last executing test programs: 10.891496761s ago: executing program 0 (id=714): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{0x0}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001300)=@newtfilter={0x78, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {}, {0xd}}, [@filter_kind_options=@f_fw={{0x7}, {0x4c, 0x2, [@TCA_FW_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x20000000, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}}}]}, @TCA_FW_MASK={0x8}]}}]}, 0x78}}, 0x0) 10.729739344s ago: executing program 0 (id=718): socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$setsig(0xffffffffffffffff, 0xa, 0xf) ioprio_get$uid(0x0, 0xffffffffffffffff) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x7, 0x4a9, &(0x7f0000000b40)="$eJzs3E9sFFUYAPBvtru0gEhFREHUIhobjS0UFA5eMJp40MSIBz02bSFIoYbWRAjRkhg8GhLvxqNXD17Vm/Fk4hUPHkwMCTFcAE9jZnem3e6flrbbLri/X7L0vZk3+963b97s23m7BNCzhrJ/koiHIuJ6ROysZZcWGKr9uXPr8sTdW5cnYj5NT/6TVMvdzvK54rjteWa4FFH6Iml4wprZi5fOjk9PT13I86Nz5z4enb146eUz58ZPT52eOj92/PjRI4ePvTr2yuqDalFfFtftfZ/N7N/71ofX3pkoF9sH8r/1cXTKUAy1akrV852urMt21KWTchcbwqpk53/WXZXq+N8ZfaHzoFekaZr2t989nza60rQFeGAl0e0WAN1RvNFnn3+LxyZNPe4LN0/UPgBlcd/JH7U95SjlZSoNn287aSgiPpj/95vsEcvdh/hzgxoAAPScn04UM8HG+V8p9tSVezhfQxmMiEciYldEPBoRuyPisYhq2ccj4onGCpKIdJn6dzfkm+c/pRvriW8l2fzvtXxta+n8r5j9xWBfntsRUUyYpw7lr8lwVPpPnZmeOrxMHT+/8ftX7fbVz/+yR1Z/MRfM23Gj3HCDbnJ8bnzNATe4eSViX7kx/qScdVyxEpBExN6I2LeK5x2sS5958bv9C5nK0nIrx1+VtlxH68BSRfptxAu1/p+PJf2/WGOy/Prk6EBMTx0azc6CQy3r+PW3q++2q3/F+H/4q/GQN4/9eHK9YS/I+n9b3fkfxfrtYvyDSUSysF47u/o6rv7xZfV5hw4271vr+b8leb+a3pJv+3R8bu7C4YgtydvN28cWjy3yRfks/uGDrcf/rvyY7JV4MiKyk/ipiHg6Ip7J234gIp6NiBahLfjl9ec+arfvHs//DZPFP9ny+rek/xfX69eQ6Dt74PrdNhePe+v/o9XUcL6l9fUvWXKJuNcGduAlBAAAgPteKarf/S+NLKRLpZGR2j2g3bGtND0zO/fSqZlPzk/WfiMwGJVScaerdj+4khT3Pwfr8mMN+SP5feOv+7ZW8yMTM9OT3Q4eetz26phPmsZ/5u++brcO2HB+8gO9a6Xxv+faJjUE2HTe/6F31Y3/+TZF5n1TBv6fvP9D72o1/j9fwzHAgyU1lqGnGf/Qu8rx3kK61NWWAJvN+z/0pPX8rn/lRNrfetdANBeOgY1pxtYWdXUlkc2sulL71rUcVfxvCm3LRGl1T9gfzbv6otMhVyJixcKn93T85E/z78p3uge/35Rx2irRlcsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAx/0XAAD//8p53a4=") sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='cgroup.controllers\x00', 0x275a, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sigaltstack(0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000240)=ANY=[]) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r1) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r1, &(0x7f0000000280)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYRESDEC=0x0, @ANYRES16=r2, @ANYBLOB="020027bd7000fcdbdf250e0000006c0002800400010064000400dd8bbb556927f2ea562cc50f6e97864c456bcf5e896277110206ea308442655c6358387b2edc2d4a5027c6ea5b621d80d91ad93dcaa63a09519e3e978c31b51724fcbfc74287c9fd5f8af88f962e1b0e4549c32f974f293f301d7f80434991d2"], 0x80}, 0x1, 0x0, 0x0, 0x20000004}, 0x40810) open(0x0, 0x0, 0x0) ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000040)) fanotify_mark(0xffffffffffffffff, 0x4, 0x0, 0xffffffffffffffff, 0x0) socket$unix(0x1, 0x1, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netfilter\x00') syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002800)={0x2020}, 0x2020) 6.296877286s ago: executing program 0 (id=744): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002078020000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) 6.173699766s ago: executing program 1 (id=747): memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x1d, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000007000000000100000200000400000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000186a00000800000000000000c6040000186100000400000000000000070000002d5500000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0xa, 0x8f, &(0x7f0000000180)=""/143}, 0x90) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) syz_emit_ethernet(0x7e, &(0x7f00000000c0)={@link_local, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "02000b", 0x48, 0x2f, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x6558, 0x4, 0x0, [], "97de0000"}}}}}}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000001c0)={0x5c, 0xa, 0x0, "b75c89e7a20c8eac82ad0416bb1844038d2cd97c945462f31638b5394c00"}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x268080) socket$nl_route(0x10, 0x3, 0x0) 6.167329716s ago: executing program 0 (id=748): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x2e, &(0x7f0000000000)=r1, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r2}, 0x10) recvmsg(r1, &(0x7f0000000f40)={0x0, 0x0, 0x0}, 0x10002) sendmsg$unix(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000013c0)=ANY=[@ANYBLOB="b702000026000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe000000008500000018000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bd84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed8d72af0fcd540a9d4e293690c5e697b3a1480e46df5071bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) 5.004951641s ago: executing program 0 (id=750): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) listen(0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r6, r5, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) 4.677709478s ago: executing program 1 (id=754): socket$packet(0x11, 0xa, 0x300) r0 = socket$inet6(0xa, 0x2, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={0x3c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x1f, 0x33, @probe_request={{{}, {}, @broadcast}, @val={0x0, 0x1, @random='\''}, @void, @void, @void, @void}}]}, 0x3c}}, 0x0) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000351000/0x2000)=nil) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000580)=0x0) ptrace$setopts(0x4200, r4, 0x5, 0x0) r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180d], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0) unshare(0x0) r6 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_ADD_COUNTERS(r6, 0x0, 0x41, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c744d7200000000000000000000000000000000000000000000000000000200"/72], 0x48) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x1, 0x6) setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) syz_emit_ethernet(0xd2, &(0x7f0000000900)=ANY=[@ANYBLOB="ffffffffbfff00000000000086dd600489f1009c1100fc010000000000000025030000000000ff02000000000000000000000000000100000e22"], 0x0) 4.362458184s ago: executing program 2 (id=756): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000340)={0x0, 0xfffffffc}, 0x10) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @local, 0x5}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x95}, 0x9c) 3.993637674s ago: executing program 1 (id=757): socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$setsig(0xffffffffffffffff, 0xa, 0xf) ioprio_get$uid(0x0, 0xffffffffffffffff) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x7, 0x4a9, &(0x7f0000000b40)="$eJzs3E9sFFUYAPBvtru0gEhFREHUIhobjS0UFA5eMJp40MSIBz02bSFIoYbWRAjRkhg8GhLvxqNXD17Vm/Fk4hUPHkwMCTFcAE9jZnem3e6flrbbLri/X7L0vZk3+963b97s23m7BNCzhrJ/koiHIuJ6ROysZZcWGKr9uXPr8sTdW5cnYj5NT/6TVMvdzvK54rjteWa4FFH6Iml4wprZi5fOjk9PT13I86Nz5z4enb146eUz58ZPT52eOj92/PjRI4ePvTr2yuqDalFfFtftfZ/N7N/71ofX3pkoF9sH8r/1cXTKUAy1akrV852urMt21KWTchcbwqpk53/WXZXq+N8ZfaHzoFekaZr2t989nza60rQFeGAl0e0WAN1RvNFnn3+LxyZNPe4LN0/UPgBlcd/JH7U95SjlZSoNn287aSgiPpj/95vsEcvdh/hzgxoAAPScn04UM8HG+V8p9tSVezhfQxmMiEciYldEPBoRuyPisYhq2ccj4onGCpKIdJn6dzfkm+c/pRvriW8l2fzvtXxta+n8r5j9xWBfntsRUUyYpw7lr8lwVPpPnZmeOrxMHT+/8ftX7fbVz/+yR1Z/MRfM23Gj3HCDbnJ8bnzNATe4eSViX7kx/qScdVyxEpBExN6I2LeK5x2sS5958bv9C5nK0nIrx1+VtlxH68BSRfptxAu1/p+PJf2/WGOy/Prk6EBMTx0azc6CQy3r+PW3q++2q3/F+H/4q/GQN4/9eHK9YS/I+n9b3fkfxfrtYvyDSUSysF47u/o6rv7xZfV5hw4271vr+b8leb+a3pJv+3R8bu7C4YgtydvN28cWjy3yRfks/uGDrcf/rvyY7JV4MiKyk/ipiHg6Ip7J234gIp6NiBahLfjl9ec+arfvHs//DZPFP9ny+rek/xfX69eQ6Dt74PrdNhePe+v/o9XUcL6l9fUvWXKJuNcGduAlBAAAgPteKarf/S+NLKRLpZGR2j2g3bGtND0zO/fSqZlPzk/WfiMwGJVScaerdj+4khT3Pwfr8mMN+SP5feOv+7ZW8yMTM9OT3Q4eetz26phPmsZ/5u++brcO2HB+8gO9a6Xxv+faJjUE2HTe/6F31Y3/+TZF5n1TBv6fvP9D72o1/j9fwzHAgyU1lqGnGf/Qu8rx3kK61NWWAJvN+z/0pPX8rn/lRNrfetdANBeOgY1pxtYWdXUlkc2sulL71rUcVfxvCm3LRGl1T9gfzbv6otMhVyJixcKn93T85E/z78p3uge/35Rx2irRlcsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAx/0XAAD//8p53a4=") sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='cgroup.controllers\x00', 0x275a, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sigaltstack(0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000240)=ANY=[]) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r1) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r1, &(0x7f0000000280)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYRESDEC=0x0, @ANYRES16=r2, @ANYBLOB="020027bd7000fcdbdf250e0000006c0002800400010064000400dd8bbb556927f2ea562cc50f6e97864c456bcf5e896277110206ea308442655c6358387b2edc2d4a5027c6ea5b621d80d91ad93dcaa63a09519e3e978c31b51724fcbfc74287c9fd5f8af88f962e1b0e4549c32f974f293f301d7f80434991d2"], 0x80}, 0x1, 0x0, 0x0, 0x20000004}, 0x40810) open(0x0, 0x0, 0x0) ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000040)) fanotify_mark(0xffffffffffffffff, 0x4, 0x0, 0xffffffffffffffff, 0x0) socket$unix(0x1, 0x1, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netfilter\x00') syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002800)={0x2020}, 0x2020) 3.891074572s ago: executing program 0 (id=758): socket$inet_tcp(0x2, 0x1, 0x0) r0 = open(0x0, 0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x4800003e, 0xffffffffffffffff, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001040)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) fcntl$setstatus(r3, 0x4, 0x42800) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) r5 = dup(r4) syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x210008, &(0x7f0000000f40)=ANY=[@ANYBLOB="2e3be3c7bd6006a201000000000000009a57e7d9b931b58a2cbd20b9146d70cb7d61546f927351f021bda30ff896bf12e1", @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") rmdir(0x0) write$UHID_INPUT(r5, &(0x7f0000001980)={0xf, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3267078b089b34083b681a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b313b0d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e924afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) 3.866636395s ago: executing program 2 (id=759): sched_setscheduler(0x0, 0x0, 0x0) ptrace$ARCH_GET_CPUID(0x1e, 0x0, 0x0, 0x1011) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdirat(0xffffffffffffff9c, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e08007b0c"], 0xb) 3.805559539s ago: executing program 3 (id=760): sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x8080) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e21, 0x1, @empty}, 0x1c) bpf$ENABLE_STATS(0x20, &(0x7f00000000c0), 0x4) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0) syz_open_dev$loop(&(0x7f0000000080), 0x3, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 3.741879235s ago: executing program 2 (id=761): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r2) close(r3) 3.572859878s ago: executing program 2 (id=762): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x24, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER_INTVL={0xc}, @IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x88}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0x2e9}]}}}]}, 0x54}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x700, 0x700, 0x7f, 0x3, {{0xe, 0x4, 0x3, 0x8, 0x38, 0x64, 0x0, 0x4e, 0x4, 0x0, @broadcast, @local, {[@cipso={0x86, 0x22, 0x7ffffffffffffffc, [{0x0, 0x2}, {0x0, 0x9, "66ecfc185c898f"}, {0x0, 0x11, "e1c064acb807f419be229aefc9fae4"}]}]}}}}}) getpeername$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000400)=0x14) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000540)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x88, r2, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x80}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x54, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0xf}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3f}]}, 0x88}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000001500), 0xffffffffffffffff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)={0xf4, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0xd8, 0x33, @probe_request={{{}, {}, @broadcast, @broadcast, @from_mac=@broadcast}, @val, @void, @val={0x3, 0x1}, @void, @val={0x72, 0x6}, [{0xdd, 0x1f, "b32cae2bf99dc87a60d47aec103bbffea56b0df2c0c137be24a969ceaf0621"}, {0xdd, 0x24, "2afc2fa14426f7c63874fb2e5806a90ccc719b9f850e62038c66a1a8c3d81caeb65ef8b3"}, {0xdd, 0x51, "64163408efc3435e758edfddedd9694377bf56b47882d63e39a6d8cd7d26f7f61482d14855e31c66d11419b2c30201072acdea7978a6a2c611b5877e373d90e906f86359e464912bd24aad692ac615d41d"}, {0xdd, 0x13, "04b4e50d038cded66bf0aa262c654132de9589"}]}}]}, 0xf4}}, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_ext={0x1c, 0x8, &(0x7f0000000280)=@raw=[@printk], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2}, 0x10, 0x874d, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000600)=[{0x0, 0x2, 0x0, 0x5}], 0x10, 0x8001}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x1b, &(0x7f0000000340)=@raw=[@jmp, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x38}}, @ringbuf_query, @jmp, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ringbuf_query, @btf_id], &(0x7f0000000440)='GPL\x00', 0x401, 0x93, &(0x7f0000000480)=""/147, 0x41000, 0x0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000780), 0x0, 0x10, 0x7}, 0x90) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r7}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r7}, 0x38) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv4_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x20}, [@FRA_DST={0x8, 0x1, @local}, @FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x2f}]}, 0x2c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x2c, r10, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r11}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}]}, 0x2c}}, 0x8000) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x24, r13, 0x1, 0x0, 0x4000000, {{}, {@void, @val={0xc, 0x99, {0x8, 0x7}}}}, [@NL80211_ATTR_TX_RATES={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40040}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) 3.513612103s ago: executing program 3 (id=763): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0x1}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = fsmount(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r4, &(0x7f0000005240), 0x4000095, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0x80085504, &(0x7f0000000000)=@usbdevfs_connect) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=r0, 0x16, 0x0, 0x0, &(0x7f0000000380)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) 2.413048823s ago: executing program 3 (id=764): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x34000}, 0x24}}, 0x0) 2.250001106s ago: executing program 4 (id=765): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x6, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000019640)={0x0, 0x14}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240)) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}}, 0x1e) connect$pppoe(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, {0x4, @local, 'team_slave_1\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}}) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000004c0)={0x60, 0x0, &(0x7f0000165000/0x4000)=nil, &(0x7f00004fa000/0x4000)=nil, 0x0, 0x0}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x1c) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x64}}, 0x20000001) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000000)={0x2, 0x100, 0x3, {0x0, 0x0, 0x1000, 0x8000002}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r3, 0x0, 0x0) 2.212053199s ago: executing program 3 (id=766): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0xa, 0xa, 0x0, 0x0, 0x0, {0x2}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x16}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x28}}, 0x0) 2.211238399s ago: executing program 2 (id=767): syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2000c12, &(0x7f00000001c0)=ANY=[], 0x12, 0x9ef, &(0x7f0000000e40)="$eJzs3ctvXNd9B/Dv5UOiaUOSbdV1BdsayZVM2yxFUrVUwYtWIkcSXT4KkgIsdGG5FlUIYuvWbgHbKFAZKLqKkQAJskh2RlZZGfAm3gTeJbtklUWAwP+CkZWyYnDvDKkhOeSQMh+y/PkQM3Mfv3vO7859HM7MnTlhf914YrO5d9dNWTq8amxpqbo94Pi1n3+T1Pn2uzT+1aeffVLePr6bA+nOa8Uvkr4ktaQnybNJ79j47MxUh4LuJDeSfJkUSQ6m8bglN1J8Py2HwZcpflrWu6EDWy2ZTpb4Ttvv/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5Gxdj48PBIcSAT09ferDUktXXGxmdniiwtrZ+zvEzDF1Wv38UXHetNivKWvr7lrr6fPXp/9jNJaifzXGPsuapD8vTlo8efOfL60z1dy8tvlM03cnDrxb7/4Ud33l5cXHhvVxJ5+F2pT0/MzUxMXbxSr03MzdQunDs3fObq5bna5YnJ+tz1ufn6VG1stn5xfma2NjD2cm3kwoWztfrQ9Zlr01fGhybryxPP/83o8PC52htD/1S/ODs3M33mjaG5sasTk5MT01eqmHJ2GXO+3BH/cWK+Nl+/OFWr3bq9uHB2TU7dWbP/lkEjndakDBrtFDQ6PDo6MjI6OvJxs/fslQnnXrvw2vnh4Z7hNbIuYpd2Wh4uj228mXf+JA4PqKvR/ieTmch0ruXN1Nr+jWU8s5nJ1Abzm5bb/1Nn6pvW29r+N1v5npbZx8q7k3mhOdq3Qfu/QS579/d+PsxHuZO3s5jFLOS9fc9ob/+upJ7pTGQuM5nIVC5WU2rNKbVcyLmcy3DeytUcz1xquZyJTKaeuVzPXOZTr/aoscymnouZz0xmU8tAxvJyahnJhVzI2dRSz1CuZybXMp0rGc/FqpRbuV0972c3yXElaGQrQaObBK1rzLfd/tfX/nPCd87On8ThAS012/8DnUMHxvYiIQAAAGDH/dWvc+joU7/6Q1Lk+ep9+csTk/Xh/U4LAAAA2EHV5XrPlQ+95dDzKbz+BwAAgEdNUX3HrkjSn+ONoeVvQnkTAAAAAB4R1ef/L6Q4fn+C1/8AAADwiOn8G/sdI4rB5Z//rd1sPN5sRjTGiv7LE5P1obGZyddHcrr6lYHqmwbrSutOit7q6wev5EQj6kR/47H/follnX1l1MjQ6yN5JSebKzLwYvnw4kCbyNFG5EuNyJdaI7uzKvJsGQkAj7qTm7THW23/X8lgI2LwWNXk9xxr0wYPa1kB4GGx0sfOn5pdmrVp/5sRL2zU/v/tJq//y4incut445KCobyTd7OYmxlM84qD4+1KXe6NoHEZwmCHdwP6m5cs/PZ8VwbXvR/Qt7KurbELGc1g23cEWsotlnM424jr3p1tAAB77eSm7fDW2v/BDq//+11SCAAPlZUe7HdxYL/XEQBYTSsNAAAAAAAAAAAAAAAAAAAAAAAAAAAAO29LP+D/m9PJ4uJCsgedBawM9G0nw80HurJHOe/7QHeS/ar977Ptpcpt/LA8dQZWD+zziQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA9USTd7aZ3JQeTDCc5s/dZ7Z67+53ATqk92GLFvdzLBzm00+kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzXNX//vyuNx8cbk9LTlZxKciPJP+93jjvp3n4nsG/+rbpv+f3/rqQ3S0V6Gps9Re/Y+OzMVLn5i4Pl/K8+/eyT8ta57PW9KpQFlDWs6lyiWUPLlN7VSz1ZLdU/vvD+nf969z9q45eqHfPS/OXJ8akrs/9wP/CZ4vNGFwit3SAs5/s/p375g5bJB5qVf16uaXtr671c1Tu+vt6/bLf0BvVuwe3FhdGypvn6m/P//e+3P2iZ9VROJC8OJAOra/rX8rZBTSfWPp+rFV8X/18cyo9zo9r+5bNRLBXlJjpcrf9jt24vLgy98+7izZWc/ndVTkdyPMnNpG/rOR2vzidtVXtdV29Z63AVVN4d7VDeplpKHNngeX2y2mX6t7UOtY3XodLheW9mdLZtRj/8z6dzettb+nSHGtsqvi5+X1zN7/J/Lf1/dJXb/1TaHp1tiqgiW/aU1nmrDq+uRmS15qOtM95aW+aGRyW74Hv5l/zdyvbvajn/N7fV3pyPWmpsf1wk2z8ufnZ4XYtyX9UiHV3TIjXPPhst08zzaCNqgzz/Iq8mPce2dUZ5tcMZZbeO/58UA/lj7ur/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAePgVSXe76V3JqSRHkhwux2vJ0tqYuw9QX1d/8SBp7pgHyfnbp9hwRYt7uZcPcmivMwIAAAAAAABgd1wa/+rTzz4pb9Xn8d35667mnFrSk+RI8aPesfHZmakOBfUmN5Y/0u/bXg43yrsn7o9/WY4922Gh/b18AAC+1f4cAAD//7IYb70=") open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[@ANYBLOB="20000000020000001d"], 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) syz_usb_connect$cdc_ecm(0x0, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48, 0x1, 0x1, 0x0, 0x100, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x0, "19d740"}, {0x5, 0x24, 0x0, 0x31}, {0xd, 0x24, 0xf, 0x1, 0x78e6, 0x0, 0x3, 0x4}, [@call_mgmt={0x5, 0x24, 0x1, 0x0, 0x4}, @obex={0x5, 0x24, 0x15, 0xd}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x0, 0x0, 0x0, 0xaa}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x7, 0x80, 0x3}}}}}]}}]}}, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x200000001494) fcntl$setstatus(r0, 0x4, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x2) r1 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x5, {[@global=@item_012={0x2, 0x1, 0x0, "8daf"}, @global=@item_012={0x1, 0x1, 0x0, ','}]}}, 0x0}, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) 2.047398823s ago: executing program 4 (id=768): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) listen(0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r6, r5, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) 2.007658776s ago: executing program 3 (id=769): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @local, 0x5}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x95}, 0x9c) 1.021209866s ago: executing program 4 (id=770): socket$packet(0x11, 0xa, 0x300) r0 = socket$inet6(0xa, 0x2, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={0x3c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x1f, 0x33, @probe_request={{{}, {}, @broadcast}, @val={0x0, 0x1, @random='\''}, @void, @void, @void, @void}}]}, 0x3c}}, 0x0) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000351000/0x2000)=nil) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000580)=0x0) ptrace$setopts(0x4200, r4, 0x5, 0x0) r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180d], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0) unshare(0x0) r6 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_ADD_COUNTERS(r6, 0x0, 0x41, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c744d7200000000000000000000000000000000000000000000000000000200"/72], 0x48) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x1, 0x6) setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) syz_emit_ethernet(0xd2, &(0x7f0000000900)=ANY=[@ANYBLOB="ffffffffbfff00000000000086dd600489f1009c1100fc010000000000000025030000000000ff02000000000000000000000000000100000e22"], 0x0) 823.541282ms ago: executing program 3 (id=771): socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) fanotify_init(0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, r0, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) capset(0x0, &(0x7f0000000040)) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) fcntl$setstatus(r3, 0x4, 0x42800) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) socket(0x10, 0x0, 0x0) r5 = dup(r4) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mkdir(0x0, 0x0) write$UHID_INPUT(r5, &(0x7f0000001980)={0xf, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3267078b089b34083b681a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b313b0d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e924afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) 735.81623ms ago: executing program 4 (id=772): socket$key(0xf, 0x3, 0x2) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x1f2f, 0x0, 0x0, 0x0, 0x0, 0x1e8, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x0}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='jbd2_handle_stats\x00'}, 0x10) getpgid(0xffffffffffffffff) syz_open_procfs$namespace(0x0, &(0x7f00000002c0)='ns/pid_for_children\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000580)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="cf0425bd7000000000001300000008000300", @ANYRES32=r3, @ANYBLOB="040013000a000600ffffffffffff000006001200000000000600b500c902000008001400", @ANYRES32, @ANYBLOB="0c0043006ae85ee14a"], 0x50}}, 0x0) 445.376173ms ago: executing program 4 (id=773): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r2) close(r3) 340.388702ms ago: executing program 1 (id=774): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x20081e, &(0x7f00000020c0), 0x1, 0x4ef, &(0x7f0000000a00)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W") r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) ftruncate(r0, 0x4000000) r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3) r2 = open(&(0x7f0000000100)='./bus\x00', 0x101c42, 0x0) fallocate(r2, 0x20, 0x0, 0x10000) 293.267755ms ago: executing program 4 (id=775): syz_mount_image$hfsplus(&(0x7f0000000500), &(0x7f0000000100)='./file1\x00', 0xa08800, &(0x7f0000000040)=ANY=[], 0x4, 0x67b, &(0x7f00000010c0)="$eJzs3c1rHOcdB/DvrFay5IKjJHbilkBFDGmpqa0XlFalELeHokMowT2EQi/ClmPhtRIkpSihFPX92kP+gPSgQ6GnQu+GFHpqe8tVp5JS6CUnneoys7PSyvLKu7JerPbzMaN9Zp7X+c3Mszu7mAnwf2v+apoPUmT+6pvr5frW5kxra3PmXJ3dSlKmG0mz/ZJiOSk+SW6kveSL5ca6fNGrn4+W5m5++vnWZ+21Zr1U5RsH1evPRr1kIslQ/brf8KHau9WzvYMt7KSKnT0sA3alEzg4bQ/32Rik+lNet8CzoGi/b+4znpxPMlp/Dkg9OzROdnRHb6BZDgAAAM6o57aznfVcOO1xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFlSP/+/qJdGJz2RovP8/5F6W+r0zcYpj/lpPDjtAQAAAAAAAADAEfjydrazngud9YfVL/v/ebVauVj9/ULez2oWs5JrWc9C1rKWlUwlGe9qaGR9YW1tZSpPrjn92JrTJ7K7AAAAAAAAAPC/6ueZ3/39HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngVFMtR+qZaLnfR4Gs0ko0lGynIbyd876TOieNzGByc/DgAAAHgqo4eo89x2trOeC531h0V1z/9Sdb88mveznLUsZS2tLOZ2fQ9d3vU3tjZnWlubM/e3Nmeqjn/0sK3dznf+PdAwqhbT/u7h8T1frkqM5U6Wqi3XcqsazO00qpqly/V4dpa9nfysHNPYG7U+R3a7fi07+22vbxGOQmPQCuNVpeGdiEzWYysbev7gSDzx6DQP7GkqjZ1vfi4e0FNnl4oBY36+Uy/Jrx+J+Rv/+P0P+2zmGOxEopEqEtNdZ99LB8c8+cqf/vD23dbyvbt3Vq8e22l0Uh49J2a6IvHymY5Ec8Dyk1UkLu2sz+d7+UGuZiJvZSVL+XEWspbF1DNjFurzufw73hWlZF+kbuxZe+tJIxmpj0t7Fu1nTBM5V6UW8mpV90KWUuTd3M5iXq/+TWcq38hsZjPXdYQv9TzC1b5VM21jsKv+yleze6n/ppyp+6uX/KXfgoNrv6WWcX2+K67dc+54lde9ZTdKL/TxfjTg3Nj8Up0o+/jFYd42js2jkZjqisSLB0fid9W1sdpavrdyd+G9Hu1vPLL+2vBu+lfH+c48sPJ8eSGj9Uyy9+wo817cmWX2xmuk/sWlndfYl3epyiuKzpX6/Z5X6kj9GW5/S9NV3sv784Y6I7/clbfn81be/evpxBOAAZ3/2vmRsX+N/W3s47Ffjt0de3P0u+e+ee6VkQz/efhbzcmh1xqvFH/Mx/np7v0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweKsffHhvodVaXHl8otE762gTRf0gn15lmhnLCQzjJBNFsnHkLedIGxw+pn3vPETwadt5+8azcSjPcmIoSWfLUHaz6kN0mIeLAmfC9bX7711f/eDDry/dX3hn8Z3F5eHZ2bnJudnXZ67fWWotTrb/nvYogeOw+3ngtEcCAAAAAAAAAAAA9OsI/hfBt//Zbqpnma7uJk5rPwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICza/5qmsMpMjV5bbJc39qcaZVLJ71bspmk0UiKnyTFJ8mNtJeMdzVX9Orno6W5m59+vvXZblvNTvnGQfX6s1EvmUgyVL/uM3K49m71aq9vxc4elgG70gkcnLb/BgAA///sygN+") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000240)=ANY=[@ANYBLOB="850000006c0000007600000000000000ec4546dab77e47ae79d6a57ffbdf8269661b92817e3578d24be3ef7566efb15e27dce8ba00000000270ecac44bee5e36a1b706bde512a24a4c5ad3975e4676298e937acce52b1aa29a1f9bb7b6fcec231cfc9b8c818cef0010ad77d6967e8db34d9a969881535682cfe923e35195b1b72a19ddc5317a9a30b1dffc0772beae2a597cb28646c335ca5239dd3b5632815936342cce7f158e633fbea676ae028cbbac13b23416c4efaa305c004a85758d0f2e29fab467406e784c69542460db732b73ee81ae21571dfb5c525b023e6700227569c36340a7d484d9ec0b73182b754c6efd82ee16d7ba"], &(0x7f0000000180)='syzkaller\x00', 0x2, 0xe5, &(0x7f0000000000)=""/229, 0x0, 0x11}, 0x80) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121701, 0x0) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000279600"}) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040e05003e2009"], 0x8) r1 = syz_open_pts(r0, 0x129640) r2 = dup(r1) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000000)) futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x4, 0xb, 0x0, 0x0, &(0x7f00000001c0), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_enc_key_size={{0x7}, {0x4, 0xc9, 0x3f}}}}, 0xa) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x3}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @range={{0xa}, @void}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x7a000000}]}, @NFT_MSG_DELFLOWTABLE={0x18, 0x18, 0xa, 0x0, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14}}, 0x98}}, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x180da5f60c08e663, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x100003, 0x0, 0x1, 0x1, 0xffffffffffffffff, 0x20000000}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000015c0), 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet(0x2, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)=0x7f, 0x4) syz_open_dev$tty20(0xc, 0x4, 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 133.864189ms ago: executing program 1 (id=776): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x34000, 0x0, {0x0, 0x0, 0x0, r1}}, 0x24}}, 0x0) 80.175533ms ago: executing program 1 (id=777): socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_TRIM(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x3, 0xff) syz_emit_ethernet(0x46, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000000000103afffe8000000000000000000000000000bb"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan0\x00'}) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) futex(&(0x7f0000001300)=0x80000001, 0x800000000006, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x10, 0x0, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000500)={0xa, 0x0, 0xfffffffe, @private0, 0xfffffffc}, 0x1c) 0s ago: executing program 2 (id=778): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x24, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER_INTVL={0xc}, @IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x88}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0x2e9}]}}}]}, 0x54}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x700, 0x700, 0x7f, 0x3, {{0xe, 0x4, 0x3, 0x8, 0x38, 0x64, 0x0, 0x4e, 0x4, 0x0, @broadcast, @local, {[@cipso={0x86, 0x22, 0x7ffffffffffffffc, [{0x0, 0x2}, {0x0, 0x9, "66ecfc185c898f"}, {0x0, 0x11, "e1c064acb807f419be229aefc9fae4"}]}]}}}}}) getpeername$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000400)=0x14) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000540)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x88, r2, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x80}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x54, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0xf}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3f}]}, 0x88}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000001500), 0xffffffffffffffff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)={0xf4, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0xd8, 0x33, @probe_request={{{}, {}, @broadcast, @broadcast, @from_mac=@broadcast}, @val, @void, @val={0x3, 0x1}, @void, @val={0x72, 0x6}, [{0xdd, 0x1f, "b32cae2bf99dc87a60d47aec103bbffea56b0df2c0c137be24a969ceaf0621"}, {0xdd, 0x24, "2afc2fa14426f7c63874fb2e5806a90ccc719b9f850e62038c66a1a8c3d81caeb65ef8b3"}, {0xdd, 0x51, "64163408efc3435e758edfddedd9694377bf56b47882d63e39a6d8cd7d26f7f61482d14855e31c66d11419b2c30201072acdea7978a6a2c611b5877e373d90e906f86359e464912bd24aad692ac615d41d"}, {0xdd, 0x13, "04b4e50d038cded66bf0aa262c654132de9589"}]}}]}, 0xf4}}, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_ext={0x1c, 0x8, &(0x7f0000000280)=@raw=[@printk], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2}, 0x10, 0x874d, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000600)=[{0x0, 0x2, 0x0, 0x5}], 0x10, 0x8001}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x1b, &(0x7f0000000340)=@raw=[@jmp, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x38}}, @ringbuf_query, @jmp, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ringbuf_query, @btf_id], &(0x7f0000000440)='GPL\x00', 0x401, 0x93, &(0x7f0000000480)=""/147, 0x41000, 0x0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000780), 0x0, 0x10, 0x7}, 0x90) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r7}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r7}, 0x38) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv4_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x20}, [@FRA_DST={0x8, 0x1, @local}, @FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x2f}]}, 0x2c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x398}}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x2c, r10, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r11}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}]}, 0x2c}}, 0x8000) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x24, r13, 0x1, 0x0, 0x4000000, {{}, {@void, @val={0xc, 0x99, {0x8, 0x7}}}}, [@NL80211_ATTR_TX_RATES={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40040}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) kernel console output (not intermixed with test programs): lan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.610922][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.643536][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.651156][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.659917][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.669555][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.711143][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.720582][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.730535][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.743992][ T102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.756391][ T102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.773656][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.833460][ T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.842320][ T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.862628][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.872524][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.892978][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.900899][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.917372][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.935551][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.960245][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.992882][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 61.003686][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 61.021726][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 61.104008][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 61.110421][ T3633] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.144314][ T3633] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.263596][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.349937][ T3636] loop3: detected capacity change from 0 to 256 [ 61.442630][ T3636] ======================================================= [ 61.442630][ T3636] WARNING: The mand mount option has been deprecated and [ 61.442630][ T3636] and is ignored by this kernel. Remove the mand [ 61.442630][ T3636] option from the mount to silence this warning. [ 61.442630][ T3636] ======================================================= [ 61.480098][ T3636] exfat: Bad value for 'uid' [ 61.748503][ T3641] loop4: detected capacity change from 0 to 512 [ 61.810149][ T3641] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.5: invalid indirect mapped block 11 (level 0) [ 61.828382][ T3641] EXT4-fs (loop4): Remounting filesystem read-only [ 61.837489][ T3641] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.5: attempt to clear invalid blocks 1024 len 1 [ 61.852266][ T3557] Bluetooth: hci1: command tx timeout [ 61.852429][ T3564] Bluetooth: hci2: command tx timeout [ 61.888580][ T3641] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 61.926615][ T3641] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.5: invalid indirect mapped block 1819239214 (level 0) [ 61.941616][ T3557] Bluetooth: hci3: command tx timeout [ 61.941636][ T3564] Bluetooth: hci0: command tx timeout [ 61.947266][ T3562] Bluetooth: hci4: command tx timeout [ 62.034140][ T3641] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.5: invalid indirect mapped block 33554432 (level 2) [ 62.065183][ T3641] EXT4-fs (loop4): 1 truncate cleaned up [ 62.078970][ T3641] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 62.161955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 62.171736][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 62.179914][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 62.343076][ T3648] loop2: detected capacity change from 0 to 256 [ 62.352708][ T3648] exfat: Bad value for 'uid' [ 62.582090][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 62.642168][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 62.780906][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 63.123596][ T3547] EXT4-fs (loop4): unmounting filesystem. [ 63.230754][ T3661] loop4: detected capacity change from 0 to 512 [ 63.242755][ T3660] loop3: detected capacity change from 0 to 512 [ 63.268373][ T3661] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 63.295112][ T3660] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 63.341543][ T3661] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1085: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 63.366315][ T3661] EXT4-fs (loop4): 1 truncate cleaned up [ 63.376335][ T3661] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 63.400111][ T3660] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1085: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 63.461305][ T3660] EXT4-fs (loop3): 1 truncate cleaned up [ 63.461444][ T3671] loop0: detected capacity change from 0 to 512 [ 63.467935][ T3660] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 63.533606][ T3671] EXT4-fs (loop0): 1 orphan inode deleted [ 63.551813][ T3671] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 63.571091][ T3671] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038 (0x7fffffff) [ 63.652733][ T3554] EXT4-fs (loop0): unmounting filesystem. [ 63.723029][ T3547] EXT4-fs (loop4): unmounting filesystem. [ 63.791973][ T3549] EXT4-fs (loop3): unmounting filesystem. [ 63.946681][ T3678] loop4: detected capacity change from 0 to 1764 [ 64.182475][ T3593] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 64.452004][ T3593] usb 3-1: Using ep0 maxpacket: 8 [ 64.602643][ T3593] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 64.613751][ T3593] usb 3-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 64.791974][ T3593] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=f0.c9 [ 64.793186][ T3688] loop0: detected capacity change from 0 to 512 [ 64.811331][ T3593] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.849612][ T3593] usb 3-1: Product: syz [ 64.864366][ T3593] usb 3-1: Manufacturer: syz [ 64.871892][ T3593] usb 3-1: SerialNumber: syz [ 65.012196][ T26] audit: type=1326 audit(1720662050.462:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3689 comm="syz.3.15" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x0 [ 65.042067][ T22] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 65.152167][ T3593] snd-usb-6fire 3-1:2.0: unable to receive device firmware state. [ 65.172925][ T3593] snd-usb-6fire: probe of 3-1:2.0 failed with error -71 [ 65.190996][ T3593] usb 3-1: USB disconnect, device number 2 [ 65.289079][ T3693] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15'. [ 65.453342][ T22] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 65.673778][ T22] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 65.691794][ T22] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.700308][ T22] usb 5-1: Product: syz [ 65.726904][ T22] usb 5-1: Manufacturer: syz [ 65.731524][ T22] usb 5-1: SerialNumber: syz [ 65.794954][ T22] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 65.814642][ T3701] loop2: detected capacity change from 0 to 512 [ 65.847755][ T3701] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 65.892934][ T3701] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 65.911812][ T3701] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 65.963456][ T3701] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 65.991822][ T3701] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000] [ 66.044819][ T3701] EXT4-fs (loop2): orphan cleanup on readonly fs [ 66.144856][ T3701] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.18: bg 0: block 34: padding at end of block bitmap is not set [ 66.215022][ T3701] Quota error (device loop2): write_blk: dquota write failed [ 66.225842][ T3701] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 66.246204][ T3562] Bluetooth: hci0: Unknown advertising packet type: 0x7070 [ 66.246621][ T3562] Bluetooth: hci0: Unknown advertising packet type: 0x2540 [ 66.254242][ T3562] Bluetooth: hci0: Malformed LE Event: 0x0d [ 66.287410][ T3701] EXT4-fs error (device loop2): ext4_acquire_dquot:6777: comm syz.2.18: Failed to acquire dquot type 1 [ 66.310877][ T3701] EXT4-fs (loop2): 1 truncate cleaned up [ 66.320804][ T3593] usb 5-1: USB disconnect, device number 2 [ 66.472354][ T3708] loop3: detected capacity change from 0 to 256 [ 66.506258][ T3701] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 66.597518][ T3708] exfat: Bad value for 'uid' [ 66.607932][ T3553] EXT4-fs (loop2): unmounting filesystem. [ 66.649521][ T3628] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 66.825176][ T3715] loop0: detected capacity change from 0 to 512 [ 67.053259][ T3715] EXT4-fs (loop0): 1 orphan inode deleted [ 67.059038][ T3715] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 67.110833][ T3724] loop4: detected capacity change from 0 to 512 [ 67.118303][ T3715] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038 (0x7fffffff) [ 67.141062][ T3722] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 67.380158][ T3724] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 67.423674][ T3727] netlink: 40 bytes leftover after parsing attributes in process `syz.3.25'. [ 67.445012][ T3554] EXT4-fs (loop0): unmounting filesystem. [ 67.568079][ T3724] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1085: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 67.693608][ T3724] EXT4-fs (loop4): 1 truncate cleaned up [ 67.699320][ T3724] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 67.955217][ T3734] loop0: detected capacity change from 0 to 512 [ 68.115950][ T3547] EXT4-fs (loop4): unmounting filesystem. [ 68.511777][ T22] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 68.761780][ T22] usb 4-1: Using ep0 maxpacket: 8 [ 68.890057][ T22] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 68.938596][ T22] usb 4-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 68.980421][ T3753] loop1: detected capacity change from 0 to 512 [ 68.995756][ T3753] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 69.066369][ T3757] device bridge1 entered promiscuous mode [ 69.102502][ T3753] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1085: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 69.114940][ T3757] netlink: 4 bytes leftover after parsing attributes in process `syz.2.35'. [ 69.129591][ T22] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=f0.c9 [ 69.141477][ T22] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.156771][ T22] usb 4-1: Product: syz [ 69.160975][ T22] usb 4-1: Manufacturer: syz [ 69.168900][ T22] usb 4-1: SerialNumber: syz [ 69.178785][ T3753] EXT4-fs (loop1): 1 truncate cleaned up [ 69.184993][ T3753] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 69.363414][ T3548] EXT4-fs (loop1): unmounting filesystem. [ 69.431902][ T22] snd-usb-6fire 4-1:2.0: unable to receive device firmware state. [ 69.439755][ T22] snd-usb-6fire: probe of 4-1:2.0 failed with error -71 [ 69.494122][ T22] usb 4-1: USB disconnect, device number 2 [ 70.746832][ T3784] loop3: detected capacity change from 0 to 512 [ 70.837443][ T3628] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 71.047679][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.055784][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 73.431866][ T3593] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 73.731975][ T3593] usb 4-1: Using ep0 maxpacket: 8 [ 73.852303][ T3593] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 73.941817][ T3593] usb 4-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 74.165061][ T3593] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=f0.c9 [ 74.189193][ T3593] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.221862][ T3593] usb 4-1: Product: syz [ 74.226112][ T3593] usb 4-1: Manufacturer: syz [ 74.230720][ T3593] usb 4-1: SerialNumber: syz [ 74.511884][ T3593] snd-usb-6fire 4-1:2.0: unable to receive device firmware state. [ 74.524247][ T3593] snd-usb-6fire: probe of 4-1:2.0 failed with error -71 [ 74.551251][ T3593] usb 4-1: USB disconnect, device number 3 [ 74.663286][ T3815] loop1: detected capacity change from 0 to 32768 [ 76.412274][ T14] cfg80211: failed to load regulatory.db [ 76.662991][ T3858] loop3: detected capacity change from 0 to 1024 [ 76.711193][ T3858] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 76.758183][ T3858] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 77.053756][ T3549] EXT4-fs (loop3): unmounting filesystem. [ 77.193701][ T3865] loop3: detected capacity change from 0 to 1024 [ 77.210976][ T3865] EXT4-fs: Ignoring removed nomblk_io_submit option [ 77.251496][ T3865] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 77.412662][ T3865] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 77.540734][ T3549] EXT4-fs (loop3): unmounting filesystem. [ 77.906643][ T41] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 78.172281][ T41] usb 1-1: Using ep0 maxpacket: 8 [ 78.289736][ T3863] loop2: detected capacity change from 0 to 32768 [ 78.332326][ T41] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 78.442119][ T41] usb 1-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 78.861949][ T41] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=f0.c9 [ 78.886752][ T41] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.923890][ T41] usb 1-1: Product: syz [ 78.928185][ T41] usb 1-1: Manufacturer: syz [ 78.942470][ T41] usb 1-1: SerialNumber: syz [ 79.237114][ T41] snd-usb-6fire 1-1:2.0: unable to receive device firmware state. [ 79.245110][ T41] snd-usb-6fire: probe of 1-1:2.0 failed with error -71 [ 79.269049][ T41] usb 1-1: USB disconnect, device number 2 [ 79.556555][ T26] audit: type=1326 audit(1720662065.012:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3904 comm="syz.2.85" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x0 [ 82.151771][ T41] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 82.431932][ T41] usb 5-1: Using ep0 maxpacket: 8 [ 82.581888][ T41] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 82.642421][ T41] usb 5-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 82.842054][ T41] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=f0.c9 [ 82.851130][ T41] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.872378][ T41] usb 5-1: Product: syz [ 82.882186][ T41] usb 5-1: Manufacturer: syz [ 82.886803][ T41] usb 5-1: SerialNumber: syz [ 82.970575][ T26] audit: type=1326 audit(1720662068.422:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.1.104" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x0 [ 83.069476][ T3933] loop0: detected capacity change from 0 to 32768 [ 83.186599][ T41] snd-usb-6fire 5-1:2.0: unable to receive device firmware state. [ 83.201922][ T41] snd-usb-6fire: probe of 5-1:2.0 failed with error -71 [ 83.224565][ T41] usb 5-1: USB disconnect, device number 3 [ 84.941913][ T153] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 84.951167][ T3982] netlink: 40 bytes leftover after parsing attributes in process `syz.2.112'. [ 85.321908][ T153] usb 1-1: config 0 has no interfaces? [ 85.327495][ T153] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 85.337046][ T153] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.391432][ T153] usb 1-1: config 0 descriptor?? [ 85.783934][ T3593] usb 1-1: USB disconnect, device number 3 [ 86.346927][ T26] audit: type=1326 audit(1720662071.802:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3992 comm="syz.4.116" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb320f75bd9 code=0x0 [ 86.534944][ T3999] device bridge1 entered promiscuous mode [ 86.622264][ T3999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.118'. [ 87.954101][ T3995] loop2: detected capacity change from 0 to 32768 [ 88.576334][ T26] audit: type=1326 audit(1720662074.032:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4028 comm="syz.4.129" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb320f75bd9 code=0x0 [ 88.731899][ T3593] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 88.808775][ T4036] device bridge2 entered promiscuous mode [ 88.826119][ T4036] netlink: 4 bytes leftover after parsing attributes in process `syz.0.130'. [ 89.091962][ T3593] usb 2-1: config 0 has no interfaces? [ 89.098285][ T3593] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 89.108532][ T3593] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.125935][ T3593] usb 2-1: config 0 descriptor?? [ 89.376126][ T3593] usb 2-1: USB disconnect, device number 2 [ 91.443510][ T4059] loop2: detected capacity change from 0 to 32768 [ 91.825838][ T26] audit: type=1326 audit(1720662077.282:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4070 comm="syz.3.143" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x0 [ 91.887279][ T4074] device bridge2 entered promiscuous mode [ 91.950132][ T4074] netlink: 4 bytes leftover after parsing attributes in process `syz.2.142'. [ 92.026430][ T4069] loop0: detected capacity change from 0 to 40427 [ 92.066873][ T4069] F2FS-fs (loop0): Found nat_bits in checkpoint [ 92.220184][ T4069] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 93.252208][ T3593] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 93.712152][ T3593] usb 4-1: config 0 has no interfaces? [ 93.717808][ T3593] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 93.786208][ T3593] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.824585][ T3593] usb 4-1: config 0 descriptor?? [ 94.040688][ T4099] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 94.047498][ T4099] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 94.076244][ T3593] usb 4-1: USB disconnect, device number 4 [ 94.089246][ T4099] vhci_hcd vhci_hcd.0: Device attached [ 94.319780][ T4105] netlink: 8 bytes leftover after parsing attributes in process `syz.0.148'. [ 94.451830][ T3597] usb 10-1: SetAddress Request (2) to port 0 [ 94.459370][ T3597] usb 10-1: new SuperSpeed USB device number 2 using vhci_hcd [ 94.695489][ T4103] vhci_hcd: connection reset by peer [ 94.707903][ T9] vhci_hcd: stop threads [ 94.717118][ T9] vhci_hcd: release socket [ 94.734917][ T9] vhci_hcd: disconnect device [ 94.737131][ T4116] loop1: detected capacity change from 0 to 32768 [ 96.138548][ T14] kernel write not supported for file /snd/seq (pid: 14 comm: kworker/0:1) [ 96.311651][ T3562] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 97.048959][ T4144] loop1: detected capacity change from 0 to 1764 [ 97.318071][ T4150] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 97.381776][ T41] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 97.470774][ T4150] CIFS mount error: No usable UNC path provided in device string! [ 97.470774][ T4150] [ 97.555563][ T4150] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 97.601881][ T41] usb 2-1: device descriptor read/64, error -71 [ 97.926527][ T41] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 98.736993][ T4151] loop2: detected capacity change from 0 to 32768 [ 98.747173][ T4151] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.162 (4151) [ 98.806942][ T4151] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 98.831442][ T4151] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 98.851807][ T4151] BTRFS info (device loop2): using free space tree [ 98.881754][ T41] usb 2-1: device descriptor read/64, error -71 [ 99.012046][ T41] usb usb2-port1: attempt power cycle [ 99.043012][ T4151] BTRFS info (device loop2): enabling ssd optimizations [ 99.106276][ T4151] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 99.962066][ T3597] usb 10-1: device descriptor read/8, error -110 [ 100.045702][ T41] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 100.121779][ T41] usb 2-1: device descriptor read/8, error -71 [ 100.155913][ T4199] netlink: 40 bytes leftover after parsing attributes in process `syz.4.171'. [ 100.174681][ T4198] loop1: detected capacity change from 0 to 1024 [ 100.311143][ T3562] Bluetooth: hci1: unexpected cc 0x203e length: 2 > 1 [ 100.366402][ T3562] Bluetooth: hci1: failed to read key size for handle 201 [ 100.452326][ T3597] usb usb10-port1: attempt power cycle [ 101.125355][ T3597] usb usb10-port1: unable to enumerate USB device [ 101.678448][ T3562] Bluetooth: Unexpected start frame (len 18) [ 102.568456][ T4237] loop4: detected capacity change from 0 to 1764 [ 102.713461][ T4241] netlink: 40 bytes leftover after parsing attributes in process `syz.3.184'. [ 102.941801][ T4189] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 103.141793][ T4189] usb 5-1: device descriptor read/64, error -71 [ 103.436998][ T4189] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 104.320920][ T4264] loop3: detected capacity change from 0 to 1024 [ 104.381732][ T4189] usb 5-1: device descriptor read/64, error -71 [ 104.554197][ T4189] usb usb5-port1: attempt power cycle [ 104.574478][ T3562] Bluetooth: hci4: unexpected cc 0x203e length: 2 > 1 [ 105.193438][ T3562] Bluetooth: hci4: failed to read key size for handle 201 [ 105.393002][ T4279] netlink: 40 bytes leftover after parsing attributes in process `syz.2.197'. [ 107.129660][ T4190] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 107.381875][ T4190] usb 4-1: Using ep0 maxpacket: 8 [ 107.532446][ T4190] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 107.609480][ T4190] usb 4-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 107.911933][ T4190] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=f0.c9 [ 107.930818][ T4190] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.969321][ T4190] usb 4-1: Product: syz [ 107.978760][ T4190] usb 4-1: Manufacturer: syz [ 108.001376][ T4319] loop4: detected capacity change from 0 to 1764 [ 108.014009][ T4190] usb 4-1: SerialNumber: syz [ 108.077249][ T4321] netlink: 40 bytes leftover after parsing attributes in process `syz.2.211'. [ 108.270414][ T4325] loop2: detected capacity change from 0 to 1024 [ 108.291977][ T4190] snd-usb-6fire 4-1:2.0: unable to receive device firmware state. [ 108.310129][ T4190] snd-usb-6fire: probe of 4-1:2.0 failed with error -71 [ 108.327483][ T4190] usb 4-1: USB disconnect, device number 5 [ 108.356035][ T3594] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 108.420241][ T3562] Bluetooth: hci2: unexpected cc 0x203e length: 2 > 1 [ 108.508670][ T3562] Bluetooth: hci2: failed to read key size for handle 201 [ 108.571937][ T3594] usb 5-1: device descriptor read/64, error -71 [ 108.841800][ T3594] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 108.989413][ T26] audit: type=1326 audit(1720662094.442:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4334 comm="syz.3.215" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x0 [ 109.061733][ T3594] usb 5-1: device descriptor read/64, error -71 [ 109.187035][ T3594] usb usb5-port1: attempt power cycle [ 109.196439][ T4340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.215'. [ 109.611752][ T3594] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 109.721802][ T3594] usb 5-1: device descriptor read/8, error -71 [ 109.991880][ T3594] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 110.538791][ T3594] usb 5-1: device descriptor read/8, error -71 [ 110.871963][ T3594] usb usb5-port1: unable to enumerate USB device [ 110.894022][ T4360] netlink: 40 bytes leftover after parsing attributes in process `syz.3.222'. [ 111.469818][ T4381] loop0: detected capacity change from 0 to 1024 [ 111.621259][ T3562] Bluetooth: hci3: unexpected cc 0x203e length: 2 > 1 [ 111.681817][ T3597] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 111.697577][ T3562] Bluetooth: hci3: failed to read key size for handle 201 [ 111.922881][ T3597] usb 4-1: Using ep0 maxpacket: 8 [ 112.076947][ T3597] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 112.098216][ T3597] usb 4-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 112.307394][ T3597] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=f0.c9 [ 112.336592][ T3597] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.367157][ T3597] usb 4-1: Product: syz [ 112.391893][ T3597] usb 4-1: Manufacturer: syz [ 112.404599][ T3597] usb 4-1: SerialNumber: syz [ 112.791778][ T3597] snd-usb-6fire 4-1:2.0: unable to receive device firmware state. [ 112.799747][ T3597] snd-usb-6fire: probe of 4-1:2.0 failed with error -71 [ 112.814600][ T3597] usb 4-1: USB disconnect, device number 6 [ 113.047478][ T26] audit: type=1326 audit(1720662098.502:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 113.131127][ T4399] loop2: detected capacity change from 0 to 512 [ 113.333799][ T4399] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz.2.232: inline data xattr refers to an external xattr inode [ 113.350230][ T4399] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.232: couldn't read orphan inode 12 (err -117) [ 113.364254][ T4399] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 113.522989][ T26] audit: type=1326 audit(1720662098.502:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 113.545062][ C1] vkms_vblank_simulate: vblank timer overrun [ 113.622979][ T26] audit: type=1326 audit(1720662099.072:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 113.681164][ T26] audit: type=1326 audit(1720662099.072:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 113.720827][ T26] audit: type=1326 audit(1720662099.072:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 113.750832][ T3553] EXT4-fs (loop2): unmounting filesystem. [ 113.766607][ T26] audit: type=1326 audit(1720662099.072:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 113.804676][ T4407] loop3: detected capacity change from 0 to 1764 [ 113.841635][ T26] audit: type=1326 audit(1720662099.072:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 113.863942][ C1] vkms_vblank_simulate: vblank timer overrun [ 113.906946][ T26] audit: type=1326 audit(1720662099.072:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 113.929025][ C1] vkms_vblank_simulate: vblank timer overrun [ 113.945285][ T26] audit: type=1326 audit(1720662099.072:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 114.181831][ T3597] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 114.513807][ T3562] Bluetooth: hci4: Unknown advertising packet type: 0x7070 [ 114.513846][ T3562] Bluetooth: hci4: Unknown advertising packet type: 0x2540 [ 114.521548][ T3562] Bluetooth: hci4: Malformed LE Event: 0x0d [ 114.571763][ T3597] usb 4-1: unable to get BOS descriptor or descriptor too short [ 114.643288][ T3597] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 114.659826][ T3597] usb 4-1: can't read configurations, error -71 [ 115.052925][ T4421] netlink: 40 bytes leftover after parsing attributes in process `syz.4.239'. [ 115.252613][ T4423] loop3: detected capacity change from 0 to 1024 [ 115.481983][ T3562] Bluetooth: hci4: unexpected cc 0x203e length: 2 > 1 [ 115.555730][ T3562] Bluetooth: hci4: failed to read key size for handle 201 [ 116.217175][ T4439] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 116.601800][ T3596] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 116.854472][ T3596] usb 5-1: Using ep0 maxpacket: 8 [ 116.984144][ T3596] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 117.004653][ T3596] usb 5-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 117.191976][ T3596] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=f0.c9 [ 117.219753][ T3596] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.244317][ T3596] usb 5-1: Product: syz [ 117.248564][ T3596] usb 5-1: Manufacturer: syz [ 117.253683][ T3596] usb 5-1: SerialNumber: syz [ 117.488199][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 117.488249][ T26] audit: type=1326 audit(1720662102.942:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4446 comm="syz.2.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 117.573790][ T4450] loop2: detected capacity change from 0 to 512 [ 117.716013][ T4450] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz.2.246: inline data xattr refers to an external xattr inode [ 117.731747][ T4450] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.246: couldn't read orphan inode 12 (err -117) [ 117.745339][ T4450] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 117.939899][ T26] audit: type=1326 audit(1720662102.942:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4446 comm="syz.2.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 117.962255][ T3596] snd-usb-6fire 5-1:2.0: unable to receive device firmware state. [ 118.031635][ T3596] snd-usb-6fire: probe of 5-1:2.0 failed with error -71 [ 118.038458][ T26] audit: type=1326 audit(1720662103.452:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4446 comm="syz.2.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 118.061868][ T3596] usb 5-1: USB disconnect, device number 11 [ 118.176664][ T3553] EXT4-fs (loop2): unmounting filesystem. [ 118.252060][ T26] audit: type=1326 audit(1720662103.452:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4446 comm="syz.2.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 118.331584][ T26] audit: type=1326 audit(1720662103.452:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4446 comm="syz.2.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 118.343418][ T4459] loop4: detected capacity change from 0 to 1764 [ 118.445178][ T26] audit: type=1326 audit(1720662103.452:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4446 comm="syz.2.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 118.667397][ T4466] netlink: 40 bytes leftover after parsing attributes in process `syz.2.251'. [ 118.781760][ T3597] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 119.125733][ T3562] Bluetooth: hci0: Unknown advertising packet type: 0x7070 [ 119.125761][ T3562] Bluetooth: hci0: Unknown advertising packet type: 0x2540 [ 119.133029][ T3562] Bluetooth: hci0: Malformed LE Event: 0x0d [ 119.173089][ T4474] loop1: detected capacity change from 0 to 1024 [ 119.188942][ T4472] loop3: detected capacity change from 0 to 1024 [ 119.201971][ T3597] usb 5-1: unable to get BOS descriptor or descriptor too short [ 119.282190][ T3597] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 119.298225][ T3562] Bluetooth: hci1: unexpected cc 0x203e length: 2 > 1 [ 119.307483][ T3597] usb 5-1: can't read configurations, error -71 [ 119.370623][ T3562] Bluetooth: hci1: failed to read key size for handle 201 [ 119.381902][ T4477] netlink: 12 bytes leftover after parsing attributes in process `syz.1.254'. [ 119.412650][ T102] hfsplus: b-tree write err: -5, ino 4 [ 120.890975][ T4502] netlink: 40 bytes leftover after parsing attributes in process `syz.4.262'. [ 121.452026][ T26] audit: type=1326 audit(1720662106.862:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4495 comm="syz.0.260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7fc00000 [ 122.548927][ T4519] netlink: 72 bytes leftover after parsing attributes in process `syz.0.267'. [ 122.789767][ T4521] netlink: 592 bytes leftover after parsing attributes in process `syz.0.268'. [ 122.861419][ T4521] netlink: 12 bytes leftover after parsing attributes in process `syz.0.268'. [ 123.391429][ T4531] loop0: detected capacity change from 0 to 1024 [ 123.583790][ T3562] Bluetooth: hci3: unexpected cc 0x203e length: 2 > 1 [ 123.663277][ T3562] Bluetooth: hci3: failed to read key size for handle 201 [ 123.663761][ T4533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.272'. [ 125.222287][ T26] audit: type=1326 audit(1720662110.682:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4537 comm="syz.0.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7fc00000 [ 125.741464][ T4548] device bridge1 entered promiscuous mode [ 125.809827][ T4548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.276'. [ 126.627348][ T4540] loop3: detected capacity change from 0 to 40427 [ 126.747142][ T4540] F2FS-fs (loop3): Found nat_bits in checkpoint [ 127.050200][ T4540] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 128.322697][ T4565] netlink: 4 bytes leftover after parsing attributes in process `syz.0.281'. [ 128.440421][ T4569] netlink: 592 bytes leftover after parsing attributes in process `syz.3.280'. [ 128.453509][ T4565] Zero length message leads to an empty skb [ 128.486097][ T4569] netlink: 12 bytes leftover after parsing attributes in process `syz.3.280'. [ 129.772027][ T26] audit: type=1326 audit(1720662115.182:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4578 comm="syz.1.285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x7fc00000 [ 130.512921][ T4577] loop0: detected capacity change from 0 to 32768 [ 130.980347][ T4594] device bridge3 entered promiscuous mode [ 131.006203][ T4596] loop1: detected capacity change from 0 to 512 [ 131.078102][ T4596] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 131.148321][ T4594] netlink: 4 bytes leftover after parsing attributes in process `syz.0.288'. [ 131.198486][ T4596] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz.1.290: iget: bad i_size value: -67835469387268086 [ 131.223024][ T4596] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.290: couldn't read orphan inode 15 (err -117) [ 131.307193][ T4596] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 131.352017][ T4596] ext2 filesystem being mounted at /57/file0 supports timestamps until 2038 (0x7fffffff) [ 131.599806][ T4611] process 'syz.1.290' launched './file0' with NULL argv: empty string added [ 131.643469][ T4606] netlink: 592 bytes leftover after parsing attributes in process `syz.2.293'. [ 131.647953][ T4606] netlink: 12 bytes leftover after parsing attributes in process `syz.2.293'. [ 131.726871][ T4612] netlink: 4 bytes leftover after parsing attributes in process `syz.0.294'. [ 132.484225][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.490605][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.846161][ T4625] loop0: detected capacity change from 0 to 512 [ 132.951974][ T26] audit: type=1326 audit(1720662118.222:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4621 comm="syz.0.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7fc00000 [ 133.006770][ T26] audit: type=1326 audit(1720662118.222:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4621 comm="syz.0.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fed36f75bd9 code=0x7fc00000 [ 133.052152][ T4625] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz.0.297: inline data xattr refers to an external xattr inode [ 133.067588][ T4625] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.297: couldn't read orphan inode 12 (err -117) [ 133.080100][ T4625] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 133.291818][ T26] audit: type=1326 audit(1720662118.702:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4621 comm="syz.0.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7fc00000 [ 133.442511][ T3554] EXT4-fs (loop0): unmounting filesystem. [ 134.175121][ T3548] EXT4-fs (loop1): unmounting filesystem. [ 134.541558][ T4634] loop0: detected capacity change from 0 to 32768 [ 134.980884][ T4647] device bridge4 entered promiscuous mode [ 135.045732][ T4647] netlink: 4 bytes leftover after parsing attributes in process `syz.0.304'. [ 135.269795][ T4641] loop1: detected capacity change from 0 to 32768 [ 137.068147][ T4660] sched: RT throttling activated [ 137.870883][ T4662] loop3: detected capacity change from 0 to 512 [ 137.885482][ T26] audit: type=1326 audit(1720662123.242:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 138.422133][ T4662] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #12: comm syz.3.308: inline data xattr refers to an external xattr inode [ 138.437140][ T4662] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.308: couldn't read orphan inode 12 (err -117) [ 138.451469][ T4662] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 138.525326][ T26] audit: type=1326 audit(1720662123.242:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 138.648932][ T3549] EXT4-fs (loop3): unmounting filesystem. [ 138.785823][ T26] audit: type=1326 audit(1720662124.032:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 138.935567][ T26] audit: type=1326 audit(1720662124.032:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 139.085799][ T26] audit: type=1326 audit(1720662124.032:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 139.234650][ T26] audit: type=1326 audit(1720662124.032:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 139.383554][ T26] audit: type=1326 audit(1720662124.032:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4654 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 140.089549][ T4666] loop1: detected capacity change from 0 to 40427 [ 140.131757][ T4666] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 140.143581][ T4666] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 140.281442][ T4666] F2FS-fs (loop1): Found nat_bits in checkpoint [ 140.451568][ T4666] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 140.479377][ T4666] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 140.691480][ T4666] syz.1.310: attempt to access beyond end of device [ 140.691480][ T4666] loop1: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 140.784226][ T26] audit: type=1804 audit(1720662126.242:45): pid=4676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.310" name="/newroot/60/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 140.795350][ T4680] loop0: detected capacity change from 0 to 512 [ 140.854623][ T4680] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 140.896669][ T4680] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz.0.313: iget: bad i_size value: -67835469387268086 [ 140.950570][ T4680] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.313: couldn't read orphan inode 15 (err -117) [ 140.997129][ T4680] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 141.025975][ T4680] ext2 filesystem being mounted at /66/file0 supports timestamps until 2038 (0x7fffffff) [ 141.745140][ T3562] Bluetooth: Unexpected start frame (len 18) [ 142.509992][ T3554] EXT4-fs (loop0): unmounting filesystem. [ 142.522622][ T4685] loop1: detected capacity change from 0 to 32768 [ 142.871757][ T3594] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 143.686653][ T4703] device bridge2 entered promiscuous mode [ 143.954635][ T3594] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 143.971711][ T3594] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 144.053171][ T3594] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 144.074170][ T3594] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.088631][ T4703] netlink: 4 bytes leftover after parsing attributes in process `syz.1.317'. [ 144.125114][ T3594] usb 1-1: config 0 descriptor?? [ 144.181967][ T4690] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 144.204731][ T3594] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 145.581097][ T3557] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 145.593232][ T3557] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 145.617395][ T3557] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 145.651503][ T3557] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 145.669225][ T3557] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 145.676560][ T3557] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 145.907980][ T4701] loop3: detected capacity change from 0 to 40427 [ 146.024230][ T4701] F2FS-fs (loop3): Found nat_bits in checkpoint [ 146.185068][ T3709] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.336143][ T4728] loop1: detected capacity change from 0 to 512 [ 146.361932][ T4728] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 146.395774][ T4728] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz.1.326: iget: bad i_size value: -67835469387268086 [ 146.418653][ T3709] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.429416][ T4728] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.326: couldn't read orphan inode 15 (err -117) [ 146.449873][ T4728] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 146.458654][ T4728] ext2 filesystem being mounted at /65/file0 supports timestamps until 2038 (0x7fffffff) [ 146.529010][ T3709] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.581596][ T4719] chnl_net:caif_netlink_parms(): no params data found [ 146.588296][ T22] usb 1-1: USB disconnect, device number 4 [ 146.673749][ T3709] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.342010][ T26] audit: type=1326 audit(1720662132.562:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4734 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7fc00000 [ 147.761823][ T3557] Bluetooth: hci5: command tx timeout [ 147.855094][ T26] audit: type=1326 audit(1720662132.562:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4734 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fed36f75bd9 code=0x7fc00000 [ 147.879393][ T4719] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.891480][ T26] audit: type=1326 audit(1720662133.022:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4734 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7fc00000 [ 147.924237][ T4719] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.970307][ T4719] device bridge_slave_0 entered promiscuous mode [ 148.030156][ T4719] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.041189][ T4719] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.059709][ T4719] device bridge_slave_1 entered promiscuous mode [ 148.152843][ T4719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.195262][ T4719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.443989][ T4719] team0: Port device team_slave_0 added [ 148.462750][ T4719] team0: Port device team_slave_1 added [ 149.439135][ T4719] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.450214][ T4719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.555261][ T4719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 149.643186][ T4719] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.654720][ T4719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.718670][ T4737] loop3: detected capacity change from 0 to 32768 [ 149.763625][ T4719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 149.841856][ T3557] Bluetooth: hci5: command tx timeout [ 150.108277][ T4719] device hsr_slave_0 entered promiscuous mode [ 150.138603][ T4719] device hsr_slave_1 entered promiscuous mode [ 150.168978][ T4719] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 150.209998][ T4719] Cannot create hsr debugfs directory [ 150.238762][ T3548] EXT4-fs (loop1): unmounting filesystem. [ 151.212951][ T3709] device hsr_slave_0 left promiscuous mode [ 151.232361][ T3709] device hsr_slave_1 left promiscuous mode [ 151.242645][ T3709] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 151.270414][ T3709] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 151.296572][ T4766] loop3: detected capacity change from 0 to 40427 [ 151.313330][ T3709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 151.338753][ T4766] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 151.356962][ T3709] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 151.388023][ T3709] device bridge_slave_1 left promiscuous mode [ 151.394928][ T4766] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 151.404791][ T3709] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.440985][ T3709] device bridge_slave_0 left promiscuous mode [ 151.573856][ T3709] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.590982][ T4766] F2FS-fs (loop3): Found nat_bits in checkpoint [ 152.266380][ T3562] Bluetooth: hci5: command tx timeout [ 152.416951][ T3709] device veth1_macvtap left promiscuous mode [ 152.445379][ T3709] device veth0_macvtap left promiscuous mode [ 152.463242][ T3709] device veth1_vlan left promiscuous mode [ 152.470088][ T3709] device veth0_vlan left promiscuous mode [ 152.480758][ T4766] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 152.491844][ T4766] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 152.671714][ T1147] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 153.041973][ T1147] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 153.081689][ T1147] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 153.111733][ T1147] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 153.141147][ T1147] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.182608][ T1147] usb 2-1: config 0 descriptor?? [ 153.202172][ T4784] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 153.233774][ T1147] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 153.512924][ T3709] team0 (unregistering): Port device team_slave_1 removed [ 153.573625][ T3709] team0 (unregistering): Port device team_slave_0 removed [ 153.632448][ T3709] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.697114][ T3709] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.322627][ T3562] Bluetooth: hci5: command tx timeout [ 154.369302][ T3709] bond0 (unregistering): Released all slaves [ 155.003225][ T26] audit: type=1326 audit(1720662140.452:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4794 comm="syz.3.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 155.589614][ T26] audit: type=1326 audit(1720662140.462:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4794 comm="syz.3.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 155.653869][ T4719] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 155.667324][ T26] audit: type=1326 audit(1720662140.952:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4794 comm="syz.3.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 155.684110][ T3594] usb 2-1: USB disconnect, device number 7 [ 155.753804][ T4719] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 155.840941][ T4719] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 155.950303][ T4719] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 156.058530][ T4808] netlink: 4 bytes leftover after parsing attributes in process `syz.3.341'. [ 156.678746][ T4719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.738641][ T1147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.756079][ T1147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.802700][ T4719] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.863015][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.888232][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.923506][ T3596] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.930679][ T3596] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.004485][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.027175][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.060657][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.094662][ T4189] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.101888][ T4189] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.160969][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.198433][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.247808][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.268067][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.297341][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.316087][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.347492][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.393018][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.401404][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.450282][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.473313][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.518370][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.662347][ T4835] device bridge3 entered promiscuous mode [ 157.730965][ T4835] netlink: 4 bytes leftover after parsing attributes in process `syz.2.348'. [ 157.753458][ T4821] loop3: detected capacity change from 0 to 32768 [ 157.988281][ T4839] loop2: detected capacity change from 0 to 1764 [ 158.157239][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 158.170332][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 158.211130][ T4719] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.371802][ T4190] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 159.062204][ T26] audit: type=1326 audit(1720662144.042:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4841 comm="syz.3.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 159.094856][ T4832] loop1: detected capacity change from 0 to 40427 [ 159.112716][ T4832] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 159.143524][ T26] audit: type=1326 audit(1720662144.042:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4841 comm="syz.3.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 159.167483][ T4832] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 159.203456][ T26] audit: type=1326 audit(1720662144.492:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4841 comm="syz.3.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x7fc00000 [ 159.229574][ T4832] F2FS-fs (loop1): Found nat_bits in checkpoint [ 159.310431][ T4832] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 159.322509][ T4832] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 159.413464][ T3557] Bluetooth: hci2: Unknown advertising packet type: 0x7070 [ 159.413501][ T3557] Bluetooth: hci2: Unknown advertising packet type: 0x2540 [ 159.420729][ T3557] Bluetooth: hci2: Malformed LE Event: 0x0d [ 159.451443][ T4856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.352'. [ 159.491964][ T4190] usb 3-1: unable to get BOS descriptor or descriptor too short [ 159.551819][ T4190] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 159.566646][ T4190] usb 3-1: can't read configurations, error -71 [ 160.703420][ T4869] Driver unsupported XDP return value 0 on prog (id 83) dev N/A, expect packet loss! [ 160.718713][ T4871] netlink: 4 bytes leftover after parsing attributes in process `syz.3.357'. [ 160.792843][ T1147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 160.801554][ T1147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 160.869020][ T4873] device bridge4 entered promiscuous mode [ 160.911358][ T4719] device veth0_vlan entered promiscuous mode [ 160.933064][ T1147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 160.952764][ T1147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 160.982882][ T4873] netlink: 4 bytes leftover after parsing attributes in process `syz.2.359'. [ 160.986414][ T4719] device veth1_vlan entered promiscuous mode [ 161.037879][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 161.046794][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 161.062380][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 161.130732][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 161.139985][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 161.169529][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.196929][ T4719] device veth0_macvtap entered promiscuous mode [ 161.238270][ T4858] loop0: detected capacity change from 0 to 40427 [ 161.315848][ T4858] F2FS-fs (loop0): Found nat_bits in checkpoint [ 161.337783][ T4719] device veth1_macvtap entered promiscuous mode [ 161.390283][ T4719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.402170][ T4719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.412039][ T4719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.422483][ T4719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.432685][ T4719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.454683][ T4719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.567730][ T4719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.800515][ T4719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.945008][ T4858] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 162.061515][ T26] audit: type=1326 audit(1720662147.512:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4883 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 162.087728][ T4719] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.152534][ T26] audit: type=1326 audit(1720662147.512:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4883 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 162.177832][ T26] audit: type=1326 audit(1720662147.512:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4883 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 162.210296][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 162.226167][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 162.253429][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 162.307108][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 162.317786][ T26] audit: type=1326 audit(1720662147.512:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4883 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 162.368849][ T4719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.391582][ T4719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.421869][ T26] audit: type=1326 audit(1720662147.512:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4883 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 162.621936][ T4719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.658527][ T4719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.663508][ T26] audit: type=1326 audit(1720662147.512:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4883 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 162.689697][ T4719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.701694][ T26] audit: type=1326 audit(1720662147.512:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4883 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 162.708432][ T4719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.741852][ T26] audit: type=1326 audit(1720662147.512:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4883 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 162.774105][ T4719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.795189][ T4719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.821277][ T26] audit: type=1326 audit(1720662148.062:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4895 comm="syz.2.363" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x0 [ 162.824861][ T4896] netlink: 4 bytes leftover after parsing attributes in process `syz.2.363'. [ 162.868576][ T4719] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.912153][ T4901] netlink: 4 bytes leftover after parsing attributes in process `syz.3.364'. [ 162.988798][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 163.014351][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 163.057317][ T4719] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.078792][ T4719] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.103763][ T4719] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.127562][ T4719] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.328736][ T4907] loop0: detected capacity change from 0 to 1764 [ 163.470057][ T3649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.508294][ T3649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.530418][ T4915] tipc: Started in network mode [ 163.535609][ T4915] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 163.550236][ T4915] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 163.559402][ T4915] tipc: Enabled bearer , priority 10 [ 163.573028][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 163.581072][ T3649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.596240][ T3649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.610298][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 163.661805][ T41] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 163.976060][ T3557] Bluetooth: hci3: Unknown advertising packet type: 0x7070 [ 163.976096][ T3557] Bluetooth: hci3: Unknown advertising packet type: 0x2540 [ 163.986973][ T3557] Bluetooth: hci3: Malformed LE Event: 0x0d [ 164.051941][ T41] usb 1-1: unable to get BOS descriptor or descriptor too short [ 164.071319][ T4922] debugfs: Directory 'netdev:nicvf0' with parent 'phy3' already present! [ 164.131929][ T41] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 164.171531][ T41] usb 1-1: can't read configurations, error -71 [ 164.538534][ T26] audit: type=1326 audit(1720662149.992:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4926 comm="syz.4.372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7fc00000 [ 165.117331][ T4189] tipc: Node number set to 1 [ 166.384033][ T4943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.376'. [ 166.977166][ T4961] loop2: detected capacity change from 0 to 1764 [ 167.311848][ T7] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 167.363226][ T4968] device team_slave_0 entered promiscuous mode [ 167.369652][ T4968] device team_slave_1 entered promiscuous mode [ 167.409637][ T4968] device team_slave_0 left promiscuous mode [ 167.415674][ T4968] device team_slave_1 left promiscuous mode [ 167.623601][ T3557] Bluetooth: hci2: Unknown advertising packet type: 0x7070 [ 167.623637][ T3557] Bluetooth: hci2: Unknown advertising packet type: 0x2540 [ 167.631009][ T3557] Bluetooth: hci2: Unknown advertising packet type: 0x200 [ 167.638427][ T3557] Bluetooth: hci2: Malformed LE Event: 0x0d [ 167.701915][ T7] usb 3-1: unable to get BOS descriptor or descriptor too short [ 167.721898][ T41] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 167.771811][ T7] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 167.779413][ T7] usb 3-1: can't read configurations, error -71 [ 167.803632][ T4962] loop0: detected capacity change from 0 to 40427 [ 167.821863][ T4962] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 167.829709][ T4962] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 167.867654][ T4962] F2FS-fs (loop0): Found nat_bits in checkpoint [ 167.919738][ T4962] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 167.932680][ T4962] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 168.001822][ T3597] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 168.152611][ T41] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 168.176376][ T41] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 168.189764][ T41] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 168.230245][ T41] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.248193][ T41] usb 4-1: config 0 descriptor?? [ 168.293071][ T4971] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 168.325527][ T41] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 168.391952][ T3597] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 168.412056][ T3597] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 168.435333][ T3597] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 168.454393][ T3597] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.506394][ T3597] usb 5-1: config 0 descriptor?? [ 168.563861][ T3597] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 168.631501][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 168.631514][ T26] audit: type=1326 audit(1720662154.082:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4986 comm="syz.0.390" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x0 [ 168.750330][ T4998] tipc: Enabling of bearer rejected, already enabled [ 168.785760][ T4999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.390'. [ 168.851839][ T4189] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 169.211802][ T4189] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 169.220966][ T4189] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.230398][ T4189] usb 2-1: config 0 descriptor?? [ 169.622680][ T5009] loop2: detected capacity change from 0 to 1764 [ 170.291877][ T3597] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 170.437861][ T41] usb 4-1: USB disconnect, device number 9 [ 170.559942][ T5022] debugfs: Directory 'netdev:nicvf0' with parent 'phy3' already present! [ 170.602293][ T3557] Bluetooth: hci2: Unknown advertising packet type: 0x7070 [ 170.602327][ T3557] Bluetooth: hci2: Unknown advertising packet type: 0x2540 [ 170.609555][ T3557] Bluetooth: hci2: Unknown advertising packet type: 0x200 [ 170.617390][ T3557] Bluetooth: hci2: Malformed LE Event: 0x0d [ 170.651797][ T3597] usb 3-1: unable to get BOS descriptor or descriptor too short [ 170.651867][ T4189] usb 2-1: Cannot set autoneg [ 170.670437][ T4189] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71 [ 170.683411][ T4189] usb 2-1: USB disconnect, device number 8 [ 170.704700][ T5024] loop3: detected capacity change from 0 to 1024 [ 170.710880][ T41] usb 5-1: USB disconnect, device number 14 [ 170.741817][ T3597] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 170.755652][ T3597] usb 3-1: can't read configurations, error -71 [ 170.774698][ T5024] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 170.899098][ T26] audit: type=1326 audit(1720662156.352:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.4.409" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x0 [ 171.076481][ T5034] netlink: 4 bytes leftover after parsing attributes in process `syz.4.409'. [ 171.311357][ T5038] loop1: detected capacity change from 0 to 256 [ 171.382806][ T3628] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 171.430028][ T5043] tipc: Started in network mode [ 171.437238][ T5043] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 171.447498][ T5043] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 171.457699][ T5043] tipc: Enabled bearer , priority 10 [ 171.569023][ T3549] EXT4-fs (loop3): unmounting filesystem. [ 171.635439][ T5047] mmap: syz.3.414 (5047) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 171.823888][ T5051] netlink: 124 bytes leftover after parsing attributes in process `syz.4.416'. [ 171.877238][ T5051] netlink: 8 bytes leftover after parsing attributes in process `syz.4.416'. [ 172.045947][ T5056] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 172.691592][ T5056] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 172.848601][ T3597] tipc: Node number set to 1 [ 172.877073][ T5061] loop0: detected capacity change from 0 to 1764 [ 173.182770][ T14] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 173.503768][ T3557] Bluetooth: hci3: Unknown advertising packet type: 0x7070 [ 173.503810][ T3557] Bluetooth: hci3: Unknown advertising packet type: 0x2540 [ 173.511066][ T3557] Bluetooth: hci3: Unknown advertising packet type: 0x200 [ 173.518879][ T3557] Bluetooth: hci3: Malformed LE Event: 0x0d [ 173.581845][ T14] usb 1-1: unable to get BOS descriptor or descriptor too short [ 173.585255][ T26] audit: type=1326 audit(1720662159.042:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5080 comm="syz.3.427" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8712975bd9 code=0x0 [ 173.611070][ C1] vkms_vblank_simulate: vblank timer overrun [ 173.651912][ T14] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 173.672357][ T14] usb 1-1: can't read configurations, error -71 [ 173.726131][ T5075] loop4: detected capacity change from 0 to 40427 [ 173.766091][ T5075] F2FS-fs (loop4): Found nat_bits in checkpoint [ 173.790083][ T5086] netlink: 4 bytes leftover after parsing attributes in process `syz.3.427'. [ 173.817167][ T5091] loop2: detected capacity change from 0 to 256 [ 173.861764][ T5075] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 173.997310][ T5094] loop1: detected capacity change from 0 to 256 [ 173.997907][ T5094] exfat: Deprecated parameter 'namecase' [ 174.033178][ T5094] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 175.010670][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 175.242827][ T5113] device vlan2 entered promiscuous mode [ 175.248408][ T5113] device vlan0 entered promiscuous mode [ 175.269539][ T5113] device vlan0 left promiscuous mode [ 175.446147][ T5119] program syz.1.439 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 176.102955][ T5133] loop4: detected capacity change from 0 to 1764 [ 176.365161][ T5144] device bridge5 entered promiscuous mode [ 176.413457][ T5145] device team_slave_0 entered promiscuous mode [ 176.419715][ T5145] device team_slave_1 entered promiscuous mode [ 176.448982][ T5145] device team_slave_0 left promiscuous mode [ 176.455012][ T5145] device team_slave_1 left promiscuous mode [ 176.506498][ T22] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 176.644563][ T5148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.444'. [ 176.685969][ T5115] loop3: detected capacity change from 0 to 32768 [ 178.353481][ T3557] Bluetooth: hci5: Unknown advertising packet type: 0x7070 [ 178.353551][ T3557] Bluetooth: hci5: Unknown advertising packet type: 0x2540 [ 178.361059][ T3557] Bluetooth: hci5: Malformed LE Event: 0x0d [ 178.416239][ T5175] device vlan2 entered promiscuous mode [ 178.421987][ T22] usb 5-1: unable to get BOS descriptor or descriptor too short [ 178.450189][ T5175] device vlan0 entered promiscuous mode [ 178.483262][ T22] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 178.502880][ T22] usb 5-1: can't read configurations, error -71 [ 178.696039][ T5175] device vlan0 left promiscuous mode [ 179.047030][ T5182] device bridge1 entered promiscuous mode [ 179.154459][ T5182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.457'. [ 179.290221][ T5178] loop0: detected capacity change from 0 to 32768 [ 179.324718][ T5187] loop4: detected capacity change from 0 to 256 [ 179.338737][ T5187] exfat: Deprecated parameter 'namecase' [ 179.515081][ T5187] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 179.977454][ T5193] device team_slave_0 entered promiscuous mode [ 179.983766][ T5193] device team_slave_1 entered promiscuous mode [ 180.100064][ T5193] device team_slave_0 left promiscuous mode [ 180.106088][ T5193] device team_slave_1 left promiscuous mode [ 180.641879][ T3558] Bluetooth: hci3: command 0x0406 tx timeout [ 180.648053][ T3558] Bluetooth: hci4: command 0x0406 tx timeout [ 180.654614][ T3564] Bluetooth: hci2: command 0x0406 tx timeout [ 180.660626][ T3564] Bluetooth: hci1: command 0x0406 tx timeout [ 181.628425][ T5215] loop3: detected capacity change from 0 to 1764 [ 181.698467][ T5217] device bridge5 entered promiscuous mode [ 181.808130][ T5217] netlink: 4 bytes leftover after parsing attributes in process `syz.0.469'. [ 182.032724][ T41] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 182.072076][ T5227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.474'. [ 182.106305][ T5227] device team_slave_0 entered promiscuous mode [ 182.440353][ T5227] team0: Port device team_slave_0 removed [ 182.766151][ T5227] syz.0.474 (5227) used greatest stack depth: 19200 bytes left [ 182.938115][ T5219] loop1: detected capacity change from 0 to 32768 [ 183.154175][ T5243] loop4: detected capacity change from 0 to 1024 [ 183.523566][ T3562] Bluetooth: hci5: unexpected cc 0x203e length: 2 > 1 [ 183.799753][ T3562] Bluetooth: hci5: failed to read key size for handle 201 [ 183.908814][ T3562] Bluetooth: hci4: Unknown advertising packet type: 0x7070 [ 183.908847][ T3562] Bluetooth: hci4: Unknown advertising packet type: 0x2540 [ 183.916166][ T3562] Bluetooth: hci4: Malformed LE Event: 0x0d [ 184.111807][ T41] usb 4-1: unable to get BOS descriptor or descriptor too short [ 184.831766][ T41] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 184.864581][ T41] usb 4-1: can't read configurations, error -71 [ 184.995746][ T5266] loop1: detected capacity change from 0 to 256 [ 185.062807][ T3628] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 185.579461][ T5273] loop4: detected capacity change from 0 to 32768 [ 185.835675][ T5281] netlink: 4 bytes leftover after parsing attributes in process `syz.4.489'. [ 185.849879][ T5281] device team0 entered promiscuous mode [ 185.856192][ T5281] device team_slave_0 entered promiscuous mode [ 185.869345][ T5281] device team_slave_1 entered promiscuous mode [ 186.026367][ T5281] team0: Port device team_slave_0 removed [ 186.059070][ T5280] device team0 left promiscuous mode [ 186.064650][ T5280] device team_slave_1 left promiscuous mode [ 186.075586][ T5288] loop2: detected capacity change from 0 to 256 [ 186.247586][ T5288] exfat: Deprecated parameter 'namecase' [ 186.304214][ T5288] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 186.877075][ T5292] loop4: detected capacity change from 0 to 1024 [ 187.051409][ T5297] loop3: detected capacity change from 0 to 1764 [ 187.116380][ T3562] Bluetooth: hci5: unexpected cc 0x203e length: 2 > 1 [ 187.861692][ T3594] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 187.873035][ T3562] Bluetooth: hci5: failed to read key size for handle 201 [ 188.245900][ T3562] Bluetooth: hci4: Unknown advertising packet type: 0x7070 [ 188.245941][ T3562] Bluetooth: hci4: Unknown advertising packet type: 0x2540 [ 188.253493][ T3562] Bluetooth: hci4: Malformed LE Event: 0x0d [ 188.311752][ T3594] usb 4-1: unable to get BOS descriptor or descriptor too short [ 188.376929][ T3594] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 188.417545][ T3594] usb 4-1: can't read configurations, error -71 [ 188.473830][ T5317] loop4: detected capacity change from 0 to 256 [ 188.668459][ T5307] loop2: detected capacity change from 0 to 40427 [ 188.691955][ T5307] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 188.700619][ T5307] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 188.727313][ T5307] F2FS-fs (loop2): Found nat_bits in checkpoint [ 188.736253][ T5309] loop1: detected capacity change from 0 to 32768 [ 188.960763][ T5307] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 188.979851][ T5307] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 190.682629][ T5346] loop1: detected capacity change from 0 to 256 [ 190.734397][ T5346] exfat: Deprecated parameter 'namecase' [ 190.857064][ T5350] loop4: detected capacity change from 0 to 1024 [ 190.886423][ T5346] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 191.096826][ T3562] Bluetooth: hci5: unexpected cc 0x203e length: 2 > 1 [ 191.144841][ T5353] loop2: detected capacity change from 0 to 1764 [ 191.222261][ T3562] Bluetooth: hci5: failed to read key size for handle 201 [ 191.496696][ T3594] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 191.731094][ T26] audit: type=1326 audit(1720662177.182:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5370 comm="syz.4.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7ffc0000 [ 191.834307][ T26] audit: type=1326 audit(1720662177.182:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5370 comm="syz.4.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7ffc0000 [ 192.932576][ T3562] Bluetooth: hci2: Unknown advertising packet type: 0x7070 [ 192.932614][ T3562] Bluetooth: hci2: Unknown advertising packet type: 0x2540 [ 192.940396][ T3562] Bluetooth: hci2: Malformed LE Event: 0x0d [ 193.121807][ T26] audit: type=1326 audit(1720662177.222:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5370 comm="syz.4.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb294575bd9 code=0x7ffc0000 [ 193.152318][ T3594] usb 3-1: unable to get BOS descriptor or descriptor too short [ 193.164535][ T26] audit: type=1326 audit(1720662177.222:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5370 comm="syz.4.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7ffc0000 [ 193.186834][ T26] audit: type=1326 audit(1720662177.222:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5370 comm="syz.4.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7ffc0000 [ 193.209256][ T26] audit: type=1326 audit(1720662177.222:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5370 comm="syz.4.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb294575bd9 code=0x7ffc0000 [ 193.232245][ T3594] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 193.240053][ T3594] usb 3-1: can't read configurations, error -71 [ 193.287465][ T26] audit: type=1326 audit(1720662177.222:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5370 comm="syz.4.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7ffc0000 [ 193.808014][ T3707] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.838482][ T5355] loop0: detected capacity change from 0 to 32768 [ 193.866758][ T26] audit: type=1326 audit(1720662177.222:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5370 comm="syz.4.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7ffc0000 [ 193.942036][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.948365][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.969966][ T26] audit: type=1326 audit(1720662177.222:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5370 comm="syz.4.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7fb294575bd9 code=0x7ffc0000 [ 193.992965][ T26] audit: type=1326 audit(2000000000.000:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5370 comm="syz.4.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7ffc0000 [ 194.130055][ T3707] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.138077][ T5387] netlink: 4 bytes leftover after parsing attributes in process `syz.1.525'. [ 194.223302][ T5387] device team0 entered promiscuous mode [ 194.228886][ T5387] device team_slave_0 entered promiscuous mode [ 194.254611][ T5387] device team_slave_1 entered promiscuous mode [ 194.323494][ T5392] loop4: detected capacity change from 0 to 1024 [ 194.388680][ T5387] team0: Port device team_slave_0 removed [ 194.442609][ T3562] Bluetooth: hci5: unexpected cc 0x203e length: 2 > 1 [ 194.509082][ T3707] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.631872][ T3562] Bluetooth: hci5: failed to read key size for handle 201 [ 194.649307][ T3561] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 194.658554][ T3561] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 194.670862][ T3561] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 194.679336][ T3561] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 194.687403][ T3561] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 194.694962][ T3561] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 194.715651][ T5386] device team0 left promiscuous mode [ 194.721049][ T5386] device team_slave_1 left promiscuous mode [ 195.537727][ T3707] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.721781][ T3561] Bluetooth: hci0: command tx timeout [ 196.841039][ T5425] loop4: detected capacity change from 0 to 1764 [ 197.089802][ T5398] chnl_net:caif_netlink_parms(): no params data found [ 197.285554][ T7] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 197.468410][ T5398] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.495039][ T5398] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.564523][ T5398] device bridge_slave_0 entered promiscuous mode [ 197.615046][ T3561] Bluetooth: hci5: Unknown advertising packet type: 0x7070 [ 197.615081][ T3561] Bluetooth: hci5: Unknown advertising packet type: 0x2540 [ 197.622503][ T3561] Bluetooth: hci5: Malformed LE Event: 0x0d [ 197.661866][ T7] usb 5-1: unable to get BOS descriptor or descriptor too short [ 197.717468][ T5398] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.724756][ T5398] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.737933][ T5398] device bridge_slave_1 entered promiscuous mode [ 197.744497][ T7] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 197.764458][ T7] usb 5-1: can't read configurations, error -71 [ 197.871853][ T5398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.897073][ T5398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.093494][ T5398] team0: Port device team_slave_0 added [ 198.178537][ T5398] team0: Port device team_slave_1 added [ 198.480503][ T5398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.510278][ T5431] loop0: detected capacity change from 0 to 32768 [ 198.589124][ T5398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.811806][ T3561] Bluetooth: hci0: command tx timeout [ 199.311723][ T5398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.526832][ T5463] loop1: detected capacity change from 0 to 1024 [ 199.617437][ T5398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.641452][ T5398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.685983][ T3561] Bluetooth: hci1: unexpected cc 0x203e length: 2 > 1 [ 199.694272][ T3561] Bluetooth: hci1: unexpected event for opcode 0x203e [ 199.780285][ T3561] Bluetooth: hci1: failed to read key size for handle 201 [ 199.787617][ T3561] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 199.800187][ T5398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.365249][ T3707] device hsr_slave_0 left promiscuous mode [ 200.394988][ T3707] device hsr_slave_1 left promiscuous mode [ 200.921933][ T3561] Bluetooth: hci0: command tx timeout [ 201.129722][ T3707] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.153395][ T3707] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.222450][ T3707] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.267106][ T3707] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.275730][ T5488] netlink: 4 bytes leftover after parsing attributes in process `syz.4.547'. [ 201.287330][ T5486] loop1: detected capacity change from 0 to 1764 [ 201.306786][ T3707] device bridge_slave_1 left promiscuous mode [ 201.315075][ T3707] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.344486][ T3707] device bridge_slave_0 left promiscuous mode [ 201.368130][ T3707] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.681771][ T3597] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 202.322367][ T3707] device veth1_macvtap left promiscuous mode [ 202.329198][ T3707] device veth0_macvtap left promiscuous mode [ 202.368862][ T3707] device veth1_vlan left promiscuous mode [ 202.391983][ T3707] device veth0_vlan left promiscuous mode [ 202.628294][ T3562] Bluetooth: hci1: Unknown advertising packet type: 0x7070 [ 202.628332][ T3562] Bluetooth: hci1: Unknown advertising packet type: 0x2540 [ 202.635845][ T3562] Bluetooth: hci1: Malformed LE Event: 0x0d [ 202.701880][ T3597] usb 2-1: unable to get BOS descriptor or descriptor too short [ 202.797831][ T3597] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 202.807966][ T3597] usb 2-1: can't read configurations, error -71 [ 202.853117][ T5497] loop0: detected capacity change from 0 to 32768 [ 202.913282][ T3707] bond3 (unregistering): Released all slaves [ 202.943572][ T3707] bond2 (unregistering): Released all slaves [ 202.961724][ T3562] Bluetooth: hci0: command tx timeout [ 203.008942][ T3707] bond1 (unregistering): Released all slaves [ 203.670510][ T3707] team0 (unregistering): Port device team_slave_1 removed [ 203.725274][ T3707] team0 (unregistering): Port device team_slave_0 removed [ 203.771650][ T3707] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 203.820261][ T3707] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 204.616487][ T5517] loop2: detected capacity change from 0 to 1024 [ 204.700215][ T7] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 204.711887][ T7] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 204.720388][ T7] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 204.729378][ T3562] Bluetooth: hci2: unexpected cc 0x203e length: 2 > 1 [ 204.736739][ T3562] Bluetooth: hci2: unexpected event for opcode 0x203e [ 204.745780][ T7] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 204.771812][ T7] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 204.829352][ T3562] Bluetooth: hci2: failed to read key size for handle 201 [ 204.836847][ T3562] Bluetooth: hci2: unexpected event for opcode 0x1408 [ 205.029614][ T3707] bond0 (unregistering): Released all slaves [ 205.061772][ T7] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 205.133129][ T5482] device bridge2 entered promiscuous mode [ 205.148491][ T5398] device hsr_slave_0 entered promiscuous mode [ 205.215063][ T5398] device hsr_slave_1 entered promiscuous mode [ 205.230182][ T5398] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 205.255445][ T5398] Cannot create hsr debugfs directory [ 205.341818][ T7] usb 1-1: no configurations [ 205.346516][ T7] usb 1-1: can't read configurations, error -22 [ 205.380594][ T5530] loop4: detected capacity change from 0 to 1764 [ 205.515309][ T7] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 205.671308][ T5535] device syzkaller0 entered promiscuous mode [ 205.711898][ T4189] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 205.811966][ T7] usb 1-1: no configurations [ 205.816606][ T7] usb 1-1: can't read configurations, error -22 [ 205.842218][ T7] usb usb1-port1: attempt power cycle [ 206.024890][ T3562] Bluetooth: hci5: Unknown advertising packet type: 0x7070 [ 206.024929][ T3562] Bluetooth: hci5: Unknown advertising packet type: 0x2540 [ 206.032302][ T3562] Bluetooth: hci5: Malformed LE Event: 0x0d [ 206.054146][ T5527] loop1: detected capacity change from 0 to 32768 [ 206.101905][ T4189] usb 5-1: unable to get BOS descriptor or descriptor too short [ 206.192097][ T4189] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 206.214103][ T4189] usb 5-1: can't read configurations, error -71 [ 206.261896][ T7] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 206.395373][ T7] usb 1-1: no configurations [ 206.400155][ T7] usb 1-1: can't read configurations, error -22 [ 206.551712][ T7] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 206.691831][ T7] usb 1-1: no configurations [ 206.696663][ T7] usb 1-1: can't read configurations, error -22 [ 206.716058][ T7] usb usb1-port1: unable to enumerate USB device [ 209.093678][ T3594] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 209.351740][ T3594] usb 1-1: Using ep0 maxpacket: 8 [ 210.141951][ T3594] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 210.270509][ T3594] usb 1-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 210.331213][ T5574] loop1: detected capacity change from 0 to 128 [ 210.397310][ T5574] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 210.408800][ T5574] ext4 filesystem being mounted at /112/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 210.466368][ T3594] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=f0.c9 [ 210.488624][ T3594] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.497430][ T3594] usb 1-1: Product: syz [ 210.502030][ T3594] usb 1-1: Manufacturer: syz [ 210.506687][ T3594] usb 1-1: SerialNumber: syz [ 210.595803][ T3548] EXT4-fs (loop1): unmounting filesystem. [ 210.831825][ T3594] snd-usb-6fire 1-1:2.0: unable to receive device firmware state. [ 210.870312][ T3594] snd-usb-6fire: probe of 1-1:2.0 failed with error -71 [ 210.896989][ T3594] usb 1-1: USB disconnect, device number 13 [ 212.182170][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 212.182411][ T26] audit: type=1326 audit(2000000020.260:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5581 comm="syz.0.575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7fc00000 [ 212.592596][ T26] audit: type=1326 audit(2000000020.670:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5581 comm="syz.0.575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fed36f75bd9 code=0x7fc00000 [ 212.732884][ T4190] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 212.740301][ T4190] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 212.799835][ T4190] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 213.080057][ T4190] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 213.113372][ T4190] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 213.461888][ T4190] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 213.596043][ T5398] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 213.650788][ T5398] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 213.701506][ T5398] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 213.717850][ T5398] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 214.507561][ T5584] loop1: detected capacity change from 0 to 40427 [ 214.515117][ T5584] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 214.538391][ T5584] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 214.588964][ T5398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.609293][ T5584] F2FS-fs (loop1): Found nat_bits in checkpoint [ 214.632048][ T4190] usb 1-1: no configurations [ 214.632948][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 214.636714][ T4190] usb 1-1: can't read configurations, error -22 [ 214.679964][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.717581][ T5398] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.765835][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 214.781790][ T4190] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 214.795617][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.814330][ T3594] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.821433][ T3594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.857743][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.868805][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.885371][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.898896][ T3597] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.906039][ T3597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.927072][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.966269][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.988750][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 215.020133][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 215.053440][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 215.078375][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.083161][ T4190] usb 1-1: no configurations [ 215.104965][ T4190] usb 1-1: can't read configurations, error -22 [ 215.142027][ T4190] usb usb1-port1: attempt power cycle [ 215.142745][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 215.269981][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 215.281334][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 215.292838][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 215.304209][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 216.001768][ T26] audit: type=1326 audit(2000000023.720:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5629 comm="syz.4.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7fc00000 [ 216.125767][ T26] audit: type=1326 audit(2000000024.200:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5629 comm="syz.4.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb294575bd9 code=0x7fc00000 [ 216.145617][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 218.526918][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 218.547712][ T4190] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 218.576803][ T5398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.688792][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 218.738527][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 218.804772][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 218.846354][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 219.451737][ T26] audit: type=1326 audit(2000000027.170:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz.2.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 219.531478][ T5398] device veth0_vlan entered promiscuous mode [ 219.558902][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 219.575991][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 219.598666][ T26] audit: type=1326 audit(2000000027.590:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz.2.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 219.645597][ T5398] device veth1_vlan entered promiscuous mode [ 219.683062][ T1147] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 219.709587][ T1147] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 219.736668][ T1147] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 219.760385][ T5398] device veth0_macvtap entered promiscuous mode [ 219.769143][ T1147] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 219.799676][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 219.810000][ T1147] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 219.820845][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 219.844503][ T5398] device veth1_macvtap entered promiscuous mode [ 219.866906][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 219.892512][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 219.959997][ T5398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.998084][ T5398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.035876][ T5398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.075831][ T5398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.091679][ T3607] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 220.110600][ T5398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.149086][ T5398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.167791][ T5398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.180746][ T5398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.205299][ T5398] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.216367][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 220.231126][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 220.363500][ T5398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.374301][ T5398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.385462][ T5398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.398645][ T5398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.758142][ T5398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.923092][ T5398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.032844][ T5398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.086457][ T5398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.162032][ T3607] usb 2-1: no configurations [ 221.166745][ T3607] usb 2-1: can't read configurations, error -22 [ 221.193311][ T5398] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.254620][ T5674] loop0: detected capacity change from 0 to 40427 [ 221.262082][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 221.282802][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 221.298536][ T5674] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 221.327293][ T5674] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 221.329947][ T5398] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.341873][ T3607] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 221.367801][ T5398] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.418535][ T5398] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.431789][ T5674] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-4) [ 221.440793][ T5398] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.696645][ T3607] usb 2-1: no configurations [ 221.701457][ T3607] usb 2-1: can't read configurations, error -22 [ 221.741047][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.775896][ T3607] usb usb2-port1: attempt power cycle [ 221.817213][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.846295][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.862179][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.888853][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 221.946674][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 222.387671][ T3607] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 222.417927][ T5735] loop4: detected capacity change from 0 to 1024 [ 222.592108][ T3607] usb 2-1: no configurations [ 222.597437][ T3607] usb 2-1: can't read configurations, error -22 [ 223.198512][ T3562] Bluetooth: hci5: unexpected cc 0x203e length: 2 > 1 [ 223.285737][ T3562] Bluetooth: hci5: failed to read key size for handle 201 [ 225.694050][ T4189] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 225.712401][ T4189] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 226.445526][ T4189] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 226.453305][ T4189] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 226.461994][ T4189] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 226.540336][ T5759] loop2: detected capacity change from 0 to 40427 [ 226.576753][ T5759] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 226.608819][ T5759] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 226.660053][ T5759] F2FS-fs (loop2): Found nat_bits in checkpoint [ 226.724926][ T5759] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 226.735952][ T5759] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 226.751878][ T3593] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 226.911794][ T4189] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 227.166530][ T3593] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 227.174269][ T4189] usb 4-1: Using ep0 maxpacket: 8 [ 227.187784][ T3593] usb 2-1: can't read configurations, error -61 [ 227.332561][ T4189] usb 4-1: unable to get BOS descriptor or descriptor too short [ 227.351755][ T3593] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 227.682153][ T4189] usb 4-1: string descriptor 0 read error: -22 [ 227.702988][ T4189] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 227.728938][ T5806] loop2: detected capacity change from 0 to 1024 [ 227.787397][ T4189] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.841891][ T3593] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 227.864933][ T3593] usb 2-1: can't read configurations, error -61 [ 227.874958][ T4189] usb 4-1: config 0 descriptor?? [ 227.886049][ T3593] usb usb2-port1: attempt power cycle [ 227.956873][ T3562] Bluetooth: hci2: unexpected cc 0x203e length: 2 > 1 [ 227.964406][ T3562] Bluetooth: hci2: unexpected event for opcode 0x203e [ 228.036305][ T3562] Bluetooth: hci2: failed to read key size for handle 201 [ 228.043508][ T3562] Bluetooth: hci2: unexpected event for opcode 0x1408 [ 228.311725][ T3593] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 228.456718][ T5818] netlink: 'syz.3.624': attribute type 27 has an invalid length. [ 228.571785][ T3593] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 228.605302][ T3593] usb 2-1: can't read configurations, error -61 [ 228.751834][ T4189] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 228.852011][ T4189] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 228.915298][ T4189] dib0700: firmware download failed at 7 with -22 [ 228.958000][ T4189] usb 4-1: USB disconnect, device number 14 [ 231.002647][ T5853] loop2: detected capacity change from 0 to 512 [ 231.113177][ T41] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 231.134387][ T5857] loop4: detected capacity change from 0 to 256 [ 231.154568][ T41] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 231.182734][ T5857] exfat: Unknown parameter '184467440737095516150xffffffffffffffff' [ 231.191093][ T41] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 231.204044][ T41] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 231.238780][ T41] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 231.511886][ T41] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 232.372041][ T4189] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 232.381806][ T41] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 232.732047][ T26] audit: type=1326 audit(2000000040.810:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5874 comm="syz.4.648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7fc00000 [ 233.150909][ T26] audit: type=1326 audit(2000000040.810:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5874 comm="syz.4.648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb294575bd9 code=0x7fc00000 [ 233.173424][ T26] audit: type=1326 audit(2000000041.260:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5874 comm="syz.4.648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb294575bd9 code=0x7fc00000 [ 233.182194][ T41] usb 4-1: can't read configurations, error -61 [ 233.261755][ T4189] usb 3-1: Using ep0 maxpacket: 8 [ 233.421953][ T4189] usb 3-1: unable to get BOS descriptor or descriptor too short [ 233.663140][ T4189] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=a9.dc [ 233.786232][ T41] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 233.837529][ T4189] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.849994][ T4189] usb 3-1: Product: syz [ 233.858879][ T4189] usb 3-1: Manufacturer: syz [ 233.871674][ T4189] usb 3-1: SerialNumber: syz [ 234.578886][ T4189] r8152-cfgselector 3-1: config 0 descriptor?? [ 234.647079][ T5897] loop4: detected capacity change from 0 to 512 [ 234.696616][ T3654] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 234.881896][ T41] usb 4-1: device not accepting address 16, error -71 [ 234.987345][ T41] usb usb4-port1: attempt power cycle [ 235.602148][ T4189] r8152-cfgselector 3-1: Unknown version 0x0000 [ 235.751965][ T4189] r8152-cfgselector 3-1: Unknown version 0x0000 [ 235.758345][ T4189] r8152-cfgselector 3-1: bad CDC descriptors [ 235.857489][ T4189] r8152-cfgselector 3-1: Unknown version 0x0000 [ 235.885460][ T4189] r8152-cfgselector 3-1: USB disconnect, device number 11 [ 236.806782][ T26] audit: type=1326 audit(2000000044.500:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.2.659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 236.958464][ T26] audit: type=1326 audit(2000000044.510:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.2.659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 237.028382][ T26] audit: type=1326 audit(2000000044.930:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.2.659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d75775bd9 code=0x7fc00000 [ 237.805794][ T4189] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 237.849845][ T4189] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 237.871787][ T4189] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 237.889114][ T4189] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 237.919722][ T4189] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 238.048291][ T26] audit: type=1326 audit(2000000046.210:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 238.093659][ T1147] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 238.160214][ T26] audit: type=1326 audit(2000000046.310:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 238.621915][ T1147] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 238.629918][ T1147] usb 4-1: can't read configurations, error -61 [ 238.636811][ T26] audit: type=1326 audit(2000000046.310:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 238.712803][ T26] audit: type=1326 audit(2000000046.330:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faf611779f7 code=0x7ffc0000 [ 238.788628][ T26] audit: type=1326 audit(2000000046.330:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7faf6117796c code=0x7ffc0000 [ 238.821767][ T1147] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 238.881080][ T26] audit: type=1326 audit(2000000046.330:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7faf611778a4 code=0x7ffc0000 [ 238.909962][ T5925] tmpfs: Bad value for 'size' [ 238.963064][ T26] audit: type=1326 audit(2000000046.330:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7faf611778a4 code=0x7ffc0000 [ 239.030371][ T26] audit: type=1326 audit(2000000046.330:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7faf6117490a code=0x7ffc0000 [ 239.094845][ T26] audit: type=1326 audit(2000000046.330:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 239.151836][ T26] audit: type=1326 audit(2000000046.410:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 239.331825][ T1147] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 239.346171][ T1147] usb 4-1: can't read configurations, error -61 [ 239.379358][ T1147] usb usb4-port1: attempt power cycle [ 243.378974][ T6006] netlink: 4 bytes leftover after parsing attributes in process `syz.4.682'. [ 244.626485][ T6026] device bridge3 entered promiscuous mode [ 244.780643][ T26] kauditd_printk_skb: 33 callbacks suppressed [ 244.780657][ T26] audit: type=1326 audit(2000000053.000:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.3.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb87d975bd9 code=0x7ffc0000 [ 245.575243][ T26] audit: type=1326 audit(2000000053.760:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.3.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb87d975bd9 code=0x7ffc0000 [ 245.629783][ T26] audit: type=1326 audit(2000000053.760:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.3.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fb87d975bd9 code=0x7ffc0000 [ 245.679200][ T26] audit: type=1326 audit(2000000053.760:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.3.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb87d975bd9 code=0x7ffc0000 [ 245.759050][ T26] audit: type=1326 audit(2000000053.760:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.3.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb87d975bd9 code=0x7ffc0000 [ 245.861745][ T26] audit: type=1326 audit(2000000053.780:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.3.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb87d975bd9 code=0x7ffc0000 [ 245.948018][ T26] audit: type=1326 audit(2000000053.780:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.3.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb87d975bd9 code=0x7ffc0000 [ 246.039669][ T26] audit: type=1326 audit(2000000053.780:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.3.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb87d975bd9 code=0x7ffc0000 [ 246.094234][ T26] audit: type=1326 audit(2000000053.780:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.3.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb87d9779f7 code=0x7ffc0000 [ 246.146855][ T26] audit: type=1326 audit(2000000053.780:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.3.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fb87d97796c code=0x7ffc0000 [ 248.752582][ T6075] device bridge6 entered promiscuous mode [ 250.035146][ T6084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.707'. [ 250.374090][ T6097] Cannot find add_set index 0 as target [ 251.254149][ T6111] device bridge2 entered promiscuous mode [ 252.349470][ T26] kauditd_printk_skb: 36 callbacks suppressed [ 252.349486][ T26] audit: type=1326 audit(2000000060.570:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7ffc0000 [ 252.417054][ T26] audit: type=1326 audit(2000000060.610:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7ffc0000 [ 252.477773][ T26] audit: type=1326 audit(2000000060.610:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fed36f75bd9 code=0x7ffc0000 [ 252.565300][ T26] audit: type=1326 audit(2000000060.610:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7ffc0000 [ 252.770617][ T26] audit: type=1326 audit(2000000060.610:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7ffc0000 [ 253.540362][ T26] audit: type=1326 audit(2000000060.610:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fed36f75bd9 code=0x7ffc0000 [ 253.601740][ T26] audit: type=1326 audit(2000000060.610:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7ffc0000 [ 253.698321][ T26] audit: type=1326 audit(2000000060.610:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36f75bd9 code=0x7ffc0000 [ 253.728595][ T26] audit: type=1326 audit(2000000060.610:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fed36f779f7 code=0x7ffc0000 [ 253.756485][ T26] audit: type=1326 audit(2000000060.610:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.0.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fed36f7796c code=0x7ffc0000 [ 253.969057][ T6144] device pim6reg1 entered promiscuous mode [ 254.282948][ T6153] device bridge3 entered promiscuous mode [ 255.363808][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.370290][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.747606][ T6179] device pim6reg1 entered promiscuous mode [ 255.796733][ T6185] device bridge3 entered promiscuous mode [ 257.126149][ T6199] input: syz1 as /devices/virtual/input/input5 [ 258.056619][ T6217] loop4: detected capacity change from 0 to 1024 [ 258.156770][ T3562] Bluetooth: hci2: unexpected event for opcode 0x0c7b [ 258.350769][ T26] kauditd_printk_skb: 31 callbacks suppressed [ 258.350780][ T26] audit: type=1326 audit(2000000066.570:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6223 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 258.458210][ T26] audit: type=1326 audit(2000000066.600:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6223 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 258.515636][ T6236] device bridge7 entered promiscuous mode [ 258.697633][ T26] audit: type=1326 audit(2000000066.610:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6223 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 258.697674][ T26] audit: type=1326 audit(2000000066.610:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6223 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 258.697706][ T26] audit: type=1326 audit(2000000066.610:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6223 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 258.697737][ T26] audit: type=1326 audit(2000000066.610:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6223 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 258.697767][ T26] audit: type=1326 audit(2000000066.610:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6223 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 259.602254][ T26] audit: type=1326 audit(2000000066.610:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6223 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf61175bd9 code=0x7ffc0000 [ 259.602315][ T26] audit: type=1326 audit(2000000066.610:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6223 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faf611779f7 code=0x7ffc0000 [ 259.602348][ T26] audit: type=1326 audit(2000000066.610:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6223 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7faf6117796c code=0x7ffc0000 [ 259.735063][ T3685] hfsplus: b-tree write err: -5, ino 4 [ 261.101706][ T3594] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 261.433738][ T3562] Bluetooth: hci2: Unknown advertising packet type: 0x7070 [ 261.433785][ T3562] Bluetooth: hci2: Unknown advertising packet type: 0x2540 [ 261.433794][ T3562] Bluetooth: hci2: Malformed LE Event: 0x0d [ 261.501797][ T3594] usb 3-1: unable to get BOS descriptor or descriptor too short [ 261.571829][ T3594] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 261.571862][ T3594] usb 3-1: can't read configurations, error -71 [ 261.859010][ T6270] loop4: detected capacity change from 0 to 1024 [ 261.987104][ T3562] Bluetooth: hci5: unexpected cc 0x203e length: 2 > 1 [ 262.059625][ T6277] device bridge8 entered promiscuous mode [ 262.067501][ T3562] Bluetooth: hci5: failed to read key size for handle 201 [ 262.163616][ T3562] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 262.163791][ T3562] Bluetooth: hci2: Injecting HCI hardware error event [ 262.165624][ T3561] Bluetooth: hci2: hardware error 0x00 [ 367.181589][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 367.181621][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P46/1:b..l P1147/1:b..l [ 367.182288][ C0] (detected by 0, t=10502 jiffies, g=27597, q=29 ncpus=2) [ 367.182311][ C0] task:kworker/1:2 state:R running task stack:23576 pid:1147 ppid:2 flags:0x00004000 [ 367.182361][ C0] Workqueue: events_power_efficient gc_worker [ 367.182404][ C0] Call Trace: [ 367.182411][ C0] [ 367.182434][ C0] __schedule+0x142d/0x4550 [ 367.182490][ C0] ? __sched_text_start+0x8/0x8 [ 367.182521][ C0] ? print_irqtrace_events+0x210/0x210 [ 367.182551][ C0] ? mark_lock+0x9a/0x340 [ 367.182581][ C0] ? preempt_schedule_irq+0xec/0x1c0 [ 367.182603][ C0] preempt_schedule_irq+0xf7/0x1c0 [ 367.182623][ C0] ? preempt_schedule_notrace+0x140/0x140 [ 367.182657][ C0] irqentry_exit+0x53/0x80 [ 367.182678][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 367.182707][ C0] RIP: 0010:lock_acquire+0x26f/0x5a0 [ 367.182735][ C0] Code: 2b 00 74 08 4c 89 f7 e8 1f ae 77 00 f6 44 24 61 02 0f 85 84 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 [ 367.182757][ C0] RSP: 0018:ffffc90004c179a0 EFLAGS: 00000206 [ 367.182776][ C0] RAX: 0000000000000001 RBX: 1ffff92000982f40 RCX: 1ffff92000982ee0 [ 367.182791][ C0] RDX: dffffc0000000000 RSI: ffffffff8aec13c0 RDI: ffffffff8b3d4760 [ 367.182807][ C0] RBP: ffffc90004c17ae8 R08: dffffc0000000000 R09: fffffbfff2093845 [ 367.182822][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000982f3c [ 367.182836][ C0] R13: dffffc0000000000 R14: ffffc90004c17a00 R15: 0000000000000246 [ 367.182866][ C0] ? gc_worker+0x27a/0x1530 [ 367.182891][ C0] ? read_lock_is_recursive+0x10/0x10 [ 367.182918][ C0] ? gc_worker+0x27a/0x1530 [ 367.182937][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 367.182960][ C0] ? __might_sleep+0xb0/0xb0 [ 367.182978][ C0] ? seqcount_lockdep_reader_access+0x1d3/0x220 [ 367.183024][ C0] gc_worker+0x29b/0x1530 [ 367.183043][ C0] ? gc_worker+0x27a/0x1530 [ 367.183066][ C0] ? gc_worker+0x27a/0x1530 [ 367.183086][ C0] ? read_lock_is_recursive+0x10/0x10 [ 367.183119][ C0] ? print_irqtrace_events+0x210/0x210 [ 367.183153][ C0] ? init_conntrack+0x14e0/0x14e0 [ 367.183174][ C0] ? do_raw_spin_unlock+0x137/0x8a0 [ 367.183200][ C0] ? process_one_work+0x7a9/0x11d0 [ 367.183223][ C0] process_one_work+0x8a9/0x11d0 [ 367.183260][ C0] ? worker_detach_from_pool+0x260/0x260 [ 367.183288][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 367.183311][ C0] ? kthread_data+0x4e/0xc0 [ 367.183343][ C0] ? wq_worker_running+0x97/0x190 [ 367.183377][ C0] worker_thread+0xa47/0x1200 [ 367.183423][ C0] kthread+0x28d/0x320 [ 367.183441][ C0] ? worker_clr_flags+0x190/0x190 [ 367.183462][ C0] ? kthread_blkcg+0xd0/0xd0 [ 367.183483][ C0] ret_from_fork+0x1f/0x30 [ 367.183522][ C0] [ 367.183531][ C0] task:kworker/u4:3 state:R running task stack:21016 pid:46 ppid:2 flags:0x00004000 [ 367.183568][ C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 367.183601][ C0] Call Trace: [ 367.183607][ C0] [ 367.183618][ C0] __schedule+0x142d/0x4550 [ 367.183655][ C0] ? mark_lock+0x9a/0x340 [ 367.183693][ C0] ? __sched_text_start+0x8/0x8 [ 367.183723][ C0] ? print_irqtrace_events+0x210/0x210 [ 367.183752][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 367.183774][ C0] ? preempt_schedule_irq+0xec/0x1c0 [ 367.183797][ C0] preempt_schedule_irq+0xf7/0x1c0 [ 367.183816][ C0] ? preempt_schedule_notrace+0x140/0x140 [ 367.183841][ C0] ? rcu_is_watching+0x11/0xb0 [ 367.183867][ C0] irqentry_exit+0x53/0x80 [ 367.183887][ C0] asm_sysvec_reschedule_ipi+0x16/0x20 [ 367.183913][ C0] RIP: 0010:lock_acquire+0x26f/0x5a0 [ 367.183940][ C0] Code: 2b 00 74 08 4c 89 f7 e8 1f ae 77 00 f6 44 24 61 02 0f 85 84 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 [ 367.183957][ C0] RSP: 0000:ffffc90000b77900 EFLAGS: 00000206 [ 367.183979][ C0] RAX: 0000000000000001 RBX: 1ffff9200016ef2c RCX: 1ffff9200016eecc [ 367.183994][ C0] RDX: dffffc0000000000 RSI: ffffffff8aec13c0 RDI: ffffffff8b3d4760 [ 367.184010][ C0] RBP: ffffc90000b77a48 R08: dffffc0000000000 R09: fffffbfff2093845 [ 367.184025][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200016ef28 [ 367.184040][ C0] R13: dffffc0000000000 R14: ffffc90000b77960 R15: 0000000000000246 [ 367.184076][ C0] ? read_lock_is_recursive+0x10/0x10 [ 367.184104][ C0] ? batadv_iv_ogm_schedule+0x41a/0x1090 [ 367.184132][ C0] ? __rcu_read_unlock+0x100/0x100 [ 367.184160][ C0] ? __lock_acquire+0x1f80/0x1f80 [ 367.184185][ C0] ? batadv_primary_if_get_selected+0x3f0/0x510 [ 367.184229][ C0] batadv_iv_ogm_schedule+0x43b/0x1090 [ 367.184258][ C0] ? batadv_iv_ogm_schedule+0x41a/0x1090 [ 367.184293][ C0] ? batadv_iv_ogm_schedule+0x41a/0x1090 [ 367.184328][ C0] ? batadv_iv_send_outstanding_bat_ogm_packet+0x800/0x800 [ 367.184360][ C0] ? batadv_send_skb_packet+0x417/0x660 [ 367.184388][ C0] batadv_iv_send_outstanding_bat_ogm_packet+0x6fa/0x800 [ 367.184433][ C0] ? process_one_work+0x7a9/0x11d0 [ 367.184455][ C0] process_one_work+0x8a9/0x11d0 [ 367.184492][ C0] ? worker_detach_from_pool+0x260/0x260 [ 367.184520][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 367.184543][ C0] ? kthread_data+0x4e/0xc0 [ 367.184595][ C0] ? wq_worker_running+0x97/0x190 [ 367.184628][ C0] worker_thread+0xa47/0x1200 [ 367.184678][ C0] kthread+0x28d/0x320 [ 367.184697][ C0] ? worker_clr_flags+0x190/0x190 [ 367.184718][ C0] ? kthread_blkcg+0xd0/0xd0 [ 367.184740][ C0] ret_from_fork+0x1f/0x30 [ 367.184781][ C0] [ 367.184789][ C0] rcu: rcu_preempt kthread starved for 10480 jiffies! g27597 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 367.184813][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 367.184824][ C0] rcu: RCU grace-period kthread stack dump: [ 367.184831][ C0] task:rcu_preempt state:R running task stack:26712 pid:16 ppid:2 flags:0x00004000 [ 367.184868][ C0] Call Trace: [ 367.184875][ C0] [ 367.184886][ C0] __schedule+0x142d/0x4550 [ 367.184917][ C0] ? _raw_spin_unlock+0x40/0x40 [ 367.184963][ C0] ? __sched_text_start+0x8/0x8 [ 367.184998][ C0] ? lockdep_softirqs_off+0x420/0x420 [ 367.185025][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 367.185052][ C0] ? _raw_spin_unlock+0x40/0x40 [ 367.185084][ C0] schedule+0xbf/0x180 [ 367.185114][ C0] schedule_timeout+0x1b9/0x300 [ 367.185143][ C0] ? console_conditional_schedule+0x40/0x40 [ 367.185170][ C0] ? update_process_times+0x1b0/0x1b0 [ 367.185200][ C0] ? prepare_to_swait_event+0x329/0x350 [ 367.185235][ C0] rcu_gp_fqs_loop+0x2d2/0x1150 [ 367.185267][ C0] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 367.185295][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 367.185319][ C0] ? rcu_gp_init+0x15f0/0x15f0 [ 367.185342][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 367.185373][ C0] ? finish_swait+0xcf/0x1e0 [ 367.185404][ C0] rcu_gp_kthread+0xa3/0x3b0 [ 367.185431][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 367.185454][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 367.185485][ C0] ? __kthread_parkme+0x168/0x1c0 [ 367.185520][ C0] kthread+0x28d/0x320 [ 367.185539][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 367.185562][ C0] ? kthread_blkcg+0xd0/0xd0 [ 367.185583][ C0] ret_from_fork+0x1f/0x30 [ 367.185623][ C0] [ 367.185631][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 367.185645][ C0] Sending NMI from CPU 0 to CPUs 1: [ 367.185669][ C1] NMI backtrace for cpu 1 [ 367.185683][ C1] CPU: 1 PID: 6274 Comm: syz.1.777 Not tainted 6.1.97-syzkaller #0 [ 367.185699][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 367.185708][ C1] RIP: 0010:memset+0x1/0x40 [ 367.185727][ C1] Code: 0d a7 08 31 db eb d7 cc cc 89 f6 48 8b 0c 24 31 d2 e9 d3 ec ff ff 0f 1f 00 89 f6 48 8b 0c 24 ba 01 00 00 00 e9 c0 ec ff ff 55 <41> 56 53 48 89 d3 41 89 f6 48 89 fd 48 8b 4c 24 18 48 89 d6 ba 01 [ 367.185740][ C1] RSP: 0018:ffffc9000a65fd90 EFLAGS: 00000246 [ 367.185752][ C1] RAX: ffffffff8157ab46 RBX: 00007faf61fe8ad0 RCX: 0000000000040000 [ 367.185777][ C1] RDX: 0000000000000018 RSI: 0000000000000000 RDI: ffffc9000a65fdc0 [ 367.185788][ C1] RBP: ffffc9000a65fe50 R08: ffffffff815bccb6 R09: ffffed10024e5981 [ 367.185801][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 367.185812][ C1] R13: 1ffff920014cbfb4 R14: ffffc9000a65fdc0 R15: 0000000000000000 [ 367.185824][ C1] FS: 00007faf61fe96c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 367.185839][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 367.185850][ C1] CR2: 00007fb2952abfc8 CR3: 000000006466c000 CR4: 00000000003506e0 [ 367.185864][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 367.185873][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 367.185883][ C1] Call Trace: [ 367.185892][ C1] [ 367.185898][ C1] ? nmi_cpu_backtrace+0x3de/0x560 [ 367.185923][ C1] ? read_lock_is_recursive+0x10/0x10 [ 367.185948][ C1] ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0 [ 367.185973][ C1] ? nmi_handle+0x25/0x440 [ 367.186004][ C1] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 367.186029][ C1] ? nmi_handle+0x12e/0x440 [ 367.186053][ C1] ? nmi_handle+0x25/0x440 [ 367.186077][ C1] ? memset+0x1/0x40 [ 367.186092][ C1] ? default_do_nmi+0x62/0x150 [ 367.186108][ C1] ? exc_nmi+0xa8/0x100 [ 367.186123][ C1] ? end_repeat_nmi+0x16/0x31 [ 367.186149][ C1] ? __kthread_should_park+0xa6/0xe0 [ 367.186171][ C1] ? restore_altstack+0x76/0x150 [ 367.186188][ C1] ? memset+0x1/0x40 [ 367.186204][ C1] ? memset+0x1/0x40 [ 367.186221][ C1] ? memset+0x1/0x40 [ 367.186238][ C1] [ 367.186242][ C1] [ 367.186247][ C1] restore_altstack+0x85/0x150 [ 367.186262][ C1] ? __ia32_sys_sigaltstack+0x260/0x260 [ 367.186279][ C1] ? set_current_blocked+0x40/0x40 [ 367.186305][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 367.186330][ C1] __do_sys_rt_sigreturn+0x19d/0x250 [ 367.186351][ C1] ? x32_copy_siginfo_to_user+0x270/0x270 [ 367.186371][ C1] ? syscall_enter_from_user_mode+0x2e/0x230 [ 367.186389][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 367.186407][ C1] ? syscall_enter_from_user_mode+0x2e/0x230 [ 367.186428][ C1] do_syscall_64+0x3b/0xb0 [ 367.186451][ C1] ? clear_bhb_loop+0x45/0xa0 [ 367.186474][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 367.186496][ C1] RIP: 0033:0x7faf61175bd7 [ 367.186512][ C1] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 367.186536][ C1] RSP: 002b:00007faf61fe9048 EFLAGS: 00000246 [ 367.186547][ C1] RAX: 00000000000000ca RBX: 00007faf61303f60 RCX: 00007faf61175bd9 [ 367.186558][ C1] RDX: 0000000000000000 RSI: 0000800000000006 RDI: 0000000020001300 [ 367.186568][ C1] RBP: 00007faf611e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 367.186577][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 367.186586][ C1] R13: 000000000000000b R14: 00007faf61303f60 R15: 00007ffe34a36b68 [ 367.186604][ C1] [ 507.764515][ C0] BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 245s! [ 507.764643][ C0] BUG: workqueue lockup - pool cpus=0-1 flags=0x4 nice=0 stuck for 245s! [ 507.764678][ C0] Showing busy workqueues and worker pools: [ 507.764686][ C0] workqueue events: flags=0x0 [ 507.764733][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=9/256 refcnt=10 [ 507.764768][ C0] pending: nfc_urelease_event_work, nfc_urelease_event_work, psi_avgs_work, ovs_dp_masks_rebalance, ovs_dp_masks_rebalance, nsim_dev_hwstats_traffic_work, nsim_dev_hwstats_traffic_work, nsim_dev_trap_report_work, nfc_urelease_event_work [ 507.764939][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=23/256 refcnt=24 [ 507.764972][ C0] pending: nsim_dev_trap_report_work, nsim_dev_trap_report_work, nsim_dev_hwstats_traffic_work, nsim_dev_hwstats_traffic_work, nsim_dev_trap_report_work, nsim_dev_hwstats_traffic_work, nsim_dev_trap_report_work, ovs_dp_masks_rebalance, psi_avgs_work, psi_avgs_work, psi_avgs_work, kfree_rcu_monitor, ovs_dp_masks_rebalance, ovs_dp_masks_rebalance, ovs_dp_masks_rebalance, rt6_probe_deferred, ima_keys_handler, switchdev_deferred_process_work, rht_deferred_worker, rht_deferred_worker, rht_deferred_worker, rht_deferred_worker, vmstat_shepherd [ 507.765355][ C0] workqueue events_long: flags=0x0 [ 507.765367][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=15/256 refcnt=16 [ 507.765400][ C0] pending: defense_work_handler, defense_work_handler, delayed_sync_fs, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_multicast_gc_work, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup [ 507.765602][ C0] workqueue events_unbound: flags=0x2 [ 507.765649][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=5/512 refcnt=8 [ 507.765678][ C0] in-flight: 102:flush_to_ldisc, 3709:call_usermodehelper_exec_work [ 507.765757][ C0] pending: toggle_allocation_gate, flush_to_ldisc, flush_memcg_stats_dwork [ 507.765819][ C0] workqueue events_freezable: flags=0x4 [ 507.765831][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 507.765863][ C0] pending: update_balloon_stats_func [ 507.765888][ C0] workqueue events_power_efficient: flags=0x80 [ 507.765899][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 [ 507.765931][ C0] in-flight: 1147:gc_worker [ 507.765952][ C0] pending: fb_flashcursor [ 507.765977][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=4/256 refcnt=5 [ 507.766008][ C0] pending: reg_check_chans_work, check_lifetime, neigh_managed_work, neigh_periodic_work [ 507.766093][ C0] workqueue rcu_gp: flags=0x8 [ 507.766105][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 507.766137][ C0] in-flight: 3596:wait_rcu_exp_gp [ 507.766165][ C0] workqueue mm_percpu_wq: flags=0x8 [ 507.766176][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 507.766207][ C0] pending: vmstat_update [ 507.766231][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 507.766263][ C0] pending: vmstat_update [ 507.766290][ C0] workqueue writeback: flags=0x4a [ 507.766300][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/256 refcnt=5 [ 507.766328][ C0] pending: wb_workfn, wb_workfn [ 507.766376][ C0] workqueue kblockd: flags=0x18 [ 507.766387][ C0] pwq 1: cpus=0 node=0 flags=0x0 nice=-20 active=1/256 refcnt=2 [ 507.766420][ C0] in-flight: 120:blk_mq_timeout_work [ 507.766454][ C0] workqueue usb_hub_wq: flags=0x4 [ 507.766464][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 [ 507.766496][ C0] in-flight: 3594:hub_event hub_event [ 507.766644][ C0] workqueue dm_bufio_cache: flags=0x8 [ 507.766657][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 507.766690][ C0] pending: work_fn [ 507.766755][ C0] workqueue mld: flags=0x40008 [ 507.766767][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/1 refcnt=3 [ 507.766799][ C0] pending: mld_query_work [ 507.766816][ C0] inactive: mld_query_work [ 507.766834][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=13 [ 507.766865][ C0] pending: mld_mca_work [ 507.766883][ C0] inactive: mld_ifc_work, mld_mca_work, mld_mca_work, mld_mca_work, mld_mca_work, mld_mca_work, mld_mca_work, mld_mca_work, mld_mca_work, mld_mca_work, mld_mca_work [ 507.766996][ C0] workqueue ipv6_addrconf: flags=0x40008 [ 507.767007][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=3 [ 507.767044][ C0] pending: addrconf_dad_work [ 507.767062][ C0] inactive: addrconf_verify_work [ 507.767080][ C0] workqueue krxrpcd: flags=0x0 [ 507.767091][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=5 [ 507.767121][ C0] in-flight: 4189:rxrpc_peer_keepalive_worker [ 507.767146][ C0] inactive: rxrpc_peer_keepalive_worker, rxrpc_peer_keepalive_worker, rxrpc_peer_keepalive_worker [ 507.767189][ C0] workqueue krdsd: flags=0xe000a [ 507.767199][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=5 [ 507.767227][ C0] pending: rds_connect_worker [ 507.767250][ C0] inactive: rds_connect_worker [ 507.767274][ C0] workqueue bat_events: flags=0xe000a [ 507.767285][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=40 [ 507.767313][ C0] in-flight: 46:batadv_iv_send_outstanding_bat_ogm_packet [ 507.767348][ C0] inactive: batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_purge_orig, batadv_purge_orig, batadv_purge_orig, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_mcast_mla_update, batadv_mcast_mla_update, batadv_mcast_mla_update, batadv_mcast_mla_update, batadv_mcast_mla_update, batadv_tt_purge, batadv_tt_purge, batadv_tt_purge, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_purge_orig, batadv_purge_orig, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet [ 507.767921][ C0] , batadv_iv_send_outstanding_bat_ogm_packet, batadv_tt_purge, batadv_tt_purge, batadv_bla_periodic_work, batadv_dat_purge [ 507.767998][ C0] workqueue hci2: flags=0xa0012 [ 507.768010][ C0] pwq 5: cpus=0-1 node=0 flags=0x4 nice=-20 active=1/1 refcnt=4 [ 507.768046][ C0] in-flight: 3561:hci_error_reset [ 507.768072][ C0] workqueue wg-kex-wg0: flags=0x6 [ 507.768082][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=4 [ 507.768110][ C0] pending: wg_packet_handshake_send_worker [ 507.768133][ C0] workqueue wg-kex-wg1: flags=0x6 [ 507.768143][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=4 [ 507.768172][ C0] pending: wg_packet_handshake_send_worker [ 507.768194][ C0] workqueue wg-kex-wg2: flags=0x6 [ 507.768205][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/256 refcnt=5 [ 507.768232][ C0] pending: wg_packet_handshake_send_worker, wg_packet_handshake_send_worker [ 507.768267][ C0] workqueue wg-kex-wg0: flags=0x6 [ 507.768277][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=4 [ 507.768305][ C0] pending: wg_packet_handshake_send_worker [ 507.768327][ C0] workqueue wg-kex-wg1: flags=0x6 [ 507.768336][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/256 refcnt=5 [ 507.768364][ C0] pending: wg_packet_handshake_send_worker, wg_packet_handshake_send_worker [ 507.768398][ C0] workqueue wg-kex-wg2: flags=0x6 [ 507.768408][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=4 [ 507.768436][ C0] pending: wg_packet_handshake_send_worker [ 507.768458][ C0] workqueue wg-kex-wg0: flags=0x6 [ 507.768468][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=4 [ 507.768496][ C0] pending: wg_packet_handshake_send_worker [ 507.768518][ C0] workqueue wg-kex-wg1: flags=0x6 [ 507.768528][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/256 refcnt=5 [ 507.768556][ C0] pending: wg_packet_handshake_send_worker, wg_packet_handshake_send_worker [ 507.768589][ C0] workqueue wg-kex-wg2: flags=0x6 [ 507.768600][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=4 [ 507.768628][ C0] pending: wg_packet_handshake_send_worker [ 507.768649][ C0] workqueue phy4: flags=0xa0002 [ 507.768659][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 [ 507.768687][ C0] pending: ieee80211_iface_work [ 507.768710][ C0] workqueue phy7: flags=0xa0002 [ 507.768721][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 [ 507.768748][ C0] pending: ieee80211_iface_work [ 507.768771][ C0] workqueue phy8: flags=0xa0002 [ 507.768781][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 [ 507.768808][ C0] pending: ieee80211_iface_work [ 507.768832][ C0] workqueue phy11: flags=0xa0002 [ 507.768842][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 [ 507.768870][ C0] pending: ieee80211_iface_work [ 507.768892][ C0] workqueue phy12: flags=0xa0002 [ 507.768902][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 [ 507.768930][ C0] pending: ieee80211_iface_work [ 507.768954][ C0] workqueue hci5: flags=0xa0012 [ 507.768964][ C0] pwq 5: cpus=0-1 node=0 flags=0x4 nice=-20 active=1/1 refcnt=4 [ 507.768996][ C0] pending: hci_conn_timeout [ 507.769020][ C0] workqueue wg-kex-wg0: flags=0x6 [ 507.769032][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=4 [ 507.769059][ C0] pending: wg_packet_handshake_send_worker [ 507.769081][ C0] workqueue wg-kex-wg1: flags=0x6 [ 507.769091][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/256 refcnt=5 [ 507.769119][ C0] pending: wg_packet_handshake_send_worker, wg_packet_handshake_send_worker [ 507.769154][ C0] workqueue wg-kex-wg2: flags=0x6 [ 507.769164][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/256 refcnt=5 [ 507.769192][ C0] pending: wg_packet_handshake_send_worker, wg_packet_handshake_send_worker [ 507.769226][ C0] workqueue phy13: flags=0xa0002 [ 507.769237][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 [ 507.769265][ C0] pending: ieee80211_iface_work [ 507.769286][ C0] workqueue phy14: flags=0xa0002 [ 507.769297][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 [ 507.769324][ C0] pending: ieee80211_iface_work [ 507.769419][ C0] workqueue wg-kex-wg0: flags=0x6 [ 507.769430][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=4 [ 507.769459][ C0] pending: wg_packet_handshake_send_worker [ 507.769480][ C0] workqueue wg-kex-wg1: flags=0x6 [ 507.769491][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/256 refcnt=5 [ 507.769518][ C0] pending: wg_packet_handshake_send_worker, wg_packet_handshake_send_worker [ 507.769552][ C0] workqueue wg-kex-wg2: flags=0x6 [ 507.769562][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/256 refcnt=5 [ 507.769590][ C0] pending: wg_packet_handshake_send_worker, wg_packet_handshake_send_worker [ 507.769623][ C0] workqueue phy15: flags=0xa0002 [ 507.769634][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 [ 507.769661][ C0] pending: ieee80211_iface_work [ 507.769699][ C0] workqueue phy16: flags=0xa0002 [ 507.769710][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 [ 507.769755][ C0] pending: ieee80211_iface_work [ 507.769780][ C0] pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=0s workers=12 idle: 3593 14 7 4190 4188 3592 3538 3598 153 3599 [ 507.769874][ C0] pool 1: cpus=0 node=0 flags=0x0 nice=-20 hung=0s workers=2 idle: 8 [ 507.769915][ C0] pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=245s workers=8 idle: 41 3597 3607 22 3595 3627 [ 507.770025][ C0] pool 4: cpus=0-1 flags=0x4 nice=0 hung=245s workers=15 idle: 3685 3707 3944 3819 3638 40 3646 9 11 3649 3687 3633 [ 507.770180][ C0] pool 5: cpus=0-1 node=0 flags=0x4 nice=-20 hung=0s workers=9 idle: 3562 3555 3564 3558 3557 3563 3550 48 [ 507.793002][ T3596] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { P1147 P46 } 24541 jiffies s: 8045 root: 0x0/T [ 507.793374][ T3596] rcu: blocking rcu_node structures (internal RCU debug): [ 507.794735][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.794812][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 509.448583][ T3709] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.693902][ T3709] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.795618][ T3709] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.851687][ T3562] Bluetooth: hci0: command 0x0406 tx timeout [ 509.859710][ T3564] Bluetooth: hci5: command 0x0406 tx timeout [ 510.341627][ T3561] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 511.452344][ T6281] tty tty29: ldisc open failed (-12), clearing slot 28 [ 511.563430][ T3709] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.929124][ T3709] device hsr_slave_0 left promiscuous mode [ 512.939754][ T3709] device hsr_slave_1 left promiscuous mode [ 512.947918][ T3709] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 512.955570][ T3709] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 512.963560][ T3709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 512.970962][ T3709] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 512.978841][ T3709] device bridge_slave_1 left promiscuous mode [ 512.985171][ T3709] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.997698][ T3709] device bridge_slave_0 left promiscuous mode [ 513.004083][ T3709] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.034580][ T3709] device veth1_macvtap left promiscuous mode [ 513.041376][ T3709] device veth0_macvtap left promiscuous mode [ 513.048316][ T3709] device veth1_vlan left promiscuous mode [ 513.060746][ T3709] device veth0_vlan left promiscuous mode [ 513.570634][ T3709] team0 (unregistering): Port device team_slave_1 removed [ 513.617964][ T3709] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 513.650602][ T3709] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 513.918109][ T3709] bond0 (unregistering): Released all slaves [ 515.417025][ T3709] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.505577][ T3709] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.569374][ T3709] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.651150][ T3709] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.811029][ T3709] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.866956][ T3709] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.940098][ T3709] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.017268][ T3709] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.143796][ T3709] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.225294][ T3709] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.330247][ T3709] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.399443][ T3709] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.564128][ T3709] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.648542][ T3709] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.715585][ T3709] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.786971][ T3709] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.965532][ T3709] tipc: Disabling bearer [ 516.971236][ T3709] tipc: Left network mode [ 516.997787][ T3709] tipc: Disabling bearer [ 517.007739][ T3709] tipc: Left network mode