433536][T24867] netlink: 'syz.3.5611': attribute type 11 has an invalid length. [ 1262.441939][T24867] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5611'. [ 1263.764334][T24883] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1263.912189][ T3584] Bluetooth: hci4: Frame reassembly failed (-84) [ 1264.440621][T24891] netlink: 'syz.4.5616': attribute type 11 has an invalid length. [ 1264.449018][T24891] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5616'. [ 1265.640608][T24903] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5618'. [ 1265.931967][T23714] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1266.539277][T24906] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5620'. [ 1266.550094][T24906] netlink: 'syz.1.5620': attribute type 5 has an invalid length. [ 1266.558364][T24906] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5620'. [ 1266.785718][T24913] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1266.799765][ T3584] Bluetooth: hci4: Frame reassembly failed (-84) [ 1267.062448][T24921] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5623'. [ 1267.275113][T24921] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5623'. [ 1267.284122][T24921] netlink: 'syz.4.5623': attribute type 5 has an invalid length. [ 1267.291871][T24921] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5623'. [ 1267.455056][T24925] netlink: 'syz.2.5625': attribute type 11 has an invalid length. [ 1267.463144][T24925] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5625'. [ 1267.616886][T24927] netlink: 'syz.0.5624': attribute type 11 has an invalid length. [ 1267.651087][T24927] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5624'. [ 1267.945827][T24932] netlink: 'syz.1.5626': attribute type 11 has an invalid length. [ 1267.954004][T24932] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5626'. [ 1268.852167][T23714] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1270.330163][T24955] netlink: 'syz.3.5629': attribute type 11 has an invalid length. [ 1270.386439][T24955] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5629'. [ 1271.134260][T24964] mkiss: ax0: crc mode is auto. [ 1272.863879][T24983] netlink: 'syz.3.5634': attribute type 11 has an invalid length. [ 1272.872348][T24983] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5634'. [ 1273.829150][T24995] netlink: 'syz.2.5639': attribute type 11 has an invalid length. [ 1273.844468][T24995] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5639'. [ 1275.585164][T25011] netlink: 'syz.4.5642': attribute type 11 has an invalid length. [ 1275.604959][T25011] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5642'. [ 1276.221105][T25019] netlink: 'syz.1.5643': attribute type 11 has an invalid length. [ 1276.229365][T25019] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5643'. [ 1276.374165][T25024] netlink: 'syz.3.5644': attribute type 4 has an invalid length. [ 1276.575797][T25026] netlink: 'syz.2.5645': attribute type 11 has an invalid length. [ 1276.624938][T25026] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5645'. [ 1277.986578][T25037] netlink: 'syz.4.5647': attribute type 11 has an invalid length. [ 1278.004732][T25037] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5647'. [ 1279.229178][T25057] netlink: 'syz.0.5651': attribute type 11 has an invalid length. [ 1279.237453][T25057] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5651'. [ 1279.297276][T25054] netlink: 'syz.2.5650': attribute type 11 has an invalid length. [ 1279.402541][T25054] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5650'. [ 1280.163678][T25062] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1280.276090][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 1281.230857][T25073] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5654'. [ 1282.144733][T25088] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5656'. [ 1282.203502][T19048] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1282.591955][T25093] mkiss: ax0: crc mode is auto. [ 1284.100994][T25106] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5661'. [ 1284.843963][T25108] netlink: 'syz.4.5660': attribute type 11 has an invalid length. [ 1284.854542][T25108] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5660'. [ 1284.919572][T25112] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5662'. [ 1284.928671][T25112] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5662'. [ 1285.265066][T25120] netlink: 'syz.2.5664': attribute type 11 has an invalid length. [ 1285.273072][T25120] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5664'. [ 1286.326539][T25138] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 1286.478756][T25142] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5668'. [ 1286.487797][T25142] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5668'. [ 1286.513139][T25143] netlink: 'syz.0.5667': attribute type 11 has an invalid length. [ 1286.521070][T25143] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5667'. [ 1288.574703][T25166] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5672'. [ 1288.583991][T25166] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5672'. [ 1289.402378][T25183] __nla_validate_parse: 1 callbacks suppressed [ 1289.402390][T25183] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5678'. [ 1289.417508][T25183] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5678'. [ 1290.021884][ T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1290.222017][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 1290.243395][ T9] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1290.258717][ T30] audit: type=1400 audit(1758359177.496:838): avc: denied { module_load } for pid=25189 comm="syz.1.5679" path="/589/bus" dev="tmpfs" ino=3078 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 1290.286749][T25190] Invalid ELF header magic: != ELF [ 1290.326599][ T30] audit: type=1400 audit(1758359177.536:839): avc: denied { shutdown } for pid=25189 comm="syz.1.5679" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1290.354494][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1290.510571][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1290.651994][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1290.725153][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1290.877832][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1290.899455][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1291.186430][ T9] usb 4-1: usb_control_msg returned -32 [ 1291.195438][ T9] usbtmc 4-1:16.0: can't read capabilities [ 1291.917200][T25199] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1291.925190][T25174] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5677'. [ 1291.934166][T25174] netlink: 'syz.3.5677': attribute type 5 has an invalid length. [ 1291.942222][T25174] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5677'. [ 1292.143766][T25205] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5681'. [ 1292.312937][T25205] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5681'. [ 1292.321890][T25205] netlink: 'syz.4.5681': attribute type 5 has an invalid length. [ 1292.329719][T25205] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5681'. [ 1293.028288][T12987] usb 4-1: USB disconnect, device number 15 [ 1293.200476][T25220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5685'. [ 1293.350728][T25220] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5685'. [ 1293.359645][T25220] netlink: 'syz.1.5685': attribute type 5 has an invalid length. [ 1293.367399][T25220] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5685'. [ 1293.497818][T25225] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1293.586698][ T3506] Bluetooth: hci4: Frame reassembly failed (-84) [ 1293.702763][T25224] netlink: 'syz.2.5684': attribute type 11 has an invalid length. [ 1295.405655][T25236] netlink: 'syz.0.5688': attribute type 11 has an invalid length. [ 1295.413650][T25236] __nla_validate_parse: 1 callbacks suppressed [ 1295.413675][T25236] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5688'. [ 1295.562482][T19048] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1295.689559][T25244] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5689'. [ 1295.881360][T25244] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5689'. [ 1295.890373][T25244] netlink: 'syz.2.5689': attribute type 5 has an invalid length. [ 1295.898217][T25244] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5689'. [ 1296.740637][T25253] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=11 sclass=netlink_route_socket pid=25253 comm=syz.3.5691 [ 1296.769206][T25253] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5691'. [ 1298.831504][T25272] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5696'. [ 1298.840523][T25272] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5696'. [ 1299.645343][T25284] mkiss: ax0: crc mode is auto. [ 1300.045244][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.051519][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1301.411300][ T30] audit: type=1800 audit(1758359188.646:840): pid=25307 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.5701" name="bus" dev="tmpfs" ino=3100 res=0 errno=0 [ 1301.800731][T25313] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1301.827711][ T67] Bluetooth: hci4: Frame reassembly failed (-84) [ 1303.903714][T19048] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1303.909813][T23714] Bluetooth: hci4: command 0x1003 tx timeout [ 1305.098529][T25345] netlink: 'syz.3.5711': attribute type 11 has an invalid length. [ 1305.111939][T25345] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5711'. [ 1305.496876][T25345] mkiss: ax0: crc mode is auto. [ 1307.846518][T25376] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5717'. [ 1308.361216][T25380] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1308.437799][ T36] Bluetooth: hci4: Frame reassembly failed (-84) [ 1309.763350][T25388] netlink: 'syz.4.5720': attribute type 11 has an invalid length. [ 1309.771622][T25388] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5720'. [ 1310.293091][T25392] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5721'. [ 1310.468521][T25392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5721'. [ 1310.477478][T25392] netlink: 'syz.2.5721': attribute type 5 has an invalid length. [ 1310.485235][T25392] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5721'. [ 1310.552635][T23714] Bluetooth: hci4: command 0x1003 tx timeout [ 1310.558783][T19048] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1310.991720][T25398] netlink: 'syz.1.5723': attribute type 11 has an invalid length. [ 1311.004043][T25398] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5723'. [ 1311.454866][T25406] netlink: 'syz.3.5724': attribute type 4 has an invalid length. [ 1313.970960][T25423] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1314.084978][ T36] Bluetooth: hci4: Frame reassembly failed (-84) [ 1314.494719][T25433] netlink: 'syz.0.5730': attribute type 11 has an invalid length. [ 1314.503262][T25433] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5730'. [ 1314.985182][T25438] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5731'. [ 1315.274419][T25438] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5731'. [ 1315.283703][T25438] netlink: 'syz.4.5731': attribute type 5 has an invalid length. [ 1315.293770][T25438] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5731'. [ 1315.403125][T25442] netlink: 'syz.1.5732': attribute type 11 has an invalid length. [ 1315.411363][T25442] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5732'. [ 1315.766981][T25444] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5733'. [ 1315.777178][T25444] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5733'. [ 1316.101553][T19048] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1317.137257][T25456] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1317.172448][T25414] Bluetooth: hci1: Frame reassembly failed (-84) [ 1317.424435][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1317.446163][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1317.540500][ T5861] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1317.550456][ T5861] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1317.563565][ T5861] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1317.588501][ T5861] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1317.601894][ T5861] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1317.735707][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1317.863599][T23714] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1317.877778][T23714] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1317.890051][T23714] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1317.897580][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1317.908150][T23714] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1317.915912][T23714] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1318.087531][T25459] lo speed is unknown, defaulting to 1000 [ 1318.248873][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1318.291837][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1318.426676][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1318.439681][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1319.241927][ T5861] Bluetooth: hci1: command 0x1003 tx timeout [ 1319.249922][T19048] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1319.722578][T25476] netlink: 'syz.3.5739': attribute type 11 has an invalid length. [ 1319.734732][T25476] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5739'. [ 1319.963991][T23714] Bluetooth: hci4: command tx timeout [ 1320.314215][ T12] bond0 (unregistering): left promiscuous mode [ 1320.511893][ T12] mac80211_hwsim hwsim14 wlan1: left promiscuous mode [ 1320.580110][ T12] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 1320.613125][ T12] bond0 (unregistering): Released all slaves [ 1320.663645][T25480] Falling back ldisc for ttyprintk. [ 1320.903124][T25486] netlink: 'syz.3.5741': attribute type 11 has an invalid length. [ 1320.911463][T25486] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5741'. [ 1322.042215][T23714] Bluetooth: hci4: command tx timeout [ 1322.078444][T25494] netlink: 'syz.0.5743': attribute type 11 has an invalid length. [ 1322.086460][T25494] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5743'. [ 1322.306763][T25486] Falling back ldisc for ttyprintk. [ 1322.433660][ T12] bond1 (unregistering): Released all slaves [ 1323.288960][ T12] bond2 (unregistering): Released all slaves [ 1323.429535][ T12] bond3 (unregistering): Released all slaves [ 1323.451135][T25508] netlink: 'syz.3.5745': attribute type 11 has an invalid length. [ 1323.505355][T25508] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5745'. [ 1323.922638][ T12] bond4 (unregistering): Released all slaves [ 1324.149605][T23714] Bluetooth: hci4: command tx timeout [ 1324.338206][T25508] mkiss: ax0: crc mode is auto. [ 1324.345879][T25459] chnl_net:caif_netlink_parms(): no params data found [ 1324.413533][ T12] IPVS: stopping master sync thread 16362 ... [ 1324.678788][T25529] netlink: 'syz.4.5748': attribute type 4 has an invalid length. [ 1325.731503][T25550] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1325.895252][T25459] bridge0: port 1(bridge_slave_0) entered blocking state [ 1325.914859][T25459] bridge0: port 1(bridge_slave_0) entered disabled state [ 1325.926074][T25459] bridge_slave_0: entered allmulticast mode [ 1326.011993][T25459] bridge_slave_0: entered promiscuous mode [ 1326.159491][T25459] bridge0: port 2(bridge_slave_1) entered blocking state [ 1326.201961][T23714] Bluetooth: hci4: command tx timeout [ 1326.202381][T25459] bridge0: port 2(bridge_slave_1) entered disabled state [ 1326.222792][T25459] bridge_slave_1: entered allmulticast mode [ 1326.385499][T25459] bridge_slave_1: entered promiscuous mode [ 1326.931512][ T12] batadv0: left promiscuous mode [ 1326.965326][ T12] hsr_slave_0: left promiscuous mode [ 1326.978099][ T12] hsr_slave_1: left promiscuous mode [ 1327.063493][T25584] netlink: 'syz.2.5754': attribute type 11 has an invalid length. [ 1327.082172][T25584] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5754'. [ 1327.976213][ T12] veth1_macvtap: left promiscuous mode [ 1328.131866][ T12] veth0_macvtap: left promiscuous mode [ 1328.137526][ T12] veth1_vlan: left promiscuous mode [ 1328.211196][ T12] veth0_vlan: left promiscuous mode [ 1328.538845][T25598] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5755'. [ 1328.951939][ T5920] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1329.647811][T25606] netlink: 'syz.4.5756': attribute type 11 has an invalid length. [ 1329.655942][T25606] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5756'. [ 1329.681837][ T5920] usb 4-1: Using ep0 maxpacket: 8 [ 1329.743382][ T5920] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1329.772321][ T5920] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1329.791060][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1329.816582][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1329.838027][ T5920] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1329.851475][ T5920] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1329.861033][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1330.165978][ T5920] usb 4-1: usb_control_msg returned -32 [ 1330.181649][ T5920] usbtmc 4-1:16.0: can't read capabilities [ 1330.269269][T25615] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5758'. [ 1330.295458][T25615] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5758'. [ 1331.136314][T25600] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1331.158471][T25598] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5755'. [ 1331.186762][T25598] netlink: 'syz.3.5755': attribute type 5 has an invalid length. [ 1331.195572][T25598] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5755'. [ 1331.921447][T25459] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1331.940605][T25459] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1332.034901][T25459] team0: Port device team_slave_0 added [ 1332.045680][T25459] team0: Port device team_slave_1 added [ 1332.138556][T25459] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1332.157821][T25459] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1332.387248][T25459] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1332.403935][T25459] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1332.410933][T25459] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1332.436946][T25459] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1332.539501][ T12] IPVS: stop unused estimator thread 0... [ 1332.685197][T25634] netlink: 'syz.2.5762': attribute type 11 has an invalid length. [ 1332.693763][T25634] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5762'. [ 1332.771290][T25459] hsr_slave_0: entered promiscuous mode [ 1332.810477][T25459] hsr_slave_1: entered promiscuous mode [ 1332.836931][T25459] debugfs: 'hsr0' already exists in 'hsr' [ 1332.857067][T25459] Cannot create hsr debugfs directory [ 1333.327057][ T5920] usb 4-1: USB disconnect, device number 16 [ 1333.656167][T25647] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1333.679663][T25414] Bluetooth: hci1: Frame reassembly failed (-84) [ 1335.265067][T25459] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1335.281244][T25459] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1335.293866][T25459] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1335.304319][T25459] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1335.425830][T25671] netlink: 'syz.0.5767': attribute type 11 has an invalid length. [ 1335.433995][T25671] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5767'. [ 1335.724869][T23714] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1335.763248][T25459] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1335.861728][T25459] 8021q: adding VLAN 0 to HW filter on device team0 [ 1335.895415][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1335.902657][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1336.139213][T25688] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5768'. [ 1336.171506][T25688] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5768'. [ 1336.484244][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 1336.491452][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1336.786460][T25459] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1337.000532][T25697] netlink: 'syz.4.5770': attribute type 11 has an invalid length. [ 1337.008876][T25697] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5770'. [ 1337.099164][T25699] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5769'. [ 1337.301919][T25699] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5769'. [ 1337.840404][T25708] netlink: 'syz.3.5771': attribute type 11 has an invalid length. [ 1337.889605][T25708] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5771'. [ 1338.276174][T25708] mkiss: ax0: crc mode is auto. [ 1338.659799][T25459] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1339.047485][T25459] veth0_vlan: entered promiscuous mode [ 1339.064033][T25459] veth1_vlan: entered promiscuous mode [ 1340.497074][T25459] veth0_macvtap: entered promiscuous mode [ 1340.559660][T25459] veth1_macvtap: entered promiscuous mode [ 1340.729819][T25459] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1340.786615][T25459] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1340.897448][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1341.429407][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1341.601927][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1341.764391][T25762] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5778'. [ 1341.773434][T25762] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5778'. [ 1341.869930][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1342.047776][T25767] Invalid ELF header magic: != ELF [ 1342.067518][ T3506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1342.088511][ T3506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1342.132667][ T3506] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1342.153002][ T3506] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1342.467144][ T30] audit: type=1400 audit(1758359229.696:841): avc: denied { mounton } for pid=25459 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 1342.607912][T25783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5780'. [ 1343.024581][T25789] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5735'. [ 1343.445427][T25784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5780'. [ 1343.454666][T25784] netlink: 'syz.0.5780': attribute type 5 has an invalid length. [ 1343.462698][T25784] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5780'. [ 1345.525953][T25818] netlink: 'syz.1.5784': attribute type 11 has an invalid length. [ 1345.542753][T25818] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5784'. [ 1345.845637][T25818] mkiss: ax0: crc mode is auto. [ 1346.223589][T25826] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1346.279329][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 1346.516117][T25838] netlink: 'syz.0.5787': attribute type 11 has an invalid length. [ 1346.527960][T25838] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5787'. [ 1347.563550][T25844] Invalid ELF header magic: != ELF [ 1348.297850][T23714] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1348.952715][T25852] Invalid ELF header magic: != ELF [ 1349.368115][T25866] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5791'. [ 1349.526104][T25871] netlink: 'syz.3.5793': attribute type 11 has an invalid length. [ 1349.534133][T25871] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5793'. [ 1349.712886][T25871] mkiss: ax0: crc mode is auto. [ 1350.560390][T25882] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5791'. [ 1350.586574][T25882] netlink: 'syz.4.5791': attribute type 5 has an invalid length. [ 1350.594617][T25882] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5791'. [ 1350.611516][T25882] geneve3: entered promiscuous mode [ 1350.616833][T25882] geneve3: entered allmulticast mode [ 1351.211370][T25886] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5795'. [ 1351.420868][T25886] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5795'. [ 1351.429889][T25886] netlink: 'syz.0.5795': attribute type 5 has an invalid length. [ 1351.437671][T25886] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5795'. [ 1352.762040][ T5981] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1352.916866][T25906] netlink: 'syz.1.5798': attribute type 4 has an invalid length. [ 1353.087490][ T5981] usb 4-1: Using ep0 maxpacket: 32 [ 1353.098743][ T5981] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1353.109496][ T5981] usb 4-1: config 0 has no interface number 0 [ 1353.115820][ T5981] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1353.263584][ T5981] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1353.436875][ T5981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1353.465691][ T5981] usb 4-1: Product: syz [ 1353.478121][ T5981] usb 4-1: Manufacturer: syz [ 1353.491674][ T5981] usb 4-1: SerialNumber: syz [ 1353.513500][ T5981] usb 4-1: config 0 descriptor?? [ 1354.273972][ T5981] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1354.294174][ T5981] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1354.838852][T25931] netlink: 'syz.2.5803': attribute type 11 has an invalid length. [ 1354.846899][T25931] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5803'. [ 1355.089191][T25938] netlink: 'syz.1.5805': attribute type 11 has an invalid length. [ 1355.097877][T25938] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5805'. [ 1355.399603][T25941] netlink: 'syz.4.5806': attribute type 11 has an invalid length. [ 1355.407987][T25941] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5806'. [ 1355.862021][T25938] mkiss: ax0: crc mode is auto. [ 1356.726411][ T5981] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1356.754124][ T5981] usb 4-1: USB disconnect, device number 17 [ 1357.005681][T25965] Invalid ELF header magic: != ELF [ 1357.149316][T25970] Invalid ELF header magic: != ELF [ 1360.558681][T26011] Invalid ELF header magic: != ELF [ 1360.996534][T26014] netlink: 'syz.1.5818': attribute type 4 has an invalid length. [ 1361.535202][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.541619][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1363.442613][ T30] audit: type=1400 audit(1758359250.406:842): avc: denied { connect } for pid=26033 comm="syz.2.5824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 1363.553532][ T30] audit: type=1400 audit(1758359250.716:843): avc: denied { read } for pid=26033 comm="syz.2.5824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 1365.421141][T26055] netlink: 'syz.1.5827': attribute type 11 has an invalid length. [ 1365.492781][T26055] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5827'. [ 1365.694314][T26055] mkiss: ax0: crc mode is auto. [ 1366.310225][T26074] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5831'. [ 1368.518768][T26102] netlink: 'syz.0.5836': attribute type 11 has an invalid length. [ 1368.527157][T26102] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5836'. [ 1369.547932][T26112] netlink: 'syz.2.5839': attribute type 11 has an invalid length. [ 1369.556059][T26112] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5839'. [ 1372.398748][T26145] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5845'. [ 1373.330596][T26154] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1373.410954][ T5981] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1373.438222][T25730] Bluetooth: hci1: Frame reassembly failed (-84) [ 1374.011240][ T5981] usb 4-1: Using ep0 maxpacket: 8 [ 1374.216383][ T5981] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1374.230030][ T5981] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1374.484423][ T5981] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1374.501256][ T5981] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1374.572321][ T5981] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1374.654238][ T5981] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1374.756263][ T5981] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1375.250042][ T5981] usb 4-1: usb_control_msg returned -32 [ 1375.303962][T26172] netlink: 'syz.4.5852': attribute type 4 has an invalid length. [ 1375.375133][ T5981] usbtmc 4-1:16.0: can't read capabilities [ 1375.491857][T19048] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1376.060069][T26173] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5845'. [ 1376.099389][T26173] netlink: 'syz.3.5845': attribute type 5 has an invalid length. [ 1376.135555][T26173] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5845'. [ 1376.165286][T26143] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1376.217944][T26173] geneve3: entered promiscuous mode [ 1376.224535][T26173] geneve3: entered allmulticast mode [ 1376.616426][T26178] netlink: 'syz.1.5853': attribute type 11 has an invalid length. [ 1376.624850][T26178] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5853'. [ 1376.686940][T26178] mkiss: ax0: crc mode is auto. [ 1376.966360][T26183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5854'. [ 1377.151474][T26183] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5854'. [ 1377.160569][T26183] netlink: 'syz.2.5854': attribute type 5 has an invalid length. [ 1377.168393][T26183] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5854'. [ 1377.390309][T26185] netlink: 'syz.0.5855': attribute type 11 has an invalid length. [ 1377.398558][T26185] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5855'. [ 1377.470918][ T9] usb 4-1: USB disconnect, device number 18 [ 1378.151917][T26201] netlink: 'syz.4.5858': attribute type 4 has an invalid length. [ 1380.054579][T26213] netlink: 'syz.2.5861': attribute type 11 has an invalid length. [ 1380.063341][T26213] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5861'. [ 1380.859255][T26230] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5862'. [ 1381.215449][T26226] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5863'. [ 1381.225571][T26226] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5863'. [ 1381.507561][ T5920] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1382.063700][ T5920] usb 4-1: Using ep0 maxpacket: 8 [ 1382.127556][ T5920] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1382.158896][ T5920] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1382.186935][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1382.251825][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1382.284532][ T5920] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1382.351852][ T5920] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1382.386799][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1382.756984][ T5920] usb 4-1: usb_control_msg returned -32 [ 1382.763609][T25414] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1382.801986][ T5920] usbtmc 4-1:16.0: can't read capabilities [ 1382.814302][T25414] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1383.293623][T19048] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1383.395746][T19048] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1383.407243][T26252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5868'. [ 1383.466520][T19048] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1383.480616][T19048] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1383.495365][T19048] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1383.642719][T26253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5862'. [ 1383.668827][T26253] netlink: 'syz.3.5862': attribute type 5 has an invalid length. [ 1383.683444][T26253] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5862'. [ 1383.704003][T25414] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1383.870155][T26227] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1383.880640][T25414] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1384.060047][T25414] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1384.303714][T25414] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1384.335486][T26249] lo speed is unknown, defaulting to 1000 [ 1384.389455][T25414] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1384.419131][T25414] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1384.509587][T26259] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5869'. [ 1384.741830][ T9] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 1384.942698][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 1385.006007][T14794] usb 4-1: USB disconnect, device number 19 [ 1385.019300][T25414] bridge_slave_1: left allmulticast mode [ 1385.111862][T25414] bridge_slave_1: left promiscuous mode [ 1385.119305][ T9] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1385.168006][T25414] bridge0: port 2(bridge_slave_1) entered disabled state [ 1385.208736][ T9] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1385.230488][T25414] : left allmulticast mode [ 1385.245719][T25414] : left promiscuous mode [ 1385.248215][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1385.488636][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1385.527370][T25414] bridge0: port 1() entered disabled state [ 1385.629747][ T12] Bluetooth: hci3: Frame reassembly failed (-84) [ 1385.750452][T23714] Bluetooth: hci1: command tx timeout [ 1385.871639][T26271] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1386.428213][T26282] netlink: 'syz.2.5872': attribute type 11 has an invalid length. [ 1386.436888][T26282] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5872'. [ 1386.882108][T26290] netlink: 'syz.4.5873': attribute type 11 has an invalid length. [ 1386.889982][T26290] netlink: 448 bytes leftover after parsing attributes in process `syz.4.5873'. [ 1386.914416][T26257] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5868'. [ 1386.930814][T26257] netlink: 'syz.1.5868': attribute type 5 has an invalid length. [ 1386.954477][T26257] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5868'. [ 1387.652362][T19048] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1387.806884][T19048] Bluetooth: hci1: command tx timeout [ 1387.874636][T26299] Invalid ELF header magic: != ELF [ 1388.507659][T26305] netlink: 'syz.4.5875': attribute type 10 has an invalid length. [ 1388.575750][T25414] bond0 (unregistering): left promiscuous mode [ 1388.583826][T25414] bond_slave_0: left promiscuous mode [ 1388.712620][T26306] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5875'. [ 1388.723901][T25414] bond_slave_1: left promiscuous mode [ 1388.730175][T25414] mac80211_hwsim hwsim22 wlan1: left promiscuous mode [ 1388.738586][T25414] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1388.753129][T25414] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1388.792223][T25414] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 1388.807218][T25414] bond0 (unregistering): Released all slaves [ 1389.037217][T25414] bond1 (unregistering): Released all slaves [ 1389.233175][T25414] bond2 (unregistering): Released all slaves [ 1389.499328][T25414] bond3 (unregistering): Released all slaves [ 1389.646956][T25414] bond4 (unregistering): Released all slaves [ 1389.790067][T25414] bond5 (unregistering): Released all slaves [ 1389.884029][T19048] Bluetooth: hci1: command tx timeout [ 1389.937303][T25414] bond6 (unregistering): Released all slaves [ 1390.081630][T25414] bond7 (unregistering): Released all slaves [ 1390.101828][T26257] geneve2: entered promiscuous mode [ 1390.107057][T26257] geneve2: entered allmulticast mode [ 1390.191876][ T1076] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 1390.219086][T12987] usb 2-1: USB disconnect, device number 49 [ 1390.267295][ T12] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 1390.351481][ T12] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 1390.408848][ T12] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 1390.614252][T26317] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5876'. [ 1390.623724][T26317] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5876'. [ 1390.999490][T26326] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5879'. [ 1391.331909][T26326] netlink: 'syz.2.5879': attribute type 5 has an invalid length. [ 1391.448019][T26326] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5879'. [ 1391.813230][T26345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5880'. [ 1391.914790][T25414] batadv0: left promiscuous mode [ 1391.961815][T19048] Bluetooth: hci1: command tx timeout [ 1392.144432][T25414] hsr_slave_0: left promiscuous mode [ 1392.150634][T25414] hsr_slave_1: left promiscuous mode [ 1392.162478][T25414] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1392.190711][T25414] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1392.356250][T25414] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1392.401228][T12987] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1392.549663][T25414] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1392.599482][T25414] veth1_macvtap: left promiscuous mode [ 1392.695464][T26354] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5881'. [ 1393.089431][T25414] veth0_macvtap: left promiscuous mode [ 1393.106157][T25414] veth1_vlan: left promiscuous mode [ 1393.113816][T12987] usb 4-1: Using ep0 maxpacket: 8 [ 1393.117588][T25414] veth0_vlan: left promiscuous mode [ 1393.146078][T12987] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1393.155984][T12987] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1393.201655][T12987] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1393.393353][T12987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1393.459801][ T30] audit: type=1800 audit(1758359280.696:844): pid=26358 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.5882" name="bus" dev="tmpfs" ino=2706 res=0 errno=0 [ 1393.812280][T26367] netlink: 'syz.2.5883': attribute type 4 has an invalid length. [ 1393.859172][T26368] netlink: 'syz.1.5884': attribute type 11 has an invalid length. [ 1393.867251][T26368] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5884'. [ 1394.597288][T26368] Falling back ldisc for ttyprintk. [ 1394.791362][T26375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5885'. [ 1394.985742][T26376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5880'. [ 1395.004951][T26376] netlink: 'syz.3.5880': attribute type 5 has an invalid length. [ 1395.020134][T26376] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5880'. [ 1395.138728][T25414] team0 (unregistering): Port device team_slave_1 removed [ 1395.199510][T25414] team0 (unregistering): Port device team_slave_0 removed [ 1395.252328][T14794] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 1395.431936][T14794] usb 2-1: Using ep0 maxpacket: 8 [ 1395.443634][T14794] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1395.454446][T14794] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1395.468928][T14794] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1395.478857][T14794] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1395.496487][T14794] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1395.511158][T14794] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1395.524752][T14794] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1395.867933][T14794] usb 2-1: usb_control_msg returned -32 [ 1395.884797][T14794] usbtmc 2-1:16.0: can't read capabilities [ 1395.926692][T26249] chnl_net:caif_netlink_parms(): no params data found [ 1396.605719][T12987] usb 4-1: USB disconnect, device number 20 [ 1396.657273][T26249] bridge0: port 1(bridge_slave_0) entered blocking state [ 1396.746992][T26249] bridge0: port 1(bridge_slave_0) entered disabled state [ 1396.775628][T26249] bridge_slave_0: entered allmulticast mode [ 1396.793854][T26249] bridge_slave_0: entered promiscuous mode [ 1396.843353][T26400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5888'. [ 1397.170896][T26249] bridge0: port 2(bridge_slave_1) entered blocking state [ 1397.207202][T26403] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5885'. [ 1397.224150][T26249] bridge0: port 2(bridge_slave_1) entered disabled state [ 1397.244608][T26403] netlink: 'syz.1.5885': attribute type 5 has an invalid length. [ 1397.257321][T26403] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5885'. [ 1397.277247][T26249] bridge_slave_1: entered allmulticast mode [ 1397.284558][T26401] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 1397.292662][T12987] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1397.308262][T26249] bridge_slave_1: entered promiscuous mode [ 1397.426027][T26249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1397.455868][T26249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1397.465162][T12987] usb 4-1: Using ep0 maxpacket: 8 [ 1397.476674][T12987] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1397.485855][T12987] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1397.508073][T12987] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1397.564893][T12987] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1397.585764][T12987] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1397.690500][T12987] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1397.811833][T26249] team0: Port device team_slave_0 added [ 1397.821401][T12987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1397.835035][T26249] team0: Port device team_slave_1 added [ 1397.877681][T26249] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1397.885157][T26249] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1397.929122][T26249] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1397.973145][T26249] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1398.050399][T26412] netlink: 'syz.2.5889': attribute type 11 has an invalid length. [ 1398.059084][T26412] netlink: 448 bytes leftover after parsing attributes in process `syz.2.5889'. [ 1398.083244][T26249] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1398.199929][T26249] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1398.242604][T12987] usb 4-1: usb_control_msg returned -32 [ 1398.249586][T12987] usbtmc 4-1:16.0: can't read capabilities [ 1398.476635][T26249] hsr_slave_0: entered promiscuous mode [ 1398.485045][T26249] hsr_slave_1: entered promiscuous mode [ 1398.508031][T12987] usb 2-1: USB disconnect, device number 50 [ 1398.528103][T26249] debugfs: 'hsr0' already exists in 'hsr' [ 1398.562512][T26249] Cannot create hsr debugfs directory [ 1399.281906][T12987] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 1399.433254][T12987] usb 2-1: Using ep0 maxpacket: 32 [ 1399.497879][T12987] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 1399.510167][T12987] usb 2-1: config 0 has no interface number 0 [ 1399.539429][T12987] usb 2-1: config 0 interface 184 has no altsetting 0 [ 1399.565932][T12987] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1399.615797][T12987] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1399.640512][T12987] usb 2-1: Product: syz [ 1399.655720][T12987] usb 2-1: Manufacturer: syz [ 1399.663858][T26436] netlink: 'syz.2.5891': attribute type 10 has an invalid length. [ 1399.676288][T12987] usb 2-1: SerialNumber: syz [ 1399.709424][T12987] usb 2-1: config 0 descriptor?? [ 1399.735437][T12987] smsc75xx v1.0.0 [ 1399.739113][T12987] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1399.761191][T12987] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22 [ 1399.791702][T26437] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5891'. [ 1399.823976][T26436] batman_adv: batadv0: Adding interface: team0 [ 1399.834254][T26436] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1399.863690][T26436] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 1400.127890][T26442] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5892'. [ 1400.136972][T26442] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5892'. [ 1400.207508][T14794] usb 4-1: USB disconnect, device number 21 [ 1400.580549][T26453] Invalid ELF header magic: != ELF [ 1401.353769][T26249] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1401.475042][T26249] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1401.491268][T26249] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1401.514012][T26249] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1401.648806][T26423] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1401.658786][T26423] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1402.226341][T26423] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1402.251994][T26423] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 1402.490024][T12987] usb 2-1: USB disconnect, device number 51 [ 1402.564924][T26249] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1402.619556][T26249] 8021q: adding VLAN 0 to HW filter on device team0 [ 1402.642416][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1402.649536][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1402.671276][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 1402.678460][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1402.845947][T26490] netlink: 'syz.1.5897': attribute type 11 has an invalid length. [ 1403.296286][T26490] netlink: 448 bytes leftover after parsing attributes in process `syz.1.5897'. [ 1403.326490][T26495] mkiss: ax0: crc mode is auto. [ 1404.198728][T26249] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1404.377315][T26249] veth0_vlan: entered promiscuous mode [ 1404.434730][T26249] veth1_vlan: entered promiscuous mode [ 1404.498148][T26249] veth0_macvtap: entered promiscuous mode [ 1404.542671][T26249] veth1_macvtap: entered promiscuous mode [ 1404.604688][T26525] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5900'. [ 1404.666700][T26249] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1404.818169][T26526] netlink: 'syz.3.5899': attribute type 11 has an invalid length. [ 1404.826328][T26526] netlink: 448 bytes leftover after parsing attributes in process `syz.3.5899'. [ 1404.877693][T26249] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1405.005101][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1405.213989][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1405.485890][T26526] mkiss: ax0: crc mode is auto. [ 1405.491227][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1405.505845][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1406.032748][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1406.251990][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1406.568446][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1406.584360][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1408.102046][T14794] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1408.321889][T14794] usb 4-1: Using ep0 maxpacket: 32 [ 1408.394514][T26577] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5905'. [ 1408.718208][T14794] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1408.738611][T14794] usb 4-1: config 0 has no interface number 0 [ 1408.752382][T14794] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1408.799793][T14794] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1409.035364][T14794] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1409.043447][T14794] usb 4-1: Product: syz [ 1409.047666][T14794] usb 4-1: Manufacturer: syz [ 1409.053158][T14794] usb 4-1: SerialNumber: syz [ 1409.148444][T14794] usb 4-1: config 0 descriptor?? [ 1409.244602][T14794] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1409.649250][T14794] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1409.907606][T26593] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5908'. [ 1410.411798][T26588] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 1410.446811][T26586] netlink: 'syz.0.5907': attribute type 11 has an invalid length. [ 1410.613983][T26586] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5907'. [ 1410.644281][T26588] usb 2-1: Using ep0 maxpacket: 8 [ 1410.708526][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1410.750141][T26588] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1410.798772][T26588] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1410.817724][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1410.862105][T26588] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1410.920899][T26588] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1410.975160][T26588] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1411.055235][T26586] mkiss: ax0: crc mode is auto. [ 1411.080448][T26588] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1411.108831][T26588] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1411.142714][T23714] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1411.243331][T23714] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1411.426492][T23714] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1411.446272][T23714] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1411.453922][T23714] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1411.670554][T26588] usb 2-1: usb_control_msg returned -32 [ 1411.751264][T26588] usbtmc 2-1:16.0: can't read capabilities [ 1411.877198][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1411.908820][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1412.160946][T14794] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1412.180292][T14794] usb 4-1: USB disconnect, device number 22 [ 1412.306974][T26618] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1412.335951][ T54] Bluetooth: hci3: Frame reassembly failed (-84) [ 1412.504394][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1412.527197][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1412.597615][T26602] lo speed is unknown, defaulting to 1000 [ 1412.622383][T26591] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 1413.034456][T26633] netlink: 'syz.0.5911': attribute type 4 has an invalid length. [ 1413.413554][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1413.467027][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1413.562116][T19048] Bluetooth: hci0: command tx timeout [ 1413.958899][T26602] chnl_net:caif_netlink_parms(): no params data found [ 1414.010584][ T12] bridge_slave_1: left allmulticast mode [ 1414.026373][ T12] bridge_slave_1: left promiscuous mode [ 1414.190095][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1414.295565][T25760] usb 2-1: USB disconnect, device number 52 [ 1414.362081][T23714] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1414.362456][T19048] Bluetooth: hci3: command 0x1003 tx timeout [ 1414.442889][ T12] : left allmulticast mode [ 1414.447399][ T12] : left promiscuous mode [ 1414.452241][ T12] bridge0: port 1() entered disabled state [ 1414.750143][T26657] netlink: 'syz.1.5914': attribute type 4 has an invalid length. [ 1415.647484][T23714] Bluetooth: hci0: command tx timeout [ 1415.907529][T26669] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5916'. [ 1416.230798][T26669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5916'. [ 1416.239826][T26669] netlink: 'syz.4.5916': attribute type 5 has an invalid length. [ 1416.247607][T26669] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5916'. [ 1416.820354][ T12] bond0 (unregistering): left promiscuous mode [ 1416.826687][ T12] bond_slave_0: left promiscuous mode [ 1416.923326][ T12] bond_slave_1: left promiscuous mode [ 1416.928788][ T12] mac80211_hwsim hwsim20 wlan1: left promiscuous mode [ 1416.960823][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1416.985458][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1417.018717][ T12] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 1417.028258][ T12] bond0 (unregistering): Released all slaves [ 1417.103619][T26684] netlink: 'syz.0.5917': attribute type 11 has an invalid length. [ 1417.111628][T26684] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5917'. [ 1417.292167][ T12] bond1 (unregistering): Released all slaves [ 1417.454730][ T12] bond2 (unregistering): Released all slaves [ 1417.586110][T26689] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1417.641543][ T54] Bluetooth: hci3: Frame reassembly failed (-84) [ 1417.736266][T19048] Bluetooth: hci0: command tx timeout [ 1418.001407][T26684] Falling back ldisc for ttyprintk. [ 1418.064818][ T12] bond3 (unregistering): Released all slaves [ 1418.268215][ T12] bond4 (unregistering): Released all slaves [ 1418.452861][T26694] netlink: 'syz.0.5919': attribute type 11 has an invalid length. [ 1418.461068][T26694] netlink: 448 bytes leftover after parsing attributes in process `syz.0.5919'. [ 1418.550223][ T12] bond5 (unregistering): Released all slaves [ 1418.724119][T26694] mkiss: ax0: crc mode is auto. [ 1419.356371][T26602] bridge0: port 1(bridge_slave_0) entered blocking state [ 1419.371056][T26602] bridge0: port 1(bridge_slave_0) entered disabled state [ 1419.380336][T26602] bridge_slave_0: entered allmulticast mode [ 1419.396143][T26602] bridge_slave_0: entered promiscuous mode [ 1419.429751][ T12] ------------[ cut here ]------------ [ 1419.435636][ T12] wlan1: Failed check-sdata-in-driver check, flags: 0x0 [ 1419.443864][ T12] WARNING: CPU: 0 PID: 12 at net/mac80211/driver-ops.c:366 drv_unassign_vif_chanctx+0x247/0x850 [ 1419.454504][ T12] Modules linked in: [ 1419.458644][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) [ 1419.468282][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1419.478370][ T12] Workqueue: netns cleanup_net [ 1419.483235][ T12] RIP: 0010:drv_unassign_vif_chanctx+0x247/0x850 [ 1419.489575][ T12] Code: 74 24 10 48 81 c6 20 01 00 00 48 89 74 24 10 e8 8f ca b9 f6 8b 54 24 04 48 8b 74 24 10 48 c7 c7 c0 aa 08 8d e8 ea 6e 78 f6 90 <0f> 0b 90 90 e8 70 ca b9 f6 4c 89 f2 48 b8 00 00 00 00 00 fc ff df [ 1419.509672][ T12] RSP: 0018:ffffc900001175f0 EFLAGS: 00010286 [ 1419.516424][ T12] RAX: 0000000000000000 RBX: ffff88804c640d80 RCX: ffffffff817a4388 [ 1419.524511][ T12] RDX: ffff88801e294880 RSI: ffffffff817a4395 RDI: 0000000000000001 [ 1419.532566][ T12] RBP: ffff888053f08e40 R08: 0000000000000001 R09: 0000000000000000 [ 1419.540534][ T12] R10: 0000000000000001 R11: fffffffffffef310 R12: ffff88804c642a28 [ 1419.548548][ T12] R13: 0000000000000000 R14: ffff88804c641728 R15: ffff88804c6429d0 [ 1419.556598][ T12] FS: 0000000000000000(0000) GS:ffff8881246b2000(0000) knlGS:0000000000000000 [ 1419.565587][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1419.572214][ T12] CR2: 0000001b34ae4ff8 CR3: 0000000054253000 CR4: 00000000003526f0 [ 1419.580222][ T12] Call Trace: [ 1419.583649][ T12] [ 1419.586585][ T12] ieee80211_assign_link_chanctx+0x3f1/0xf00 [ 1419.593470][ T12] __ieee80211_link_release_channel+0x273/0x4b0 [ 1419.599732][ T12] ieee80211_link_release_channel+0x128/0x200 [ 1419.605894][ T12] ? __pfx_ieee80211_uninit+0x10/0x10 [ 1419.611688][ T12] unregister_netdevice_many_notify+0x141c/0x24c0 [ 1419.618509][ T12] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1419.625367][ T12] ? wake_up_q+0xae/0x130 [ 1419.629714][ T12] ? __pfx_rwsem_wake.isra.0+0x10/0x10 [ 1419.635231][ T12] ? find_held_lock+0x2b/0x80 [ 1419.639924][ T12] unregister_netdevice_queue+0x305/0x3f0 [ 1419.645793][ T12] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1419.652102][ T12] _cfg80211_unregister_wdev+0x64b/0x830 [ 1419.657743][ T12] ieee80211_remove_interfaces+0x34e/0x740 [ 1419.663609][ T12] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 1419.669939][ T12] ieee80211_unregister_hw+0x55/0x3a0 [ 1419.675327][ T12] hwsim_exit_net+0x3ac/0x7d0 [ 1419.680008][ T12] ? __pfx_hwsim_exit_net+0x10/0x10 [ 1419.685241][ T12] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 1419.690595][ T12] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 1419.696324][ T12] ? __pfx_hwsim_exit_net+0x10/0x10 [ 1419.701504][ T12] ops_undo_list+0x2eb/0xab0 [ 1419.706183][ T12] ? __pfx_ops_undo_list+0x10/0x10 [ 1419.711490][ T12] ? cleanup_net+0x334/0x890 [ 1419.712183][T23714] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1419.716346][ T12] ? idr_destroy+0x62/0x2e0 [ 1419.727878][ T12] cleanup_net+0x408/0x890 [ 1419.732691][ T12] ? __pfx_cleanup_net+0x10/0x10 [ 1419.737645][ T12] ? rcu_is_watching+0x12/0xc0 [ 1419.742526][ T12] process_one_work+0x9cc/0x1b70 [ 1419.747482][ T12] ? __pfx_process_one_work+0x10/0x10 [ 1419.752909][ T12] ? assign_work+0x1a0/0x250 [ 1419.757495][ T12] worker_thread+0x6c8/0xf10 [ 1419.762122][ T12] ? __pfx_worker_thread+0x10/0x10 [ 1419.767220][ T12] kthread+0x3c2/0x780 [ 1419.771265][ T12] ? __pfx_kthread+0x10/0x10 [ 1419.775875][ T12] ? rcu_is_watching+0x12/0xc0 [ 1419.780621][ T12] ? __pfx_kthread+0x10/0x10 [ 1419.785207][ T12] ret_from_fork+0x56a/0x730 [ 1419.789778][ T12] ? __pfx_kthread+0x10/0x10 [ 1419.794361][ T12] ret_from_fork_asm+0x1a/0x30 [ 1419.799115][ T12] [ 1419.802290][ T12] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1419.809551][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) [ 1419.818809][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1419.828846][ T12] Workqueue: netns cleanup_net [ 1419.833598][ T12] Call Trace: [ 1419.836855][ T12] [ 1419.839764][ T12] dump_stack_lvl+0x3d/0x1f0 [ 1419.844337][ T12] vpanic+0x6e8/0x7a0 [ 1419.848319][ T12] ? __pfx_vpanic+0x10/0x10 [ 1419.852821][ T12] ? drv_unassign_vif_chanctx+0x247/0x850 [ 1419.858521][ T12] panic+0xca/0xd0 [ 1419.862216][ T12] ? __pfx_panic+0x10/0x10 [ 1419.866620][ T12] ? check_panic_on_warn+0x1f/0xb0 [ 1419.871737][ T12] check_panic_on_warn+0xab/0xb0 [ 1419.876663][ T12] __warn+0xf6/0x3c0 [ 1419.880529][ T12] ? preempt_schedule_notrace+0x62/0xe0 [ 1419.886052][ T12] ? drv_unassign_vif_chanctx+0x247/0x850 [ 1419.891756][ T12] report_bug+0x3c3/0x580 [ 1419.896062][ T12] ? drv_unassign_vif_chanctx+0x247/0x850 [ 1419.901761][ T12] handle_bug+0x184/0x210 [ 1419.906070][ T12] exc_invalid_op+0x17/0x50 [ 1419.910552][ T12] asm_exc_invalid_op+0x1a/0x20 [ 1419.915377][ T12] RIP: 0010:drv_unassign_vif_chanctx+0x247/0x850 [ 1419.921689][ T12] Code: 74 24 10 48 81 c6 20 01 00 00 48 89 74 24 10 e8 8f ca b9 f6 8b 54 24 04 48 8b 74 24 10 48 c7 c7 c0 aa 08 8d e8 ea 6e 78 f6 90 <0f> 0b 90 90 e8 70 ca b9 f6 4c 89 f2 48 b8 00 00 00 00 00 fc ff df [ 1419.941282][ T12] RSP: 0018:ffffc900001175f0 EFLAGS: 00010286 [ 1419.947322][ T12] RAX: 0000000000000000 RBX: ffff88804c640d80 RCX: ffffffff817a4388 [ 1419.955266][ T12] RDX: ffff88801e294880 RSI: ffffffff817a4395 RDI: 0000000000000001 [ 1419.963211][ T12] RBP: ffff888053f08e40 R08: 0000000000000001 R09: 0000000000000000 [ 1419.971161][ T12] R10: 0000000000000001 R11: fffffffffffef310 R12: ffff88804c642a28 [ 1419.979107][ T12] R13: 0000000000000000 R14: ffff88804c641728 R15: ffff88804c6429d0 [ 1419.987059][ T12] ? __warn_printk+0x198/0x350 [ 1419.991808][ T12] ? __warn_printk+0x1a5/0x350 [ 1419.996558][ T12] ieee80211_assign_link_chanctx+0x3f1/0xf00 [ 1420.002524][ T12] __ieee80211_link_release_channel+0x273/0x4b0 [ 1420.008786][ T12] ieee80211_link_release_channel+0x128/0x200 [ 1420.014831][ T12] ? __pfx_ieee80211_uninit+0x10/0x10 [ 1420.020187][ T12] unregister_netdevice_many_notify+0x141c/0x24c0 [ 1420.026590][ T12] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1420.033331][ T12] ? wake_up_q+0xae/0x130 [ 1420.037653][ T12] ? __pfx_rwsem_wake.isra.0+0x10/0x10 [ 1420.043084][ T12] ? find_held_lock+0x2b/0x80 [ 1420.047738][ T12] unregister_netdevice_queue+0x305/0x3f0 [ 1420.053435][ T12] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1420.059658][ T12] _cfg80211_unregister_wdev+0x64b/0x830 [ 1420.065274][ T12] ieee80211_remove_interfaces+0x34e/0x740 [ 1420.071057][ T12] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 1420.077365][ T12] ieee80211_unregister_hw+0x55/0x3a0 [ 1420.082714][ T12] hwsim_exit_net+0x3ac/0x7d0 [ 1420.087370][ T12] ? __pfx_hwsim_exit_net+0x10/0x10 [ 1420.092547][ T12] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 1420.097896][ T12] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 1420.103592][ T12] ? __pfx_hwsim_exit_net+0x10/0x10 [ 1420.108768][ T12] ops_undo_list+0x2eb/0xab0 [ 1420.113338][ T12] ? __pfx_ops_undo_list+0x10/0x10 [ 1420.118425][ T12] ? cleanup_net+0x334/0x890 [ 1420.122992][ T12] ? idr_destroy+0x62/0x2e0 [ 1420.127473][ T12] cleanup_net+0x408/0x890 [ 1420.131875][ T12] ? __pfx_cleanup_net+0x10/0x10 [ 1420.136790][ T12] ? rcu_is_watching+0x12/0xc0 [ 1420.141532][ T12] process_one_work+0x9cc/0x1b70 [ 1420.146451][ T12] ? __pfx_process_one_work+0x10/0x10 [ 1420.151801][ T12] ? assign_work+0x1a0/0x250 [ 1420.156368][ T12] worker_thread+0x6c8/0xf10 [ 1420.160940][ T12] ? __pfx_worker_thread+0x10/0x10 [ 1420.166025][ T12] kthread+0x3c2/0x780 [ 1420.170069][ T12] ? __pfx_kthread+0x10/0x10 [ 1420.174634][ T12] ? rcu_is_watching+0x12/0xc0 [ 1420.179376][ T12] ? __pfx_kthread+0x10/0x10 [ 1420.183938][ T12] ret_from_fork+0x56a/0x730 [ 1420.188516][ T12] ? __pfx_kthread+0x10/0x10 [ 1420.193081][ T12] ret_from_fork_asm+0x1a/0x30 [ 1420.197829][ T12] [ 1420.201038][ T12] Kernel Offset: disabled [ 1420.205345][ T12] Rebooting in 86400 seconds..