last executing test programs: 9.601579237s ago: executing program 3 (id=743): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udp(0xa, 0x2, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4607017f40070000000000000003000000ff030000c200000000004903000000000000ff00000001013800020005002600ff0000000000d5000000000000000000000000000000000000000000000000000000000000000000000000003b932f3b7d000000000000010001000000000060ff9e7041780db46b0446a3bcd99c862f7de1294e7a5ef9f3d1eaf757c89f0a2d2725fbfd2cab9610282437effe1f2ad39491491f928d7d2700a00dfb11b07d7bc8e4e599cfa46a8e260446ab5eb182f16315facc455a3e58f34f18024953a7c75eb09e9d8804a3571114c2b5cfb4f471ba76098039f20e706b1841"], 0x14a) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x40, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa7f0a0003001108004500003200000000000190780a010102ac1414aa03009078120002282500400000000000000600007f0000f592e0a3374a4201ac1e00010000"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRESHEX], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffe}}]}, &(0x7f0000000200)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000006c0)={@private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, 0x5, 0xc14c, 0x6, 0x80, 0x0, 0x4020000}) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)={@multicast2, @loopback}, 0xc) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000040)={'lo\x00'}) r4 = socket(0x1d, 0x2, 0x6) getsockopt$bt_BT_SECURITY(r4, 0x6a, 0x4, 0x0, 0x205fffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001000000000000"], 0x1e0}}, 0x0) 7.715021151s ago: executing program 5 (id=759): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, 0x0) read(r4, &(0x7f00000002c0)=""/200, 0x39) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000500)={'syztnl2\x00', 0x0, 0x2f, 0x6, 0x6, 0x0, 0x3a, @private0={0xfc, 0x0, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7, 0x7800, 0x5254, 0x2}}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000740)=@bpf_ext={0x1c, 0x0, &(0x7f00000003c0), &(0x7f0000000180)='syzkaller\x00', 0x1000, 0x85, &(0x7f0000000800)=""/133, 0x40f00, 0x21, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2af43, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000700), 0x10, 0x33b, @void, @value}, 0x90) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_udp(0x2, 0x2, 0x0) socketpair(0x25, 0x1, 0x0, &(0x7f0000000000)) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000080), &(0x7f00000000c0)=""/28, 0x1c, &(0x7f00000001c0)={&(0x7f0000000140)={'poly1305\x00'}}) write$char_usb(r1, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 6.944132214s ago: executing program 3 (id=767): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'}) r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r1, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8a85009a10d943a, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc45, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffff81, 0x14, 0x0, 0x0, 0xffffffffffffff47, 0x10, 0x8, 0x0, 0x0}}, 0x64) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000780)={r2}, 0x4) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000080)={@map=0x1, r3, 0x2f, 0x0, 0xffffffffffffffff, @prog_id}, 0x20) 6.631035966s ago: executing program 3 (id=770): pipe(&(0x7f0000000580)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000380)='./bus\x00', 0x20) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) mknodat$loop(0xffffffffffffffff, &(0x7f00000002c0)='./file1\x00', 0xc000, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioperm(0x0, 0xf1, 0x7) r2 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r2, 0x6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_open_dev$dri(0x0, 0x3, 0x408041) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) 5.74454616s ago: executing program 4 (id=775): r0 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000", @ANYRES16=r0, @ANYBLOB="47ef000023000000000004"], 0x14}}, 0x0) 5.451801098s ago: executing program 1 (id=776): pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0xb) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r3, 0x0, r1, 0x0, 0x6, 0x0) r4 = dup3(r0, r1, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3ff) fcntl$setstatus(r4, 0x4, 0x7c00) dup3(r3, r1, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000020acb"], 0x14}}, 0x0) 5.295929607s ago: executing program 4 (id=777): bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x62) listen(r0, 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) 5.12492074s ago: executing program 3 (id=778): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "a05c7b5d00008023e9c5bcf5fb7700"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) r3 = syz_io_uring_setup(0x7279, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0x2def, 0x0, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 4.929376679s ago: executing program 1 (id=780): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r3, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1, @random="4df193f35347"}, 0x0, {0x2, 0x0, @remote}, 'syz_tun\x00'}) 4.805215406s ago: executing program 4 (id=782): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udp(0xa, 0x2, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4607017f40070000000000000003000000ff030000c200000000004903000000000000ff00000001013800020005002600ff0000000000d5000000000000000000000000000000000000000000000000000000000000000000000000003b932f3b7d000000000000010001000000000060ff9e7041780db46b0446a3bcd99c862f7de1294e7a5ef9f3d1eaf757c89f0a2d2725fbfd2cab9610282437effe1f2ad39491491f928d7d2700a00dfb11b07d7bc8e4e599cfa46a8e260446ab5eb182f16315facc455a3e58f34f18024953a7c75eb09e9d8804a3571114c2b5cfb4f471ba76098039f20e706b1841"], 0x14a) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 4.343022687s ago: executing program 0 (id=785): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r4, @ANYBLOB="00000000010000001c0012000c0001006272696467"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001340)=@newtfilter={0xd14, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0xce4, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0xa}}, @TCA_FLOW_POLICE={0xcb0, 0xa, 0x0, 0x1, [@TCA_POLICE_RESULT={0x8, 0x5, 0x1}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x3}, @TCA_POLICE_RATE={0x404, 0x2, [0xfffffffd, 0x0, 0x2, 0x9, 0xbdd3, 0x0, 0x0, 0xff, 0x7fff, 0x489, 0x7, 0xfff, 0x8, 0x3, 0x0, 0x7, 0x3, 0x3, 0x1, 0x7d, 0x10, 0xf, 0x6, 0x5, 0x9, 0xb, 0x5, 0x401, 0x1, 0x8, 0x0, 0x101, 0x6759, 0x5, 0x3, 0x9, 0x0, 0xd8ef, 0x8, 0x9, 0x7fffffff, 0xfffffff9, 0x4, 0x0, 0x3, 0x9cb1, 0x75b2c99e, 0xff, 0x4, 0x1, 0x7, 0x5, 0x2, 0x1, 0x1, 0xf1, 0x0, 0xe, 0x6, 0x4, 0x9, 0x7, 0x5, 0x9, 0x8, 0x2, 0x23a6, 0x400, 0x4, 0x1ff, 0x96b, 0xbf4, 0x0, 0x4, 0x81, 0xb, 0x7838, 0x0, 0x9, 0x3, 0x0, 0x4, 0xffffffff, 0x7fffffff, 0x4, 0xfffffff7, 0x5, 0xdfa, 0x5, 0x3, 0x5, 0xa04, 0x7, 0xfff, 0x3, 0x8, 0xd5, 0xdf, 0x1, 0xdb717b32, 0x0, 0x6, 0x400, 0x5, 0x99, 0x1, 0x952, 0x2, 0x7ff, 0x5, 0xffffffff, 0x4, 0x0, 0xf4, 0xd, 0xfff, 0xab, 0x7, 0x3, 0x1, 0x7fffffff, 0x5, 0x80, 0x4, 0x3d81, 0x2, 0x8b, 0x10001, 0x9, 0xd2, 0x3, 0xe959, 0x4, 0x3, 0x7fffffff, 0xfffffff7, 0x8, 0x3ff, 0x5, 0x7, 0x40, 0x1, 0x45a, 0xfffff5f1, 0x5, 0x0, 0x9, 0x5, 0x8, 0x10001, 0x4, 0x3, 0x8001, 0x1aa, 0x0, 0xfffffffa, 0xd, 0xb0e, 0x1, 0x0, 0x2, 0xffff0001, 0x6, 0x5, 0x0, 0xfffffffc, 0x4, 0x8, 0x5, 0x657c, 0x3e, 0x2, 0x8, 0xf, 0x7, 0xc2bd, 0x214f, 0xea98, 0x10001, 0x4, 0x23a, 0x2, 0x3, 0x4, 0x1c, 0x0, 0xfffffffa, 0x9, 0x80000001, 0x7, 0xc1d, 0x3, 0x233b41d9, 0x80, 0x4, 0xa, 0x6, 0x3, 0xc, 0x5, 0xfe01, 0x1d7, 0x80000001, 0x34cc, 0x0, 0x7d, 0x4b, 0x5, 0x101, 0x81, 0x2, 0xc65, 0xfffffffa, 0x0, 0xc, 0x6, 0xfffffffd, 0x0, 0xf, 0x8, 0x1, 0x1, 0x6, 0x9, 0x3, 0xfffffff0, 0x5, 0xfffffffe, 0x1, 0xd, 0x0, 0x8, 0x6, 0x800, 0xfffffffc, 0x1000, 0xfffffffd, 0x6, 0x7, 0x4, 0x7, 0x4, 0x4, 0x65, 0x7, 0x0, 0x101, 0x7, 0x6, 0x9, 0x6, 0x80000001, 0x9, 0x9026, 0x100, 0x3]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x1}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_RATE={0x404, 0x2, [0xffff0001, 0x7, 0x3, 0x40, 0x1, 0x2, 0x100, 0x0, 0xba46, 0x6, 0x5, 0xf, 0x19, 0xcb, 0x5, 0x3237, 0x2, 0xab, 0x1, 0xd, 0xffff, 0x80000001, 0x7f, 0xfffffffa, 0x7, 0x5, 0x0, 0x4, 0x9, 0x10, 0x1, 0xb, 0xff, 0x5, 0x8, 0x9, 0x4, 0x40, 0x3ff, 0x7, 0x8, 0x101, 0x4, 0x4, 0x5, 0x88ac, 0x0, 0x6, 0x353, 0x800, 0x97, 0x6, 0x8041, 0x3ff, 0x6, 0xfffffff5, 0x61fd0fde, 0x7, 0x7f, 0xa20, 0x9, 0xff, 0x6, 0x4, 0x4, 0x0, 0x6, 0x0, 0x4, 0x400, 0x6, 0x9301, 0x49d, 0x7ff, 0x6, 0x272, 0xd08, 0xcf2, 0x80000000, 0x9, 0x7, 0xfffffffb, 0x7, 0x8001, 0x7, 0x6, 0xfffffffa, 0x4, 0x1, 0x100, 0x7ff, 0x10000, 0x3f5, 0x10, 0x10000, 0x7, 0x8, 0x9, 0x4, 0x2, 0x8, 0x10000, 0x5, 0x80000000, 0xcb88, 0xd, 0x6, 0x5, 0x1, 0x2, 0xcabc, 0x1, 0x9, 0x1, 0x9, 0x7, 0x10000, 0x7fffffff, 0xfff, 0x1ff, 0x3ff, 0x7, 0xd, 0x7e2feea5, 0x4, 0x7, 0x100, 0x3, 0x800, 0x4, 0x5, 0x15c, 0xffffffff, 0xb, 0x7ff, 0x10000, 0xffffffff, 0x7, 0x7, 0x61, 0x6, 0x9, 0x2, 0x3, 0x5, 0x8, 0x2, 0x5, 0x7, 0x8, 0x5, 0x9, 0x3, 0x8, 0x1ff, 0x5766fe47, 0x73eb51cf, 0x5, 0x2, 0x43d, 0x2210, 0x13, 0x3, 0x4, 0x1, 0x5, 0xc3d5, 0xe, 0x3, 0xfffffff9, 0x8, 0x0, 0x27, 0xa4, 0x5, 0x0, 0x2, 0x300e, 0x6, 0xf, 0x1, 0x6, 0x69d, 0x0, 0x7, 0x9, 0x28cd, 0x9, 0xb69, 0x3f, 0x7, 0xc, 0xf, 0x2, 0x8, 0x3, 0xfc000000, 0x2, 0x5, 0xbe2, 0x7, 0x7ff, 0x9, 0x2, 0xa, 0xe0f, 0x0, 0x4, 0x9, 0x5, 0xb, 0xfffffeff, 0x40, 0x32b, 0x70000000, 0x0, 0x9f, 0x9, 0x400, 0x7, 0x7, 0x6038, 0x0, 0x8, 0x4, 0x40, 0x40, 0x1, 0x4, 0x7, 0x9, 0x1, 0x2, 0x2, 0x5e8d, 0x5, 0x0, 0x500000, 0x800, 0x5, 0x71, 0x3, 0x81, 0xa769, 0x1000, 0xfffffdab, 0x4, 0x4, 0x3, 0x2ffc, 0x520, 0x4, 0x7f, 0xb, 0xffff3587]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x1, 0x3ff, 0xe, 0x5, {0x3, 0x2, 0x0, 0x2, 0x0, 0x2}, {0x4, 0x2, 0x8, 0xfffa, 0xfeff, 0x7fffffff}, 0x0, 0x4, 0x1}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x10001}, @TCA_POLICE_RATE={0x404, 0x2, [0x9, 0x5, 0x8, 0x9, 0x9, 0xffffffff, 0x6305, 0x8, 0x7, 0x0, 0x705, 0x0, 0x6, 0x66, 0x4f53, 0x0, 0x8, 0x8c, 0x9, 0x75c246e1, 0x2f, 0x1, 0x5, 0xfffffff7, 0x9, 0x7, 0x4, 0x1, 0xffff8000, 0x23e2, 0xffffff35, 0x7, 0x401, 0xfffffffb, 0x10000, 0xf0, 0xf, 0xffffffff, 0xa, 0xbc, 0x6, 0x2, 0x50b2, 0x5, 0x0, 0x3, 0x86d, 0x8, 0x8, 0x3, 0xfffff69f, 0x7, 0xfffffffd, 0x7, 0x0, 0x2, 0x3ff, 0x2, 0x7fff, 0x3, 0xe, 0x1, 0x4, 0x6, 0x1, 0x9, 0x8, 0x5, 0x80, 0xd94878e, 0x6, 0xf, 0x7f, 0x5, 0x81, 0x8, 0x3, 0xe96a, 0x6, 0x4, 0x7ff, 0x9, 0x4, 0x4, 0x4, 0xfffffff8, 0xbd, 0x0, 0x4, 0x5, 0x5, 0x5, 0x1, 0xd5, 0x6, 0x7f, 0x8, 0x8bcf, 0x6, 0x595, 0x9, 0x7, 0x9, 0x9, 0x5, 0x49, 0x2, 0x0, 0xffffffff, 0x7611, 0xffb3, 0x3, 0x2, 0x800, 0x55e, 0x4, 0x98f, 0x6, 0x9, 0x3, 0x6, 0x7, 0xed, 0x7, 0x80000000, 0x128, 0x6, 0x1, 0x0, 0xf6c2, 0x96cf, 0x0, 0xb0a, 0xe530, 0x3bf, 0x400, 0xfffffc00, 0x71b, 0x6, 0x3, 0x6, 0xffffffc0, 0x3, 0x8001, 0x5, 0x9, 0x2, 0x3, 0x0, 0xe5f, 0x0, 0x4, 0x80000000, 0xb678, 0x8, 0x2, 0x0, 0x401, 0x0, 0x4, 0x4, 0x1, 0x1, 0x2, 0x80000001, 0x5, 0x7, 0x5, 0x2e1b, 0x1ff, 0x6, 0x0, 0x7, 0x80000001, 0x7, 0x2, 0x6, 0x800, 0x4, 0x8, 0x2, 0xffff, 0x1, 0x75e, 0x7fffffff, 0x7, 0x10, 0x1, 0x6, 0xe, 0x6, 0x0, 0x6, 0x7, 0x220, 0x5, 0x7ff, 0xa, 0xfb8, 0x7, 0x1, 0xd7, 0x101, 0x6, 0x4800000, 0x3, 0x7, 0x1, 0x3, 0x2, 0x200, 0x8, 0x36, 0x101, 0x1, 0xa63d, 0x62d, 0x68, 0x4, 0xfffffff7, 0x89eb, 0x4, 0x0, 0xfffff4e3, 0x2, 0xeea1, 0x3ff, 0x7, 0xffffffff, 0x5, 0xfff, 0x4, 0x3, 0xb1, 0x401, 0x8, 0x3ff, 0x8, 0x0, 0x3, 0xb07, 0x100, 0x0, 0xa, 0x0, 0x7, 0xc8, 0x8, 0x9, 0x1, 0x7fffffff, 0x4, 0x2, 0x6, 0xe, 0x3]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xcb8f, 0x6, 0x40, 0x395, 0x1, {0xa, 0x0, 0xc5, 0x9, 0x1, 0x9}, {0x2, 0x0, 0x40, 0x9, 0x753f, 0x10000}, 0x8, 0x8, 0x4}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0x8}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x12344}, @TCA_FLOW_KEYS={0x8, 0x1, 0x62f9}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0x10, 0x5}}]}}]}, 0xd14}}, 0x0) 4.087776965s ago: executing program 2 (id=786): socket$l2tp(0x2, 0x2, 0x73) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default use'], 0x2a, 0xfffffffffffffffc) r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f0000000040), &(0x7f0000000000), &(0x7f00000019c0)='s', 0x1, 0xfffffffffffffffe) keyctl$read(0xb, r1, &(0x7f0000000240)=""/112, 0x349b7f55) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='stat\x00') lseek(r2, 0xc1e, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1d, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0xc, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='comm\x00') write$FUSE_WRITE(r3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102394, 0x18ffa}], 0x1, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) fcntl$setsig(0xffffffffffffffff, 0xa, 0x0) r5 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_rx_ring(r5, 0x107, 0xd, &(0x7f00000003c0)=@req={0x8000, 0x0, 0x800, 0x1daf6}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x38}}, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) 3.967419792s ago: executing program 0 (id=787): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000800000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='map_files\x00') ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, 0x0) getdents(r2, &(0x7f0000000380)=""/24, 0x18) 3.672034036s ago: executing program 1 (id=788): madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x2, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r1, &(0x7f0000000580)='1\x00', 0x2) write$sysctl(r1, &(0x7f0000000000)='2\x00', 0x2) 3.660559021s ago: executing program 5 (id=789): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) utimensat(r0, 0x0, &(0x7f0000000b00)={{}, {0x77359400}}, 0x0) 3.567273219s ago: executing program 0 (id=790): pipe(&(0x7f0000000580)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000380)='./bus\x00', 0x20) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) mknodat$loop(0xffffffffffffffff, &(0x7f00000002c0)='./file1\x00', 0xc000, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioperm(0x0, 0xf1, 0x7) r2 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r2, 0x6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_open_dev$dri(0x0, 0x3, 0x408041) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) 3.524762163s ago: executing program 3 (id=791): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$sock_SIOCGIFINDEX(r1, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000140)={0x0, 0x1, 0x6, @dev}, 0x10) socket$packet(0x11, 0x2, 0x300) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) write$cgroup_int(r5, &(0x7f0000000100)=0x7fffffffffffffff, 0x12) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x4, 0xa, 0x1ff, 0x400, 0xffffffffffffffff, 0xfffffff8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x0, 0xb, @void, @value, @void, @value}, 0x48) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'pimreg0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00'}, 0x10) 3.438529995s ago: executing program 5 (id=792): pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0xb) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r3, 0x0, r1, 0x0, 0x6, 0x0) r4 = dup3(r0, r1, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3ff) fcntl$setstatus(r4, 0x4, 0x7c00) dup3(r3, r1, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000020acb"], 0x14}}, 0x0) 3.424661938s ago: executing program 1 (id=793): socket(0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0xfffffe5d) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000050000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') fchdir(r2) openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) r5 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r5, {0x2, 0x0, @private}, 0x4}}, 0x26) syz_emit_ethernet(0x4c, &(0x7f00000005c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @empty, @local, {[], {0x0, 0xe22, 0x16, 0x0, @opaque="aaed969c6ad169252b59cfffb195"}}}}}}, 0x0) 2.943557503s ago: executing program 5 (id=794): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000000206017ba17d51d3d8ac3600000000000900020073797a30000000000c000780080012400006000805000500000000000d000300686173683a6d61630000000005000400000000000500010007"], 0x54}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() socket$nl_route(0x10, 0x3, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_io_uring_setup(0x182e, &(0x7f0000000300)={0x0, 0x4000000, 0x10100}, &(0x7f0000000100), &(0x7f0000000080)) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r4, 0x9362, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r5, 0x5421, &(0x7f0000000100)=0x100000001) connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) unshare(0x8000d00) r6 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r7 = fsopen(&(0x7f0000000040)='ocfs2_dlmfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = fsmount(r7, 0x0, 0x0) fchdir(r8) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) setns(r6, 0x0) sendmsg$TIPC_NL_MEDIA_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="21000101", @ANYRES16=0x0, @ANYBLOB="010000000000000000000b00000004000580"], 0x18}}, 0x1) 2.903715732s ago: executing program 2 (id=795): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0}, 0x18) r1 = syz_io_uring_setup(0x18a, &(0x7f0000000440), &(0x7f00006d5000), &(0x7f00000003c0)) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, 0x0, 0x0) 2.653962546s ago: executing program 4 (id=796): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x0, 0x4}}}}}, 0x28}}, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000d026b428ce65c56cae2daec05affe077fa2916eb0e622ff7a7dd6861b070ab0d16684a9a5ffc05e4da58e5e65ec13b7da90346", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x6, &(0x7f0000ffb000/0x2000)=nil) personality(0x0) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102392, 0x18ff8) 2.367093832s ago: executing program 2 (id=797): r0 = socket(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8}}]}, 0x40}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002b80)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) 1.968024747s ago: executing program 2 (id=798): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002b00)) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002980)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x7, &(0x7f0000000140)=@framed={{0x18, 0x7}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @alu={0x6}, @exit={0x95, 0x0, 0x7b00}, @call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x7, &(0x7f0000002b40)=ANY=[@ANYBLOB="18070000000000000000000000000000851000000200000026000000000000009500007b00000000850000001300000095"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$netlink(0x10, 0x3, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') pipe(&(0x7f0000007f80)) socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000080)) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8}]}, 0x3c}}, 0x0) 1.924881862s ago: executing program 0 (id=799): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r4, @ANYBLOB="00000000010000001c0012000c0001006272696467"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001340)=@newtfilter={0xd14, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0xce4, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0xa}}, @TCA_FLOW_POLICE={0xcb0, 0xa, 0x0, 0x1, [@TCA_POLICE_RESULT={0x8, 0x5, 0x1}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x3}, @TCA_POLICE_RATE={0x404, 0x2, [0xfffffffd, 0x0, 0x2, 0x9, 0xbdd3, 0x0, 0x0, 0xff, 0x7fff, 0x489, 0x7, 0xfff, 0x8, 0x3, 0x0, 0x7, 0x3, 0x3, 0x1, 0x7d, 0x10, 0xf, 0x6, 0x5, 0x9, 0xb, 0x5, 0x401, 0x1, 0x8, 0x0, 0x101, 0x6759, 0x5, 0x3, 0x9, 0x0, 0xd8ef, 0x8, 0x9, 0x7fffffff, 0xfffffff9, 0x4, 0x0, 0x3, 0x9cb1, 0x75b2c99e, 0xff, 0x4, 0x1, 0x7, 0x5, 0x2, 0x1, 0x1, 0xf1, 0x0, 0xe, 0x6, 0x4, 0x9, 0x7, 0x5, 0x9, 0x8, 0x2, 0x23a6, 0x400, 0x4, 0x1ff, 0x96b, 0xbf4, 0x0, 0x4, 0x81, 0xb, 0x7838, 0x0, 0x9, 0x3, 0x0, 0x4, 0xffffffff, 0x7fffffff, 0x4, 0xfffffff7, 0x5, 0xdfa, 0x5, 0x3, 0x5, 0xa04, 0x7, 0xfff, 0x3, 0x8, 0xd5, 0xdf, 0x1, 0xdb717b32, 0x0, 0x6, 0x400, 0x5, 0x99, 0x1, 0x952, 0x2, 0x7ff, 0x5, 0xffffffff, 0x4, 0x0, 0xf4, 0xd, 0xfff, 0xab, 0x7, 0x3, 0x1, 0x7fffffff, 0x5, 0x80, 0x4, 0x3d81, 0x2, 0x8b, 0x10001, 0x9, 0xd2, 0x3, 0xe959, 0x4, 0x3, 0x7fffffff, 0xfffffff7, 0x8, 0x3ff, 0x5, 0x7, 0x40, 0x1, 0x45a, 0xfffff5f1, 0x5, 0x0, 0x9, 0x5, 0x8, 0x10001, 0x4, 0x3, 0x8001, 0x1aa, 0x0, 0xfffffffa, 0xd, 0xb0e, 0x1, 0x0, 0x2, 0xffff0001, 0x6, 0x5, 0x0, 0xfffffffc, 0x4, 0x8, 0x5, 0x657c, 0x3e, 0x2, 0x8, 0xf, 0x7, 0xc2bd, 0x214f, 0xea98, 0x10001, 0x4, 0x23a, 0x2, 0x3, 0x4, 0x1c, 0x0, 0xfffffffa, 0x9, 0x80000001, 0x7, 0xc1d, 0x3, 0x233b41d9, 0x80, 0x4, 0xa, 0x6, 0x3, 0xc, 0x5, 0xfe01, 0x1d7, 0x80000001, 0x34cc, 0x0, 0x7d, 0x4b, 0x5, 0x101, 0x81, 0x2, 0xc65, 0xfffffffa, 0x0, 0xc, 0x6, 0xfffffffd, 0x0, 0xf, 0x8, 0x1, 0x1, 0x6, 0x9, 0x3, 0xfffffff0, 0x5, 0xfffffffe, 0x1, 0xd, 0x0, 0x8, 0x6, 0x800, 0xfffffffc, 0x1000, 0xfffffffd, 0x6, 0x7, 0x4, 0x7, 0x4, 0x4, 0x65, 0x7, 0x0, 0x101, 0x7, 0x6, 0x9, 0x6, 0x80000001, 0x9, 0x9026, 0x100, 0x3]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x1}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_RATE={0x404, 0x2, [0xffff0001, 0x7, 0x3, 0x40, 0x1, 0x2, 0x100, 0x0, 0xba46, 0x6, 0x5, 0xf, 0x19, 0xcb, 0x5, 0x3237, 0x2, 0xab, 0x1, 0xd, 0xffff, 0x80000001, 0x7f, 0xfffffffa, 0x7, 0x5, 0x0, 0x4, 0x9, 0x10, 0x1, 0xb, 0xff, 0x5, 0x8, 0x9, 0x4, 0x40, 0x3ff, 0x7, 0x8, 0x101, 0x4, 0x4, 0x5, 0x88ac, 0x0, 0x6, 0x353, 0x800, 0x97, 0x6, 0x8041, 0x3ff, 0x6, 0xfffffff5, 0x61fd0fde, 0x7, 0x7f, 0xa20, 0x9, 0xff, 0x6, 0x4, 0x4, 0x0, 0x6, 0x0, 0x4, 0x400, 0x6, 0x9301, 0x49d, 0x7ff, 0x6, 0x272, 0xd08, 0xcf2, 0x80000000, 0x9, 0x7, 0xfffffffb, 0x7, 0x8001, 0x7, 0x6, 0xfffffffa, 0x4, 0x1, 0x100, 0x7ff, 0x10000, 0x3f5, 0x10, 0x10000, 0x7, 0x8, 0x9, 0x4, 0x2, 0x8, 0x10000, 0x5, 0x80000000, 0xcb88, 0xd, 0x6, 0x5, 0x1, 0x2, 0xcabc, 0x1, 0x9, 0x1, 0x9, 0x7, 0x10000, 0x7fffffff, 0xfff, 0x1ff, 0x3ff, 0x7, 0xd, 0x7e2feea5, 0x4, 0x7, 0x100, 0x3, 0x800, 0x4, 0x5, 0x15c, 0xffffffff, 0xb, 0x7ff, 0x10000, 0xffffffff, 0x7, 0x7, 0x61, 0x6, 0x9, 0x2, 0x3, 0x5, 0x8, 0x2, 0x5, 0x7, 0x8, 0x5, 0x9, 0x3, 0x8, 0x1ff, 0x5766fe47, 0x73eb51cf, 0x5, 0x2, 0x43d, 0x2210, 0x13, 0x3, 0x4, 0x1, 0x5, 0xc3d5, 0xe, 0x3, 0xfffffff9, 0x8, 0x0, 0x27, 0xa4, 0x5, 0x0, 0x2, 0x300e, 0x6, 0xf, 0x1, 0x6, 0x69d, 0x0, 0x7, 0x9, 0x28cd, 0x9, 0xb69, 0x3f, 0x7, 0xc, 0xf, 0x2, 0x8, 0x3, 0xfc000000, 0x2, 0x5, 0xbe2, 0x7, 0x7ff, 0x9, 0x2, 0xa, 0xe0f, 0x0, 0x4, 0x9, 0x5, 0xb, 0xfffffeff, 0x40, 0x32b, 0x70000000, 0x0, 0x9f, 0x9, 0x400, 0x7, 0x7, 0x6038, 0x0, 0x8, 0x4, 0x40, 0x40, 0x1, 0x4, 0x7, 0x9, 0x1, 0x2, 0x2, 0x5e8d, 0x5, 0x0, 0x500000, 0x800, 0x5, 0x71, 0x3, 0x81, 0xa769, 0x1000, 0xfffffdab, 0x4, 0x4, 0x3, 0x2ffc, 0x520, 0x4, 0x7f, 0xb, 0xffff3587]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x1, 0x3ff, 0xe, 0x5, {0x3, 0x2, 0x0, 0x2, 0x0, 0x2}, {0x4, 0x2, 0x8, 0xfffa, 0xfeff, 0x7fffffff}, 0x0, 0x4, 0x1}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x10001}, @TCA_POLICE_RATE={0x404, 0x2, [0x9, 0x5, 0x8, 0x9, 0x9, 0xffffffff, 0x6305, 0x8, 0x7, 0x0, 0x705, 0x0, 0x6, 0x66, 0x4f53, 0x0, 0x8, 0x8c, 0x9, 0x75c246e1, 0x2f, 0x1, 0x5, 0xfffffff7, 0x9, 0x7, 0x4, 0x1, 0xffff8000, 0x23e2, 0xffffff35, 0x7, 0x401, 0xfffffffb, 0x10000, 0xf0, 0xf, 0xffffffff, 0xa, 0xbc, 0x6, 0x2, 0x50b2, 0x5, 0x0, 0x3, 0x86d, 0x8, 0x8, 0x3, 0xfffff69f, 0x7, 0xfffffffd, 0x7, 0x0, 0x2, 0x3ff, 0x2, 0x7fff, 0x3, 0xe, 0x1, 0x4, 0x6, 0x1, 0x9, 0x8, 0x5, 0x80, 0xd94878e, 0x6, 0xf, 0x7f, 0x5, 0x81, 0x8, 0x3, 0xe96a, 0x6, 0x4, 0x7ff, 0x9, 0x4, 0x4, 0x4, 0xfffffff8, 0xbd, 0x0, 0x4, 0x5, 0x5, 0x5, 0x1, 0xd5, 0x6, 0x7f, 0x8, 0x8bcf, 0x6, 0x595, 0x9, 0x7, 0x9, 0x9, 0x5, 0x49, 0x2, 0x0, 0xffffffff, 0x7611, 0xffb3, 0x3, 0x2, 0x800, 0x55e, 0x4, 0x98f, 0x6, 0x9, 0x3, 0x6, 0x7, 0xed, 0x7, 0x80000000, 0x128, 0x6, 0x1, 0x0, 0xf6c2, 0x96cf, 0x0, 0xb0a, 0xe530, 0x3bf, 0x400, 0xfffffc00, 0x71b, 0x6, 0x3, 0x6, 0xffffffc0, 0x3, 0x8001, 0x5, 0x9, 0x2, 0x3, 0x0, 0xe5f, 0x0, 0x4, 0x80000000, 0xb678, 0x8, 0x2, 0x0, 0x401, 0x0, 0x4, 0x4, 0x1, 0x1, 0x2, 0x80000001, 0x5, 0x7, 0x5, 0x2e1b, 0x1ff, 0x6, 0x0, 0x7, 0x80000001, 0x7, 0x2, 0x6, 0x800, 0x4, 0x8, 0x2, 0xffff, 0x1, 0x75e, 0x7fffffff, 0x7, 0x10, 0x1, 0x6, 0xe, 0x6, 0x0, 0x6, 0x7, 0x220, 0x5, 0x7ff, 0xa, 0xfb8, 0x7, 0x1, 0xd7, 0x101, 0x6, 0x4800000, 0x3, 0x7, 0x1, 0x3, 0x2, 0x200, 0x8, 0x36, 0x101, 0x1, 0xa63d, 0x62d, 0x68, 0x4, 0xfffffff7, 0x89eb, 0x4, 0x0, 0xfffff4e3, 0x2, 0xeea1, 0x3ff, 0x7, 0xffffffff, 0x5, 0xfff, 0x4, 0x3, 0xb1, 0x401, 0x8, 0x3ff, 0x8, 0x0, 0x3, 0xb07, 0x100, 0x0, 0xa, 0x0, 0x7, 0xc8, 0x8, 0x9, 0x1, 0x7fffffff, 0x4, 0x2, 0x6, 0xe, 0x3]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xcb8f, 0x6, 0x40, 0x395, 0x1, {0xa, 0x0, 0xc5, 0x9, 0x1, 0x9}, {0x2, 0x0, 0x40, 0x9, 0x753f, 0x10000}, 0x8, 0x8, 0x4}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0x8}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x12344}, @TCA_FLOW_KEYS={0x8, 0x1, 0x62f9}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0x10, 0x5}}]}}]}, 0xd14}}, 0x0) 1.882634529s ago: executing program 1 (id=800): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r3, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1, @random="4df193f35347"}, 0x0, {0x2, 0x0, @remote}, 'syz_tun\x00'}) 1.750542175s ago: executing program 3 (id=801): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, 0x0) read(r4, &(0x7f00000002c0)=""/200, 0x39) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000500)={'syztnl2\x00', 0x0, 0x2f, 0x6, 0x6, 0x0, 0x3a, @private0={0xfc, 0x0, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7, 0x7800, 0x5254, 0x2}}) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_udp(0x2, 0x2, 0x0) socketpair(0x25, 0x1, 0x0, &(0x7f0000000000)) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000080), &(0x7f00000000c0)=""/28, 0x1c, &(0x7f00000001c0)={&(0x7f0000000140)={'poly1305\x00'}}) write$char_usb(r1, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 1.489373847s ago: executing program 2 (id=802): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000800000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='map_files\x00') ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, 0x0) getdents(r2, &(0x7f0000000380)=""/24, 0x18) 1.203212503s ago: executing program 4 (id=803): openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000f2ffffff00000000ff000000850000002a000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000b37ab7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x0, 0x61, 0x18, 0x50}, [@ldst={0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x27}]}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x4, 0x3, &(0x7f0000000300)=@framed, &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="1fe8ffff0000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="23003300d0800000080211000000080211000001505050505050000000000000", @ANYRES8=r2], 0x40}}, 0x0) 1.093355349s ago: executing program 5 (id=804): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "a05c7b5d00008023e9c5bcf5fb7700"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) r2 = syz_io_uring_setup(0x7279, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r5}, 0x10) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 872.707042ms ago: executing program 0 (id=805): madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x2, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r1, &(0x7f0000000580)='1\x00', 0x2) write$sysctl(r1, &(0x7f0000000000)='2\x00', 0x2) 775.212002ms ago: executing program 2 (id=806): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket(0x8, 0x3, 0x5) sched_setscheduler(0x0, 0x1, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_usb_ep_write(r2, 0x81, 0x0, 0x0) syz_usb_ep_write(r2, 0x81, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$nl_xfrm(0x10, 0x3, 0x6) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) 751.653191ms ago: executing program 1 (id=807): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x80, &(0x7f0000006680)) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x5, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000298000/0x3000)=nil, 0x3000, 0xf, 0x1010, r0, 0x2000) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x200401, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"]) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$kcm(0x10, 0x0, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000010000001c00018006000100020000000800050000000000080006007369"], 0x30}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xd, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f088", 0x0, 0x0, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x4c) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0045520, 0x0) close(0xffffffffffffffff) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r4, 0x0) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000400)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x4}, 0x5, 0x40, 0x1, 0x0, 0xfffffffffffffe43, 0x4, 'syz0\x00', 0x0, 0xfffffffffffffef5}) umount2(&(0x7f0000000040)='./file0\x00', 0xb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 669.168753ms ago: executing program 4 (id=808): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$vim2m(&(0x7f0000000300), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000008c0)={0x13, 0x1, 0x0, "0e6a605103787fa03e08fd65b728aec1b20a1ca8de67a818b1c85f5a22f39ca6"}) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x2, 0x13, r0, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0xa0e73000) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0xfea0) syz_emit_ethernet(0x2a, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000900)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='svcrdma_rq_post_err\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='signal_generate\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c00000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x1a, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='signal_generate\x00', r4}, 0x10) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SET_SECUREBITS(0x1c, 0x20) ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000640)={0x0, 0x2}) sendto$inet6(r5, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r5, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 560.513093ms ago: executing program 0 (id=809): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='contention_end\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_emit_ethernet(0xfb, &(0x7f00000006c0)=ANY=[], 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) recvmmsg(r2, &(0x7f00000061c0)=[{{0x0, 0x300, &(0x7f0000000280)=[{&(0x7f0000000180)=""/153, 0x99}], 0x1}}], 0xffffff1f, 0x102, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x61) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "b1d65ab71f5ef2fe", "9e8ecc7bb5352776725e1047711330ff2bb17b550800", "dc5d3f00", "46b0dc72b7b1d30e"}, 0x38) sendmmsg(0xffffffffffffffff, &(0x7f000001f500)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000300)='p', 0x1}], 0x1}}], 0x1, 0x0) syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc008561c, &(0x7f0000000040)={0x980900, 0x3, @value=0x140000000000}) 0s ago: executing program 5 (id=810): sched_setaffinity(0x0, 0xfffffffffffffe58, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fsopen(0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x18, "000080f100df000000a7d9de16c708db7200"}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10) write(r1, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000f00c00000000", 0x14) socket$nl_route(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f0000001b40), 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): R network [ 88.693090][ T5228] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.871254][ T5230] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.943535][ T5229] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.980013][ T5225] veth0_vlan: entered promiscuous mode [ 89.045980][ T5225] veth1_vlan: entered promiscuous mode [ 89.261103][ T5227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.327937][ T5229] veth0_vlan: entered promiscuous mode [ 89.373735][ T5226] veth0_vlan: entered promiscuous mode [ 89.385225][ T5225] veth0_macvtap: entered promiscuous mode [ 89.392364][ T5249] Bluetooth: hci4: command tx timeout [ 89.413194][ T5228] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.446454][ T5225] veth1_macvtap: entered promiscuous mode [ 89.463033][ T5229] veth1_vlan: entered promiscuous mode [ 89.475495][ T55] Bluetooth: hci1: command tx timeout [ 89.481007][ T55] Bluetooth: hci3: command tx timeout [ 89.485000][ T5236] Bluetooth: hci0: command tx timeout [ 89.492556][ T5249] Bluetooth: hci2: command tx timeout [ 89.504263][ T5230] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.545311][ T5249] Bluetooth: hci5: command tx timeout [ 89.573008][ T5226] veth1_vlan: entered promiscuous mode [ 89.671620][ T5225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.709173][ T5225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.762888][ T5227] veth0_vlan: entered promiscuous mode [ 89.780234][ T5225] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.794421][ T5225] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.808392][ T5225] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.819837][ T5225] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.866346][ T5229] veth0_macvtap: entered promiscuous mode [ 89.919017][ T5227] veth1_vlan: entered promiscuous mode [ 89.941531][ T5229] veth1_macvtap: entered promiscuous mode [ 89.974041][ T5226] veth0_macvtap: entered promiscuous mode [ 90.018604][ T5226] veth1_macvtap: entered promiscuous mode [ 90.042312][ T5230] veth0_vlan: entered promiscuous mode [ 90.113283][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.125364][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.140888][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.171592][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.183004][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.193420][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.204588][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.219147][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.237974][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.248733][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.267971][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.280130][ T5230] veth1_vlan: entered promiscuous mode [ 90.319790][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.331278][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.341270][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.352720][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.369371][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.391957][ T5229] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.401073][ T5229] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.410441][ T5229] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.419444][ T5229] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.447028][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.456699][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.488676][ T5226] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.498438][ T5226] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.507629][ T5226] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.518789][ T5226] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.550018][ T5228] veth0_vlan: entered promiscuous mode [ 90.559609][ T5227] veth0_macvtap: entered promiscuous mode [ 90.651262][ T1271] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.667031][ T5227] veth1_macvtap: entered promiscuous mode [ 90.678799][ T1271] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.698197][ T5228] veth1_vlan: entered promiscuous mode [ 90.768972][ T1271] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.789257][ T1271] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.859575][ T5230] veth0_macvtap: entered promiscuous mode [ 90.881831][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.894970][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.906389][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.918204][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.929826][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.940551][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.953662][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.970179][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.982480][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.993075][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.003588][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.013468][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.024291][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.037457][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.075693][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.083592][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.128122][ T5227] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.157064][ T5227] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.174716][ T5227] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.183458][ T5227] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.205276][ T5228] veth0_macvtap: entered promiscuous mode [ 91.217289][ T5230] veth1_macvtap: entered promiscuous mode [ 91.247992][ T5228] veth1_macvtap: entered promiscuous mode [ 91.315533][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.337008][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.502203][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.522081][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.534085][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.546623][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.558961][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.570048][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.583198][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.598112][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.611978][ T5230] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.629204][ T5341] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1'. [ 91.631058][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.670986][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.685915][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.696865][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.713332][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.725048][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.736643][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.747652][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.761018][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.783509][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.803858][ T5228] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.844873][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.867676][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.872736][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.893426][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.903540][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.915419][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.926004][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.937741][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.955536][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.970607][ T5345] hpfs: Bad magic ... probably not HPFS [ 91.987482][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.008850][ T5228] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.048615][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.079385][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.101669][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.117442][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.135433][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.153591][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.164875][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.187714][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.204107][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.221365][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.242283][ T5230] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.279657][ T5228] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.290676][ T5228] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.312480][ T5228] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.326690][ T5228] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.361499][ T47] cfg80211: failed to load regulatory.db [ 92.476417][ T5230] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.535411][ T5230] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.573501][ T5230] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.615790][ T5230] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.680305][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.696665][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.821520][ T5350] input: syz1 as /devices/virtual/input/input5 [ 93.004762][ T2459] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.012652][ T2459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.585024][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.865330][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.876115][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.095260][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.336879][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 103.705025][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 105.575338][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 106.864958][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.348775][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.401701][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.651179][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.721802][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.743120][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.801881][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.005948][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.013893][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.296301][ T5367] syzkaller0: entered promiscuous mode [ 110.302548][ T5367] syzkaller0: entered allmulticast mode [ 110.396438][ T5367] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 65487 [ 110.818267][ T5236] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 110.826943][ T5236] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 110.835136][ T5236] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 110.865415][ T5236] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 110.894981][ T5236] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 110.902603][ T5236] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 110.960303][ T5249] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 110.995459][ T5249] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 111.002728][ T5243] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 111.010927][ T5249] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 111.022418][ T5249] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 111.031582][ T5243] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 111.041328][ T5243] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 111.057135][ T5249] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 111.058805][ T5249] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 111.066023][ T5243] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 111.084940][ T5249] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 111.096032][ T5243] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 111.843304][ T5390] netlink: 56 bytes leftover after parsing attributes in process `syz.5.17'. [ 112.028218][ T63] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.216835][ T5394] trusted_key: encrypted_key: master key parameter 'us' is invalid [ 112.272644][ T63] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.376174][ T5394] syz.2.18: attempt to access beyond end of device [ 112.376174][ T5394] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 112.422146][ T5394] SQUASHFS error: Failed to read block 0x0: -5 [ 112.430154][ T5394] unable to read squashfs_super_block [ 112.498133][ T63] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.654033][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 112.742045][ T63] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.757830][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 112.984833][ T55] Bluetooth: hci1: command tx timeout [ 113.145048][ T55] Bluetooth: hci6: command tx timeout [ 113.155069][ T55] Bluetooth: hci3: command tx timeout [ 113.793341][ T5415] 9pnet_fd: Insufficient options for proto=fd [ 114.519790][ T63] bridge_slave_1: left allmulticast mode [ 114.535779][ T63] bridge_slave_1: left promiscuous mode [ 114.571583][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.632628][ T63] bridge_slave_0: left allmulticast mode [ 114.651557][ T63] bridge_slave_0: left promiscuous mode [ 114.672653][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.926246][ T5419] netlink: 'syz.2.23': attribute type 1 has an invalid length. [ 114.934021][ T5419] netlink: 224 bytes leftover after parsing attributes in process `syz.2.23'. [ 115.065957][ T55] Bluetooth: hci1: command tx timeout [ 115.228861][ T55] Bluetooth: hci3: command tx timeout [ 115.234483][ T55] Bluetooth: hci6: command tx timeout [ 115.375371][ T5425] netlink: 16 bytes leftover after parsing attributes in process `syz.3.24'. [ 116.036856][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 116.050938][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 116.063940][ T63] bond0 (unregistering): Released all slaves [ 116.272877][ T5435] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 116.310976][ T5376] chnl_net:caif_netlink_parms(): no params data found [ 116.492355][ T5377] chnl_net:caif_netlink_parms(): no params data found [ 117.134947][ T5372] chnl_net:caif_netlink_parms(): no params data found [ 117.145994][ T55] Bluetooth: hci1: command tx timeout [ 117.306717][ T55] Bluetooth: hci6: command tx timeout [ 117.312192][ T55] Bluetooth: hci3: command tx timeout [ 117.423147][ T5461] IPVS: Error connecting to the multicast addr [ 117.742557][ T5377] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.774684][ T5377] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.789117][ T5377] bridge_slave_0: entered allmulticast mode [ 117.866043][ T5377] bridge_slave_0: entered promiscuous mode [ 118.501798][ T5377] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.513508][ T5377] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.523486][ T5377] bridge_slave_1: entered allmulticast mode [ 118.544483][ T5377] bridge_slave_1: entered promiscuous mode [ 118.606928][ T5478] netlink: 68 bytes leftover after parsing attributes in process `syz.3.34'. [ 118.759982][ T63] hsr_slave_0: left promiscuous mode [ 118.780337][ T63] hsr_slave_1: left promiscuous mode [ 118.800195][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.813448][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.830771][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.841786][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.900997][ T63] veth1_macvtap: left promiscuous mode [ 118.910267][ T63] veth0_macvtap: left promiscuous mode [ 118.924908][ T63] veth1_vlan: left promiscuous mode [ 118.935096][ T63] veth0_vlan: left promiscuous mode [ 119.226155][ T55] Bluetooth: hci1: command tx timeout [ 119.256446][ T5494] loop5: detected capacity change from 0 to 40427 [ 119.321225][ T5494] F2FS-fs (loop5): Invalid segment/section count (31, 24 x 1) [ 119.339049][ T5494] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 119.372960][ T5494] F2FS-fs (loop5): invalid crc value [ 119.384932][ T5249] Bluetooth: hci6: command tx timeout [ 119.393933][ T5494] F2FS-fs (loop5): Found nat_bits in checkpoint [ 119.395044][ T55] Bluetooth: hci3: command tx timeout [ 119.540525][ T5494] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 119.549094][ T5494] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 120.694290][ T5228] syz-executor: attempt to access beyond end of device [ 120.694290][ T5228] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 120.738936][ T5228] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 121.022016][ T63] team0 (unregistering): Port device team_slave_1 removed [ 121.165253][ T63] team0 (unregistering): Port device team_slave_0 removed [ 121.360834][ T5503] capability: warning: `syz.5.38' uses 32-bit capabilities (legacy support in use) [ 121.426198][ T5503] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 122.567605][ T5478] infiniband syz0: set active [ 122.572545][ T5478] infiniband syz0: added bond_slave_0 [ 122.580853][ T5478] syz0: rxe_create_cq: returned err = -12 [ 122.588037][ T5478] infiniband syz0: Couldn't create ib_mad CQ [ 122.594225][ T5478] infiniband syz0: Couldn't open port 1 [ 122.638007][ T5478] RDS/IB: syz0: added [ 122.642614][ T5478] smc: adding ib device syz0 with port count 1 [ 122.649091][ T5478] smc: ib device syz0 port 1 has pnetid [ 124.162515][ T5376] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.203856][ T5376] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.228380][ T5376] bridge_slave_0: entered allmulticast mode [ 124.247736][ T5376] bridge_slave_0: entered promiscuous mode [ 124.424006][ T5372] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.463059][ T5372] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.494732][ T5372] bridge_slave_0: entered allmulticast mode [ 124.529279][ T5372] bridge_slave_0: entered promiscuous mode [ 124.563579][ T5377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 124.613965][ T5517] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 124.639549][ T5524] ALSA: mixer_oss: invalid OSS volume 'DIGIT ' [ 124.689303][ T5376] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.714885][ T5376] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.723606][ T5376] bridge_slave_1: entered allmulticast mode [ 124.736531][ T5376] bridge_slave_1: entered promiscuous mode [ 124.809753][ T5372] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.818056][ T5372] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.827403][ T5372] bridge_slave_1: entered allmulticast mode [ 124.853666][ T5372] bridge_slave_1: entered promiscuous mode [ 124.914037][ T5377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 125.031081][ T5376] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 125.200109][ T5372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 125.391308][ T5377] team0: Port device team_slave_0 added [ 125.439230][ T5376] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 125.466009][ T55] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 125.467649][ T5372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 125.474902][ T55] Bluetooth: hci2: Injecting HCI hardware error event [ 125.496050][ T5249] Bluetooth: hci2: hardware error 0x00 [ 125.619470][ T5377] team0: Port device team_slave_1 added [ 125.855112][ T5372] team0: Port device team_slave_0 added [ 125.874412][ T5530] IPVS: Error connecting to the multicast addr [ 126.158499][ T5372] team0: Port device team_slave_1 added [ 126.265646][ T5377] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 126.314008][ T5377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 126.423187][ T5547] virtio-fs: tag <(null)> not found [ 126.437137][ T5377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 126.525299][ T5376] team0: Port device team_slave_0 added [ 126.658433][ T5550] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12) [ 126.665525][ T5550] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 126.679472][ T5372] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 126.716022][ T5550] vhci_hcd vhci_hcd.0: Device attached [ 126.755252][ T5372] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 126.787347][ T5551] vhci_hcd: connection closed [ 126.805654][ T53] vhci_hcd: stop threads [ 126.826771][ T5372] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 126.845673][ T53] vhci_hcd: release socket [ 126.857110][ T53] vhci_hcd: disconnect device [ 126.875512][ T5377] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 126.897162][ T5377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.015379][ T5377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 127.206640][ T5376] team0: Port device team_slave_1 added [ 127.447604][ T5372] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 127.474804][ T5372] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.550361][ T5372] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 127.624960][ T5249] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 127.811218][ T5565] netlink: 'syz.2.49': attribute type 4 has an invalid length. [ 127.994232][ T5377] hsr_slave_0: entered promiscuous mode [ 128.007815][ T5377] hsr_slave_1: entered promiscuous mode [ 128.033772][ T5377] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 128.051551][ T5377] Cannot create hsr debugfs directory [ 128.062277][ T5376] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.074793][ T5376] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.123230][ T5376] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.479144][ T5376] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.491767][ T5376] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.585164][ T5376] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.656692][ T5578] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 128.663782][ T5578] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 128.675383][ T5579] binder: 5576:5579 ioctl c0306201 0 returned -14 [ 128.708272][ T5372] hsr_slave_0: entered promiscuous mode [ 128.764505][ T5372] hsr_slave_1: entered promiscuous mode [ 128.773626][ T5372] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 128.797204][ T5372] Cannot create hsr debugfs directory [ 128.960375][ T5577] netlink: 52 bytes leftover after parsing attributes in process `syz.2.52'. [ 128.977054][ T5577] team_slave_0: entered allmulticast mode [ 128.996706][ T5577] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 129.094195][ T63] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.329191][ T5585] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 129.537963][ T63] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.633350][ T5376] hsr_slave_0: entered promiscuous mode [ 129.643399][ T5376] hsr_slave_1: entered promiscuous mode [ 129.676066][ T5376] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 129.683882][ T5376] Cannot create hsr debugfs directory [ 129.995767][ T63] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.582994][ T63] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.670036][ T5611] Bluetooth: MGMT ver 1.23 [ 131.226547][ T5249] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 131.236150][ T5249] Bluetooth: hci0: Injecting HCI hardware error event [ 131.245316][ T5249] Bluetooth: hci0: hardware error 0x00 [ 131.711508][ T5618] netlink: 8 bytes leftover after parsing attributes in process `syz.2.59'. [ 132.503175][ T63] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.579236][ T5628] netlink: 'syz.5.61': attribute type 4 has an invalid length. [ 132.815669][ T63] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.321609][ T5249] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 133.361352][ T63] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.621553][ T63] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.227149][ T63] bridge_slave_1: left allmulticast mode [ 134.234463][ T63] bridge_slave_1: left promiscuous mode [ 134.244262][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.296447][ T63] bridge_slave_0: left allmulticast mode [ 134.302153][ T63] bridge_slave_0: left promiscuous mode [ 134.416977][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.459818][ T63] bridge_slave_1: left allmulticast mode [ 134.472715][ T5652] syz.3.70[5652] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.473276][ T5652] syz.3.70[5652] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.494697][ T63] bridge_slave_1: left promiscuous mode [ 134.549988][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.629115][ T63] bridge_slave_0: left allmulticast mode [ 134.648029][ T63] bridge_slave_0: left promiscuous mode [ 134.657027][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.444332][ T1264] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.160564][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 139.174947][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 139.190910][ T63] bond0 (unregistering): Released all slaves [ 139.453123][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 139.473274][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 139.493067][ T63] bond0 (unregistering): Released all slaves [ 139.962464][ T5689] netlink: 'syz.3.76': attribute type 4 has an invalid length. [ 140.347717][ T5717] netlink: 4 bytes leftover after parsing attributes in process `syz.2.83'. [ 140.780883][ T5728] syz.3.84 uses obsolete (PF_INET,SOCK_PACKET) [ 141.796440][ T5733] syz.5.86 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 142.301986][ T5741] netlink: 64 bytes leftover after parsing attributes in process `syz.3.89'. [ 143.277765][ T5377] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 143.354237][ T5377] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 143.608320][ T5377] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 143.735451][ T63] hsr_slave_0: left promiscuous mode [ 143.747897][ T63] hsr_slave_1: left promiscuous mode [ 143.758475][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.794979][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.843752][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.861566][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.903888][ T63] hsr_slave_0: left promiscuous mode [ 143.919077][ T63] hsr_slave_1: left promiscuous mode [ 143.951004][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.958794][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.975882][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.983429][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.126094][ T63] veth1_macvtap: left promiscuous mode [ 144.131774][ T63] veth0_macvtap: left promiscuous mode [ 144.138297][ T63] veth1_vlan: left promiscuous mode [ 144.143824][ T63] veth0_vlan: left promiscuous mode [ 144.175038][ T63] veth1_macvtap: left promiscuous mode [ 144.180568][ T63] veth0_macvtap: left promiscuous mode [ 144.193346][ T63] veth1_vlan: left promiscuous mode [ 144.202621][ T63] veth0_vlan: left promiscuous mode [ 145.530089][ T63] team0 (unregistering): Port device team_slave_1 removed [ 145.602767][ T63] team0 (unregistering): Port device team_slave_0 removed [ 147.103262][ T63] team0 (unregistering): Port device team_slave_1 removed [ 147.201263][ T63] team0 (unregistering): Port device team_slave_0 removed [ 148.188346][ T5377] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 148.227884][ T5758] netlink: 'syz.2.93': attribute type 4 has an invalid length. [ 148.582786][ T5372] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 148.743582][ T5372] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 148.819554][ T5372] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 148.983955][ T5372] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 149.998850][ T5376] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 150.126998][ T5376] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 150.352078][ T5376] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 150.423237][ T5376] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 151.136746][ T5377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.220535][ T5817] netlink: 48 bytes leftover after parsing attributes in process `syz.5.104'. [ 151.278216][ T5817] netlink: 24 bytes leftover after parsing attributes in process `syz.5.104'. [ 151.472346][ T5372] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.536529][ T5377] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.653877][ T5372] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.701043][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.708334][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.860691][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.867911][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.948656][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.955954][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.048822][ T1271] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.056001][ T1271] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.404558][ T5376] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.620330][ T5376] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.746703][ T5673] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.753876][ T5673] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.853259][ T5673] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.860708][ T5673] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.687248][ T25] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 153.912135][ T5377] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.970548][ T5372] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.978573][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 153.997330][ T25] usb 4-1: config 0 has no interfaces? [ 154.017529][ T25] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 154.039659][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.098118][ T25] usb 4-1: Product: syz [ 154.126075][ T25] usb 4-1: Manufacturer: syz [ 154.146374][ T25] usb 4-1: SerialNumber: syz [ 154.216681][ T25] usb 4-1: config 0 descriptor?? [ 154.537678][ T5376] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 155.090518][ T5372] veth0_vlan: entered promiscuous mode [ 155.192612][ T5372] veth1_vlan: entered promiscuous mode [ 155.627632][ T5372] veth0_macvtap: entered promiscuous mode [ 155.703306][ T5372] veth1_macvtap: entered promiscuous mode [ 155.879273][ T5376] veth0_vlan: entered promiscuous mode [ 155.959153][ T5372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.004793][ T5372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.068216][ T5372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.088469][ T5372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.098609][ T5372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.119255][ T5886] No source specified [ 156.177729][ T5372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.197386][ T5372] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.233739][ T5372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.278333][ T5372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.305638][ T5372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.357419][ T5372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.404885][ T5372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.425264][ T47] usb 4-1: USB disconnect, device number 2 [ 156.436353][ T29] audit: type=1804 audit(1725975813.775:2): pid=5886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.112" name="/newroot/35/bus/file0" dev="overlay" ino=206 res=1 errno=0 [ 156.462394][ T5372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.499268][ T5372] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.531082][ T5376] veth1_vlan: entered promiscuous mode [ 156.577004][ T5372] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.657397][ T5372] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.701820][ T5372] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.747184][ T5372] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.379605][ T2459] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.399148][ T5376] veth0_macvtap: entered promiscuous mode [ 157.413302][ T2459] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.600586][ T5376] veth1_macvtap: entered promiscuous mode [ 157.667267][ T5377] veth0_vlan: entered promiscuous mode [ 157.770959][ T5377] veth1_vlan: entered promiscuous mode [ 157.894493][ T5376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.915419][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.945739][ T5376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.960647][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.983527][ T5376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.014682][ T5376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.044669][ T5376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.074732][ T5376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.119987][ T5376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.144655][ T5376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.187349][ T5376] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.233703][ T5932] Invalid ELF header magic: != ELF [ 158.242634][ T5923] netlink: 24 bytes leftover after parsing attributes in process `syz.2.119'. [ 158.319869][ T5927] netlink: 'syz.2.119': attribute type 1 has an invalid length. [ 158.353670][ T5927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.119'. [ 158.412660][ T5376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.442117][ T5932] netlink: 52 bytes leftover after parsing attributes in process `syz.5.121'. [ 158.447781][ T5376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.484881][ T5376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.506802][ T5376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.535622][ T5376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.565632][ T5376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.599664][ T5376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.621627][ T5942] trusted_key: encrypted_key: master key parameter 'us' is invalid [ 158.641345][ T5376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.694519][ T5938] syz.3.122: attempt to access beyond end of device [ 158.694519][ T5938] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 158.697897][ T5376] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.745281][ T5938] SQUASHFS error: Failed to read block 0x0: -5 [ 158.775482][ T5938] unable to read squashfs_super_block [ 158.910949][ T5376] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.951369][ T5376] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.983279][ T5376] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.017175][ T5376] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.107184][ T5377] veth0_macvtap: entered promiscuous mode [ 159.150485][ T5953] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 159.202429][ T5377] veth1_macvtap: entered promiscuous mode [ 159.490419][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.531791][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.575208][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.626257][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.667825][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.714799][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.754775][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.796729][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.945929][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.203580][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.238340][ T5377] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 161.490986][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.561385][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.593088][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.655151][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.694063][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.737963][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.770980][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.792667][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.823100][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.869178][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.913600][ T5377] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.035831][ T5377] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.057514][ T5377] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.092616][ T5377] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.120098][ T5377] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.217419][ T5985] block nbd0: NBD_DISCONNECT [ 162.247302][ T1271] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.279407][ T25] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 162.288245][ T5985] block nbd0: Disconnected due to user request. [ 162.296818][ T1271] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.324339][ T5985] block nbd0: shutting down sockets [ 162.537844][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 162.568677][ T25] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 162.617945][ T25] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 162.635109][ T5673] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.652254][ T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 162.671835][ T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 162.688020][ T25] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 162.701346][ T5673] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.742990][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.758365][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.769566][ T25] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 162.782075][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.924328][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.957191][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.005206][ T6002] netlink: 28 bytes leftover after parsing attributes in process `syz.3.136'. [ 163.134794][ T25] usb 6-1: GET_CAPABILITIES returned 0 [ 163.160960][ T25] usbtmc 6-1:16.0: can't read capabilities [ 163.299156][ T6007] netlink: 4 bytes leftover after parsing attributes in process `syz.2.135'. [ 163.428610][ T6009] program syz.1.11 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 165.855043][ T6020] @: renamed from vlan0 (while UP) [ 167.856915][ T5231] usb 6-1: USB disconnect, device number 2 [ 168.115947][ T6066] loop0: detected capacity change from 0 to 6 [ 168.215763][ T6066] loop0: [POWERTEC] p1 p2 p3 [ 168.265017][ T6066] loop0: p1 start 8 is beyond EOD, truncated [ 168.271098][ T6066] loop0: p2 start 327680 is beyond EOD, truncated [ 168.309017][ T6073] netlink: 28 bytes leftover after parsing attributes in process `syz.2.148'. [ 168.344886][ T6066] loop0: p3 size 1986356271 extends beyond EOD, truncated [ 168.448356][ T6069] trusted_key: encrypted_key: master key parameter 'us' is invalid [ 168.580081][ T6069] syz.5.147: attempt to access beyond end of device [ 168.580081][ T6069] nbd5: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 168.608414][ T6072] udevd[6072]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 168.641647][ T6069] SQUASHFS error: Failed to read block 0x0: -5 [ 168.715689][ T6069] unable to read squashfs_super_block [ 169.544900][ T6082] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 169.599179][ T6082] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 170.104971][ T6082] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 170.226012][ T6082] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 170.310431][ T6082] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 170.362823][ T6093] tipc: Enabling of bearer rejected, failed to enable media [ 170.516749][ T6082] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 170.554915][ T6082] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 170.569723][ T6082] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 170.631760][ T6082] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 170.777551][ T6082] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 170.805070][ T6082] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 170.849145][ T6082] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 171.144921][ T5249] Bluetooth: hci4: command 0x0c1a tx timeout [ 171.325265][ T5295] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 171.567425][ T5295] usb 1-1: Using ep0 maxpacket: 8 [ 171.609644][ T5295] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 171.643476][ T5295] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 171.655482][ T5295] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 171.666230][ T5295] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 171.744776][ T5295] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 171.756963][ T25] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 171.774079][ T5295] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.895157][ T6120] netlink: 24 bytes leftover after parsing attributes in process `syz.3.162'. [ 171.975272][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 171.992369][ T25] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 172.011772][ T25] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 172.062996][ T5295] usb 1-1: GET_CAPABILITIES returned 0 [ 172.063300][ T25] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 172.081609][ T5295] usbtmc 1-1:16.0: can't read capabilities [ 172.125876][ T25] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 172.191302][ T25] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 172.246377][ T25] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 172.265054][ T5249] Bluetooth: hci1: command 0x0c1a tx timeout [ 172.290641][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.305133][ T6128] netlink: 12 bytes leftover after parsing attributes in process `syz.4.167'. [ 172.436345][ T5295] usb 1-1: USB disconnect, device number 2 [ 172.549840][ T25] usb 3-1: GET_CAPABILITIES returned 0 [ 172.566565][ T25] usbtmc 3-1:16.0: can't read capabilities [ 172.594851][ T5249] Bluetooth: hci3: command 0x0c1a tx timeout [ 172.650390][ T6138] binder: 6123:6138 ioctl 400c620e 20000140 returned -22 [ 172.829222][ T5249] Bluetooth: hci6: command 0x0c1a tx timeout [ 172.850139][ T6140] netlink: 16 bytes leftover after parsing attributes in process `syz.3.168'. [ 173.236470][ T5249] Bluetooth: hci4: command 0x0c1a tx timeout [ 174.344956][ T5249] Bluetooth: hci1: command 0x0c1a tx timeout [ 174.404733][ T5295] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 174.656462][ T5295] usb 4-1: too many configurations: 65, using maximum allowed: 8 [ 174.664790][ T5249] Bluetooth: hci3: command 0x0c1a tx timeout [ 174.687901][ T6165] netlink: 24 bytes leftover after parsing attributes in process `syz.5.177'. [ 174.704409][ T5295] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 174.745497][ T5295] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.905888][ T5249] Bluetooth: hci6: command 0x0c1a tx timeout [ 175.005607][ T6155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.072771][ T6155] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.134481][ T6155] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 175.223122][ T5295] usb 4-1: string descriptor 0 read error: -71 [ 175.239856][ T5295] usb 4-1: Found UVC 0.00 device (046d:08c1) [ 175.270176][ T5295] usb 4-1: No valid video chain found. [ 175.304851][ T5249] Bluetooth: hci4: command 0x0c1a tx timeout [ 175.357947][ T5295] usb 4-1: USB disconnect, device number 3 [ 175.370490][ T5231] usb 3-1: USB disconnect, device number 2 [ 176.251191][ T6189] 9pnet_fd: Insufficient options for proto=fd [ 176.258389][ T5231] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 176.438415][ T5249] Bluetooth: hci1: command 0x0c1a tx timeout [ 176.505329][ T5231] usb 3-1: Using ep0 maxpacket: 8 [ 176.512945][ T5231] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 176.523533][ T5231] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 176.548542][ T5231] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 176.564089][ T5231] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 176.660327][ T5231] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.748905][ T5231] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 176.759819][ T5249] Bluetooth: hci3: command 0x0c1a tx timeout [ 176.808816][ T6194] netlink: 8 bytes leftover after parsing attributes in process `syz.4.187'. [ 176.818476][ T5231] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.995483][ T5249] Bluetooth: hci6: command 0x0c1a tx timeout [ 177.086100][ T6194] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 177.116044][ T5231] usb 3-1: GET_CAPABILITIES returned 0 [ 177.140188][ T5231] usbtmc 3-1:16.0: can't read capabilities [ 177.301022][ T6194] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 177.484195][ T25] usb 3-1: USB disconnect, device number 3 [ 177.633374][ T6206] netlink: 24 bytes leftover after parsing attributes in process `syz.1.191'. [ 177.744756][ T6206] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.304950][ T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 178.427484][ T6222] overlayfs: missing 'lowerdir' [ 178.538669][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 178.562169][ T25] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 178.585171][ T25] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 178.638612][ T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 178.677655][ T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 178.744428][ T25] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 178.897052][ T25] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 178.985078][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.365233][ T25] usb 1-1: GET_CAPABILITIES returned 0 [ 179.391280][ T25] usbtmc 1-1:16.0: can't read capabilities [ 184.094995][ T6258] netlink: 28 bytes leftover after parsing attributes in process `syz.1.208'. [ 184.506075][ T5295] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 184.710410][ T29] audit: type=1326 audit(1725975842.055:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.3.210" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd06e57def9 code=0x0 [ 184.738370][ T5295] usb 5-1: Using ep0 maxpacket: 8 [ 184.752033][ T5295] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 184.862247][ T5295] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 184.943210][ T5295] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 184.996275][ T5295] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 185.072978][ T5295] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 185.126895][ T6270] Invalid ELF section header overflow [ 185.163118][ T5295] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 185.223751][ T5295] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.500342][ T5295] usb 5-1: GET_CAPABILITIES returned 0 [ 185.528427][ T5295] usbtmc 5-1:16.0: can't read capabilities [ 185.839836][ T5295] usb 5-1: USB disconnect, device number 2 [ 185.850784][ T6277] netlink: 4 bytes leftover after parsing attributes in process `syz.5.214'. [ 186.029118][ T6277] usb usb8: usbfs: interface 0 claimed by hub while 'syz.5.214' sets config #261 [ 186.111182][ T6284] overlayfs: missing 'lowerdir' [ 186.262170][ T5231] usb 1-1: USB disconnect, device number 3 [ 187.951376][ T6305] netlink: 28 bytes leftover after parsing attributes in process `syz.3.223'. [ 188.278707][ T6310] process 'syz.0.225' launched './file2' with NULL argv: empty string added [ 188.788354][ T6310] vivid-001: ================= START STATUS ================= [ 188.816498][ T6310] vivid-001: Radio HW Seek Mode: Bounded [ 188.826260][ T6310] vivid-001: Radio Programmable HW Seek: false [ 189.061520][ T6310] vivid-001: RDS Rx I/O Mode: Block I/O [ 189.076069][ T6310] vivid-001: Generate RBDS Instead of RDS: false [ 189.115638][ T6310] vivid-001: RDS Reception: true [ 189.135329][ T6326] vxcan1: tx drop: invalid sa for name 0x0000000000000002 [ 189.143213][ T6310] vivid-001: RDS Program Type: 0 inactive [ 189.151351][ T6310] vivid-001: RDS PS Name: inactive [ 189.178409][ T6310] vivid-001: RDS Radio Text: inactive [ 189.205942][ T6310] vivid-001: RDS Traffic Announcement: false inactive [ 189.257101][ T6310] vivid-001: RDS Traffic Program: false inactive [ 189.441139][ T6310] vivid-001: RDS Music: false inactive [ 189.546280][ T6310] vivid-001: ================== END STATUS ================== [ 189.726754][ T5231] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 189.959463][ T5231] usb 4-1: Using ep0 maxpacket: 8 [ 190.000531][ T5231] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 190.032073][ T5231] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 190.095002][ T5231] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 190.151789][ T6300] loop4: detected capacity change from 0 to 40427 [ 190.167869][ T5231] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 190.233658][ T6300] F2FS-fs (loop4): Invalid segment/section count (31, 24 x 1) [ 190.255489][ T6300] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 190.274538][ T5231] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 190.352238][ T6350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.234'. [ 190.428235][ T6300] F2FS-fs (loop4): invalid crc value [ 190.480995][ T5231] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 190.491409][ T6300] F2FS-fs (loop4): Found nat_bits in checkpoint [ 190.535659][ T5231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.781032][ T29] audit: type=1326 audit(1725975848.125:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6347 comm="syz.5.235" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa1d3f7def9 code=0x0 [ 190.844304][ T5231] usb 4-1: GET_CAPABILITIES returned 0 [ 190.876220][ T5231] usbtmc 4-1:16.0: can't read capabilities [ 190.930071][ T6354] fuse: Bad value for 'rootmode' [ 191.149435][ T5295] usb 4-1: USB disconnect, device number 4 [ 191.306049][ T6347] Process accounting resumed [ 191.408825][ T6364] overlayfs: missing 'lowerdir' [ 191.926843][ T6371] netlink: 2036 bytes leftover after parsing attributes in process `syz.2.242'. [ 191.979614][ T6371] netlink: 'syz.2.242': attribute type 1 has an invalid length. [ 192.022828][ T29] audit: type=1326 audit(1725975849.365:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.5.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d3f7def9 code=0x7ffc0000 [ 192.185983][ T29] audit: type=1326 audit(1725975849.365:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.5.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d3f7def9 code=0x7ffc0000 [ 192.367573][ T29] audit: type=1326 audit(1725975849.395:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.5.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fa1d3f7def9 code=0x7ffc0000 [ 192.500771][ T29] audit: type=1326 audit(1725975849.395:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.5.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d3f7def9 code=0x7ffc0000 [ 192.572048][ T29] audit: type=1326 audit(1725975849.405:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.5.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa1d3f7def9 code=0x7ffc0000 [ 192.596958][ T29] audit: type=1326 audit(1725975849.405:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.5.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d3f7def9 code=0x7ffc0000 [ 192.630849][ T29] audit: type=1326 audit(1725975849.465:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.5.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa1d3f7def9 code=0x7ffc0000 [ 192.756741][ T29] audit: type=1326 audit(1725975849.465:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.5.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d3f7def9 code=0x7ffc0000 [ 192.916877][ T29] audit: type=1326 audit(1725975849.465:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.5.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d3f7def9 code=0x7ffc0000 [ 193.600880][ T6400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.249'. [ 194.710439][ T6405] mkiss: ax0: crc mode is auto. [ 194.992879][ T6421] overlayfs: missing 'lowerdir' [ 195.465387][ T6416] 9pnet: Could not find request transport: fd0x000000000000000a0xffffffffffffffff [ 196.762118][ T29] kauditd_printk_skb: 42 callbacks suppressed [ 196.762141][ T29] audit: type=1326 audit(1725975854.095:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6447 comm="syz.2.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2cb7def9 code=0x7ffc0000 [ 196.919709][ T29] audit: type=1326 audit(1725975854.095:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6447 comm="syz.2.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2cb7def9 code=0x7ffc0000 [ 197.023069][ T29] audit: type=1326 audit(1725975854.095:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6447 comm="syz.2.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7fbd2cb7def9 code=0x7ffc0000 [ 197.045736][ C0] vkms_vblank_simulate: vblank timer overrun [ 197.171631][ T29] audit: type=1326 audit(1725975854.095:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6447 comm="syz.2.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2cb7def9 code=0x7ffc0000 [ 197.323675][ T6461] netlink: 8 bytes leftover after parsing attributes in process `syz.0.269'. [ 197.350065][ T29] audit: type=1326 audit(1725975854.095:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6447 comm="syz.2.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2cb7def9 code=0x7ffc0000 [ 197.372441][ T29] audit: type=1326 audit(1725975854.095:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6447 comm="syz.2.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7fbd2cb7def9 code=0x7ffc0000 [ 197.495412][ T29] audit: type=1326 audit(1725975854.095:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6447 comm="syz.2.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2cb7def9 code=0x7ffc0000 [ 197.615201][ T29] audit: type=1326 audit(1725975854.095:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6447 comm="syz.2.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2cb7def9 code=0x7ffc0000 [ 197.932928][ T29] audit: type=1326 audit(1725975854.145:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6447 comm="syz.2.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fbd2cb7def9 code=0x7ffc0000 [ 197.958194][ T29] audit: type=1326 audit(1725975854.145:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6447 comm="syz.2.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2cb7def9 code=0x7ffc0000 [ 197.980293][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.292298][ T6466] 9pnet_fd: Insufficient options for proto=fd [ 199.031933][ T6482] syz.3.277: attempt to access beyond end of device [ 199.031933][ T6482] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 199.117715][ T6482] SQUASHFS error: Failed to read block 0x0: -5 [ 199.186972][ T6482] unable to read squashfs_super_block [ 199.347912][ T6495] overlayfs: missing 'lowerdir' [ 199.871585][ T1264] ieee802154 phy1 wpan1: encryption failed: -22 [ 201.689838][ T6522] netlink: 8 bytes leftover after parsing attributes in process `syz.3.288'. [ 202.993995][ T6543] capability: warning: `syz.3.294' uses deprecated v2 capabilities in a way that may be insecure [ 204.216333][ T29] kauditd_printk_skb: 61 callbacks suppressed [ 204.216350][ T29] audit: type=1326 audit(1725975861.565:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6137def9 code=0x7ffc0000 [ 204.350584][ T29] audit: type=1326 audit(1725975861.595:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6137def9 code=0x7ffc0000 [ 204.463433][ T29] audit: type=1326 audit(1725975861.595:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f3c6137def9 code=0x7ffc0000 [ 204.585167][ T29] audit: type=1326 audit(1725975861.595:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6137def9 code=0x7ffc0000 [ 204.687637][ T29] audit: type=1326 audit(1725975861.595:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6137def9 code=0x7ffc0000 [ 204.795493][ T29] audit: type=1326 audit(1725975861.595:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f3c6137def9 code=0x7ffc0000 [ 204.855331][ T5293] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 204.936718][ T29] audit: type=1326 audit(1725975861.595:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6137def9 code=0x7ffc0000 [ 205.000965][ T29] audit: type=1326 audit(1725975861.595:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6137def9 code=0x7ffc0000 [ 205.044874][ T5293] usb 1-1: Using ep0 maxpacket: 8 [ 205.061433][ T5293] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 205.089365][ T29] audit: type=1326 audit(1725975861.595:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3c6137def9 code=0x7ffc0000 [ 205.153172][ T5293] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 205.161153][ T29] audit: type=1326 audit(1725975861.595:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6549 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6137def9 code=0x7ffc0000 [ 205.204200][ T5293] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 205.224432][ T5293] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 205.246160][ T5293] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 205.258156][ T5293] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.405880][ T6573] netlink: 4 bytes leftover after parsing attributes in process `syz.1.305'. [ 205.406414][ T6574] netlink: 8 bytes leftover after parsing attributes in process `syz.4.306'. [ 205.619005][ T5293] usb 1-1: usb_control_msg returned -71 [ 205.639391][ T5293] usbtmc 1-1:16.0: can't read capabilities [ 205.680876][ T6576] batman_adv: batadv1: Adding interface: netdevsim0 [ 205.691750][ T5293] usb 1-1: USB disconnect, device number 4 [ 205.738990][ T6576] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.787640][ T6576] batman_adv: batadv1: Interface activated: netdevsim0 [ 206.580945][ T5249] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 207.367858][ T6606] lo speed is unknown, defaulting to 1000 [ 207.424315][ T6611] Zero length message leads to an empty skb [ 207.460839][ T6606] lo speed is unknown, defaulting to 1000 [ 207.638204][ T6606] lo speed is unknown, defaulting to 1000 [ 207.723317][ T6619] netlink: 8 bytes leftover after parsing attributes in process `syz.0.320'. [ 208.837171][ T5293] lo speed is unknown, defaulting to 1000 [ 208.854939][ T6606] infiniband syz1: set down [ 208.867043][ T6606] infiniband syz1: added lo [ 208.890228][ T6606] syz1: rxe_create_cq: returned err = -12 [ 208.918452][ T6606] infiniband syz1: Couldn't create ib_mad CQ [ 208.957913][ T6606] infiniband syz1: Couldn't open port 1 [ 209.077620][ T5295] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 209.125518][ T6606] RDS/IB: syz1: added [ 209.142333][ T6606] smc: adding ib device syz1 with port count 1 [ 209.178952][ T6606] smc: ib device syz1 port 1 has pnetid [ 209.194168][ T5293] lo speed is unknown, defaulting to 1000 [ 209.211732][ T6606] lo speed is unknown, defaulting to 1000 [ 209.294745][ T5295] usb 5-1: Using ep0 maxpacket: 8 [ 209.347998][ T5295] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 209.374053][ T5295] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 209.429332][ T5295] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 209.462667][ T5295] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 209.477323][ T6641] Illegal XDP return value 1767246054 on prog (id 142) dev syz_tun, expect packet loss! [ 209.555377][ T5295] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 209.577765][ T5295] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.857297][ T5295] usb 5-1: usb_control_msg returned -71 [ 209.882433][ T5295] usbtmc 5-1:16.0: can't read capabilities [ 209.890898][ T5249] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 210.001449][ T5295] usb 5-1: USB disconnect, device number 3 [ 210.270190][ T6606] lo speed is unknown, defaulting to 1000 [ 210.984091][ T6667] netlink: 8 bytes leftover after parsing attributes in process `syz.4.338'. [ 211.958892][ T6606] lo speed is unknown, defaulting to 1000 [ 212.949856][ T6686] Process accounting resumed [ 213.127489][ T6606] lo speed is unknown, defaulting to 1000 [ 214.297948][ T5249] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 214.534912][ T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 214.605781][ T6606] lo speed is unknown, defaulting to 1000 [ 214.744729][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 214.774064][ T8] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 214.822194][ T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 214.871748][ T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 214.891018][ T8] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 214.923493][ T8] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 214.960743][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.051004][ T6718] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 215.110255][ T6718] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 215.142554][ T6718] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 215.222465][ T6718] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 215.245851][ T8] usb 3-1: usb_control_msg returned -71 [ 215.324351][ T8] usbtmc 3-1:16.0: can't read capabilities [ 215.443653][ T6606] lo speed is unknown, defaulting to 1000 [ 215.470862][ T6730] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 215.491512][ T8] usb 3-1: USB disconnect, device number 4 [ 216.172157][ T6742] Invalid ELF header magic: != ELF [ 216.329174][ T6742] netlink: 52 bytes leftover after parsing attributes in process `syz.0.359'. [ 216.377355][ T6748] No source specified [ 216.585539][ T5249] Bluetooth: hci4: command 0x0c1a tx timeout [ 216.621463][ T29] kauditd_printk_skb: 21 callbacks suppressed [ 216.621485][ T29] audit: type=1804 audit(1725975873.965:158): pid=6748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.360" name="/newroot/79/bus/file0" dev="overlay" ino=447 res=1 errno=0 [ 217.156473][ T5249] Bluetooth: hci3: command 0x0c1a tx timeout [ 217.162639][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 217.306990][ T5249] Bluetooth: hci6: command 0x0c1a tx timeout [ 217.478830][ T6761] 9pnet_fd: Insufficient options for proto=fd [ 218.982962][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 218.998036][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 219.007657][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 219.020211][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 219.028361][ T5231] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 219.043123][ T55] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 219.056590][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 219.219278][ T1271] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.276191][ T5231] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 219.315420][ T5231] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 219.368469][ T5231] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 219.402678][ T5231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 219.436229][ T5231] usb 4-1: SerialNumber: syz [ 219.479011][ T6768] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 219.666673][ T1271] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.948034][ T1271] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.212188][ T1271] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.463901][ T6800] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 220.742059][ T6802] Invalid ELF header magic: != ELF [ 220.770576][ T1271] bridge_slave_1: left allmulticast mode [ 220.775823][ T6775] lo speed is unknown, defaulting to 1000 [ 220.783524][ T1271] bridge_slave_1: left promiscuous mode [ 220.806675][ T1271] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.867177][ T6802] netlink: 52 bytes leftover after parsing attributes in process `syz.2.374'. [ 220.897579][ T1271] bridge_slave_0: left allmulticast mode [ 220.913099][ T1271] bridge_slave_0: left promiscuous mode [ 220.932284][ T1271] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.148464][ T55] Bluetooth: hci2: command tx timeout [ 221.745474][ T5231] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 221.830378][ T5231] usb 4-1: USB disconnect, device number 5 [ 222.138913][ T6820] 9pnet_fd: Insufficient options for proto=fd [ 223.225009][ T55] Bluetooth: hci2: command tx timeout [ 223.335117][ T1271] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 223.366298][ T1271] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 223.390068][ T1271] bond0 (unregistering): Released all slaves [ 223.421361][ T1271] bond1 (unregistering): Released all slaves [ 223.577632][ T55] Bluetooth: hci6: ACL packet for unknown connection handle 200 [ 223.635195][ T6835] siw: device registration error -23 [ 224.576431][ T6862] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 225.038436][ T8] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 225.304964][ T55] Bluetooth: hci2: command tx timeout [ 225.356853][ T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 225.496375][ T8] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 225.547095][ T8] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 225.597904][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 225.610944][ T8] usb 5-1: SerialNumber: syz [ 225.726433][ T6884] netlink: 'syz.3.393': attribute type 4 has an invalid length. [ 225.745290][ T6864] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 225.968368][ T6775] chnl_net:caif_netlink_parms(): no params data found [ 226.022526][ T6878] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 226.044096][ T6878] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 226.094029][ T6878] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 226.136375][ T6878] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 226.154662][ T6878] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 226.207213][ T6878] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 226.494407][ T6901] 9pnet_fd: Insufficient options for proto=fd [ 226.588769][ T6878] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 227.696755][ T1271] hsr_slave_0: left promiscuous mode [ 227.740926][ T1271] hsr_slave_1: left promiscuous mode [ 227.809328][ T1271] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 227.865065][ T1271] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 227.874713][ T55] Bluetooth: hci4: command 0x0c1a tx timeout [ 227.940346][ T1271] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 228.000488][ T1271] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 228.024319][ T8] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 228.084794][ T8] usb 5-1: USB disconnect, device number 4 [ 228.105225][ T5249] Bluetooth: hci1: command 0x0c1a tx timeout [ 228.111609][ T55] Bluetooth: hci3: command 0x0c1a tx timeout [ 228.134047][ T1271] veth1_macvtap: left promiscuous mode [ 228.185150][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 228.191456][ T5249] Bluetooth: hci6: command 0x0c1a tx timeout [ 228.204849][ T1271] veth0_macvtap: left promiscuous mode [ 228.210648][ T1271] veth1_vlan: left promiscuous mode [ 228.254786][ T1271] veth0_vlan: left promiscuous mode [ 229.173794][ T6908] loop3: detected capacity change from 0 to 40427 [ 229.198969][ T6908] F2FS-fs (loop3): Invalid segment/section count (31, 24 x 1) [ 229.236711][ T6908] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 229.259307][ T6908] F2FS-fs (loop3): invalid crc value [ 229.331302][ T6908] F2FS-fs (loop3): Found nat_bits in checkpoint [ 229.542996][ T6908] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 229.557041][ T6908] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 230.009949][ T6942] netlink: 68 bytes leftover after parsing attributes in process `syz.3.396'. [ 230.149618][ T1271] team0 (unregistering): Port device team_slave_1 removed [ 230.263402][ T1271] team0 (unregistering): Port device team_slave_0 removed [ 230.274873][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 230.646270][ T5230] syz-executor: attempt to access beyond end of device [ 230.646270][ T5230] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 230.669162][ T5230] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 230.717446][ T6945] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 231.449283][ T6948] netlink: 4 bytes leftover after parsing attributes in process `syz.4.407'. [ 231.752453][ T5671] smc: removing ib device syz1 [ 231.793287][ T6775] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.820539][ T6775] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.845037][ T6775] bridge_slave_0: entered allmulticast mode [ 231.865080][ T6775] bridge_slave_0: entered promiscuous mode [ 231.879239][ T6775] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.886857][ T6775] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.894258][ T6775] bridge_slave_1: entered allmulticast mode [ 231.926591][ T6775] bridge_slave_1: entered promiscuous mode [ 232.014705][ T5290] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 232.251114][ T5290] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.271559][ T5290] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 232.310500][ T5290] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 232.323939][ T5290] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.345150][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 232.479289][ T5290] usb 5-1: config 0 descriptor?? [ 232.757439][ T6775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 232.841299][ T6775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.919516][ T5231] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 233.102007][ T6966] serio: Serial port ptm0 [ 233.127165][ T5231] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 233.156169][ T5231] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 233.171944][ T5231] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 233.183974][ T5231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 233.225190][ T5231] usb 4-1: SerialNumber: syz [ 233.296681][ T5290] usbhid 5-1:0.0: can't add hid device: -71 [ 233.345647][ T5290] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 233.362588][ T55] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 233.424120][ T6965] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 233.473961][ T5290] usb 5-1: USB disconnect, device number 5 [ 233.696461][ T6775] team0: Port device team_slave_0 added [ 233.765923][ T6775] team0: Port device team_slave_1 added [ 234.363786][ T6775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.478652][ T6775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.642440][ T6775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.733501][ T6775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.800059][ T6775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.866803][ T6997] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 234.997675][ T6775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.885189][ T5231] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 235.991133][ T6775] hsr_slave_0: entered promiscuous mode [ 236.007582][ T5231] usb 4-1: USB disconnect, device number 6 [ 236.072306][ T6775] hsr_slave_1: entered promiscuous mode [ 236.589869][ T55] Bluetooth: hci6: ACL packet for unknown connection handle 201 [ 236.817277][ T6989] loop4: detected capacity change from 0 to 40427 [ 236.859376][ T6989] F2FS-fs (loop4): Invalid segment/section count (31, 24 x 1) [ 236.895077][ T6989] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 236.949163][ T6989] F2FS-fs (loop4): invalid crc value [ 236.962679][ T6989] F2FS-fs (loop4): Found nat_bits in checkpoint [ 237.134116][ T55] Bluetooth: hci6: ACL packet for unknown connection handle 200 [ 238.040323][ T7057] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 238.404764][ T5231] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 238.598731][ T5231] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 238.653915][ T5231] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 238.693174][ T5231] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 238.729615][ T5231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 238.779875][ T5231] usb 2-1: SerialNumber: syz [ 238.854255][ T7060] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 239.981841][ T6775] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 240.060459][ T6775] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 240.184864][ T5249] Bluetooth: hci2: command 0x0c1a tx timeout [ 240.223203][ T6775] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 240.294081][ T6775] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 241.209987][ T5231] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71 [ 241.251090][ T5231] usb 2-1: USB disconnect, device number 2 [ 241.305412][ T6775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.441991][ T6775] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.525846][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.533121][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.616720][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.623989][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.866963][ T5249] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 241.951992][ T6775] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 241.966192][ T6775] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 242.007389][ T7122] syzkaller1: entered promiscuous mode [ 242.015326][ T7122] syzkaller1: entered allmulticast mode [ 242.149647][ T7119] netlink: 20 bytes leftover after parsing attributes in process `syz.3.445'. [ 242.264900][ T5249] Bluetooth: hci2: command 0x0c1a tx timeout [ 242.963257][ T7146] netlink: 4 bytes leftover after parsing attributes in process `syz.4.451'. [ 243.329680][ T7107] loop1: detected capacity change from 0 to 40427 [ 243.380590][ T6775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.566860][ T7107] F2FS-fs (loop1): Invalid segment/section count (31, 24 x 1) [ 243.613534][ T7107] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 243.743089][ T7107] F2FS-fs (loop1): invalid crc value [ 243.791374][ T7107] F2FS-fs (loop1): Found nat_bits in checkpoint [ 244.231007][ T7166] 9pnet_virtio: no channels available for device syz [ 244.246933][ T7166] netlink: 120 bytes leftover after parsing attributes in process `syz.0.453'. [ 244.255960][ T7166] netlink: 12 bytes leftover after parsing attributes in process `syz.0.453'. [ 244.309779][ T7107] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 244.385128][ T7107] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 245.026718][ T8] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 245.321742][ T6775] veth0_vlan: entered promiscuous mode [ 245.338362][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 245.431048][ T8] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 245.522001][ T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 245.528351][ T6775] veth1_vlan: entered promiscuous mode [ 245.592037][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 245.649748][ T8] usb 4-1: SerialNumber: syz [ 245.690130][ T7175] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 245.953422][ T6775] veth0_macvtap: entered promiscuous mode [ 245.992903][ T7200] netlink: 'syz.1.455': attribute type 4 has an invalid length. [ 246.310164][ T7203] netlink: 'syz.1.455': attribute type 4 has an invalid length. [ 246.592722][ T6775] veth1_macvtap: entered promiscuous mode [ 246.893828][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.094450][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.162089][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.242985][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.298139][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.390858][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.442969][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.495304][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.562582][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.623733][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.690532][ T6775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 247.752282][ T7225] netlink: 4 bytes leftover after parsing attributes in process `syz.2.463'. [ 247.837338][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 247.912368][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.022198][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.061325][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.084379][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.143209][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.184025][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.213559][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.251658][ T6775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.269452][ T6775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.302746][ T8] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 248.304067][ T6775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 248.384080][ T8] usb 4-1: USB disconnect, device number 7 [ 248.653600][ T6775] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.714897][ T6775] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.742705][ T6775] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.773175][ T6775] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.849133][ T7265] netlink: 'syz.0.472': attribute type 4 has an invalid length. [ 249.987164][ T7268] netlink: 'syz.0.472': attribute type 4 has an invalid length. [ 250.282272][ T5671] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.415407][ T5671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.670406][ T6252] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.712783][ T6252] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.916283][ T7241] loop3: detected capacity change from 0 to 40427 [ 250.951056][ T7241] F2FS-fs (loop3): Invalid segment/section count (31, 24 x 1) [ 250.987753][ T7241] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 251.042387][ T7241] F2FS-fs (loop3): invalid crc value [ 251.140513][ T7241] F2FS-fs (loop3): Found nat_bits in checkpoint [ 251.245311][ T55] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 251.357573][ T7241] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 251.373053][ T7241] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 251.733964][ T7309] netlink: 68 bytes leftover after parsing attributes in process `syz.3.466'. [ 252.445447][ T5230] syz-executor: attempt to access beyond end of device [ 252.445447][ T5230] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 252.489103][ T5230] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 252.490979][ T7303] syz.1.478: attempt to access beyond end of device [ 252.490979][ T7303] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 252.509746][ T7303] SQUASHFS error: Failed to read block 0x0: -5 [ 252.575633][ T7303] unable to read squashfs_super_block [ 252.998273][ T7325] netlink: 'syz.2.485': attribute type 4 has an invalid length. [ 253.066671][ T7325] netlink: 'syz.2.485': attribute type 4 has an invalid length. [ 253.630064][ T7321] vivid-001: ================= START STATUS ================= [ 253.687987][ T7321] vivid-001: Radio HW Seek Mode: Bounded [ 253.693766][ T7321] vivid-001: Radio Programmable HW Seek: false [ 253.883904][ T7351] 9pnet_fd: Insufficient options for proto=fd [ 253.902982][ T7321] vivid-001: RDS Rx I/O Mode: Block I/O [ 254.014504][ T7321] vivid-001: Generate RBDS Instead of RDS: false [ 254.022803][ T7321] vivid-001: RDS Reception: true [ 254.089046][ T7321] vivid-001: RDS Program Type: 0 inactive [ 254.099997][ T7321] vivid-001: RDS PS Name: inactive [ 254.212733][ T7321] vivid-001: RDS Radio Text: inactive [ 254.227128][ T7321] vivid-001: RDS Traffic Announcement: false inactive [ 254.572170][ T7321] vivid-001: RDS Traffic Program: false inactive [ 254.615005][ T7321] vivid-001: RDS Music: false inactive [ 254.705972][ T7321] vivid-001: ================== END STATUS ================== [ 255.638586][ T5290] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 255.865272][ T5290] usb 6-1: Using ep0 maxpacket: 8 [ 255.897906][ T5290] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 255.944225][ T5290] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 256.000660][ T5290] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 256.058368][ T5290] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 256.107690][ T5290] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 256.140020][ T5290] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 256.149753][ T5290] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.457900][ T5290] usb 6-1: GET_CAPABILITIES returned 0 [ 256.482885][ T7395] netlink: 'syz.4.500': attribute type 4 has an invalid length. [ 256.487880][ T5290] usbtmc 6-1:16.0: can't read capabilities [ 256.636690][ T7400] netlink: 'syz.4.500': attribute type 4 has an invalid length. [ 256.643865][ T7402] 9pnet_fd: Insufficient options for proto=fd [ 256.695435][ T5295] usb 6-1: USB disconnect, device number 3 [ 258.185673][ T5249] Bluetooth: hci2: command 0x0c1a tx timeout [ 258.896009][ T7432] syz.5.511: attempt to access beyond end of device [ 258.896009][ T7432] nbd5: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 258.919080][ T7432] SQUASHFS error: Failed to read block 0x0: -5 [ 258.923108][ T7441] lo speed is unknown, defaulting to 1000 [ 258.953672][ T7432] unable to read squashfs_super_block [ 258.973255][ T7441] lo speed is unknown, defaulting to 1000 [ 259.024898][ T25] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 259.031683][ T7441] lo speed is unknown, defaulting to 1000 [ 259.135707][ T7449] netlink: 'syz.4.517': attribute type 4 has an invalid length. [ 259.204868][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 259.228575][ T25] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 259.273391][ T7449] netlink: 'syz.4.517': attribute type 4 has an invalid length. [ 259.277355][ T25] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 259.327095][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 259.349035][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 259.359502][ T25] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 259.373303][ T25] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 259.382706][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.680685][ T25] usb 2-1: GET_CAPABILITIES returned 0 [ 259.710793][ T25] usbtmc 2-1:16.0: can't read capabilities [ 260.072355][ T7441] infiniband syz1: set active [ 260.077561][ T5290] lo speed is unknown, defaulting to 1000 [ 260.134851][ T7441] infiniband syz1: added lo [ 260.150525][ T7441] syz1: rxe_create_cq: returned err = -12 [ 260.202658][ T7441] infiniband syz1: Couldn't create ib_mad CQ [ 260.236971][ T7441] infiniband syz1: Couldn't open port 1 [ 260.301785][ T7441] RDS/IB: syz1: added [ 260.379395][ T7441] smc: adding ib device syz1 with port count 1 [ 260.436076][ T7441] smc: ib device syz1 port 1 has pnetid [ 260.474270][ T5295] lo speed is unknown, defaulting to 1000 [ 260.488646][ T7441] lo speed is unknown, defaulting to 1000 [ 260.694709][ T5290] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 260.721167][ T7441] lo speed is unknown, defaulting to 1000 [ 260.791327][ T7465] netlink: 32 bytes leftover after parsing attributes in process `syz.4.519'. [ 260.925153][ T5290] usb 4-1: Using ep0 maxpacket: 8 [ 260.941260][ T5290] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 260.970112][ T5290] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 261.035676][ T5290] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 261.082111][ T5290] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 261.125441][ T5290] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 261.184160][ T5290] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 261.189348][ T7465] netlink: 8 bytes leftover after parsing attributes in process `syz.4.519'. [ 261.229932][ T5290] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.314183][ T1264] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.492496][ T5290] usb 4-1: GET_CAPABILITIES returned 0 [ 261.511338][ T5290] usbtmc 4-1:16.0: can't read capabilities [ 261.707104][ T5290] usb 4-1: USB disconnect, device number 8 [ 261.861279][ T7441] lo speed is unknown, defaulting to 1000 [ 261.866622][ T5231] usb 2-1: USB disconnect, device number 3 [ 262.113914][ T7482] 9pnet_fd: Insufficient options for proto=fd [ 262.506663][ T7494] netlink: 'syz.3.531': attribute type 4 has an invalid length. [ 262.558720][ T7493] netlink: 'syz.3.531': attribute type 4 has an invalid length. [ 262.864265][ T7441] lo speed is unknown, defaulting to 1000 [ 264.177618][ T7441] lo speed is unknown, defaulting to 1000 [ 264.354711][ T5290] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 264.413845][ T7491] loop2: detected capacity change from 0 to 40427 [ 264.479168][ T7491] F2FS-fs (loop2): Invalid segment/section count (31, 24 x 1) [ 264.514116][ T7491] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 264.555873][ T5290] usb 4-1: Using ep0 maxpacket: 8 [ 264.585956][ T5290] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 264.594853][ T7491] F2FS-fs (loop2): invalid crc value [ 264.600823][ T5290] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 264.625070][ T5290] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 264.657615][ T7491] F2FS-fs (loop2): Found nat_bits in checkpoint [ 264.704774][ T5290] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 264.745385][ T5290] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 264.788577][ T7491] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 264.798516][ T5290] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 264.821698][ T5290] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.824016][ T7491] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 264.844323][ T7441] lo speed is unknown, defaulting to 1000 [ 265.067368][ T5290] usb 4-1: GET_CAPABILITIES returned 0 [ 265.094356][ T5290] usbtmc 4-1:16.0: can't read capabilities [ 265.325333][ T7536] netlink: 68 bytes leftover after parsing attributes in process `syz.2.530'. [ 265.490904][ T25] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 265.915276][ T5227] syz-executor: attempt to access beyond end of device [ 265.915276][ T5227] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 265.960517][ T5227] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 265.977197][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 266.007171][ T25] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 266.034093][ T25] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 266.084306][ T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 266.114777][ T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 266.145592][ T25] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 266.193545][ T25] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 266.225033][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.500740][ T25] usb 5-1: GET_CAPABILITIES returned 0 [ 266.520109][ T25] usbtmc 5-1:16.0: can't read capabilities [ 266.665013][ T5249] Bluetooth: hci2: command 0x0c1a tx timeout [ 266.740277][ T25] usb 5-1: USB disconnect, device number 6 [ 267.296862][ T7556] netlink: 'syz.2.546': attribute type 4 has an invalid length. [ 267.363770][ T25] usb 4-1: USB disconnect, device number 9 [ 267.450201][ T7560] netlink: 'syz.2.546': attribute type 4 has an invalid length. [ 267.966104][ T7573] netlink: 4 bytes leftover after parsing attributes in process `syz.5.558'. [ 268.032682][ T7575] rdma_rxe: rxe_newlink: failed to add lo [ 268.694889][ T5295] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 268.726504][ T5290] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 268.908394][ T5295] usb 5-1: Using ep0 maxpacket: 8 [ 268.932701][ T5295] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 268.955787][ T5290] usb 2-1: Using ep0 maxpacket: 8 [ 268.964451][ T5295] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 268.992558][ T5290] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 269.010483][ T5295] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 269.030483][ T5290] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 269.065097][ T5295] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 269.095726][ T5290] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 269.184748][ T5295] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 269.199780][ T5290] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 269.234145][ T5290] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 269.247592][ T5295] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 269.307303][ T5295] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.322011][ T5290] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 269.374362][ T5290] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.542684][ T7571] loop2: detected capacity change from 0 to 40427 [ 269.576888][ T5295] usb 5-1: GET_CAPABILITIES returned 0 [ 269.585127][ T5295] usbtmc 5-1:16.0: can't read capabilities [ 269.658398][ T7607] netlink: 'syz.5.571': attribute type 4 has an invalid length. [ 269.683325][ T5290] usb 2-1: GET_CAPABILITIES returned 0 [ 269.705117][ T7571] F2FS-fs (loop2): Invalid segment/section count (31, 24 x 1) [ 269.714157][ T5290] usbtmc 2-1:16.0: can't read capabilities [ 269.731910][ T7608] netlink: 'syz.5.571': attribute type 4 has an invalid length. [ 269.756172][ T7571] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 269.857893][ T7571] F2FS-fs (loop2): invalid crc value [ 269.889217][ T5293] usb 2-1: USB disconnect, device number 4 [ 269.933962][ T7571] F2FS-fs (loop2): Found nat_bits in checkpoint [ 271.554224][ T25] usb 5-1: USB disconnect, device number 7 [ 271.876534][ T7628] netlink: 4 bytes leftover after parsing attributes in process `syz.3.577'. [ 273.696450][ T7651] ======================================================= [ 273.696450][ T7651] WARNING: The mand mount option has been deprecated and [ 273.696450][ T7651] and is ignored by this kernel. Remove the mand [ 273.696450][ T7651] option from the mount to silence this warning. [ 273.696450][ T7651] ======================================================= [ 273.790437][ T7654] rdma_rxe: rxe_newlink: failed to add lo [ 274.747408][ T7662] binder: 7661:7662 ioctl c0306201 0 returned -14 [ 275.225281][ T5231] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 275.294673][ T5290] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 275.474830][ T5231] usb 2-1: Using ep0 maxpacket: 8 [ 275.492266][ T7676] netlink: 4 bytes leftover after parsing attributes in process `syz.5.595'. [ 275.510047][ T5231] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 275.524956][ T5290] usb 1-1: Using ep0 maxpacket: 8 [ 275.525746][ T5231] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 275.565246][ T5290] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 275.574659][ T5231] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 275.574698][ T5231] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 275.574730][ T5231] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 275.574787][ T5231] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 275.574818][ T5231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.764741][ T5290] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 275.825051][ T5290] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 275.834809][ T5231] usb 2-1: GET_CAPABILITIES returned 0 [ 275.840457][ T5231] usbtmc 2-1:16.0: can't read capabilities [ 275.864672][ T5290] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 275.913088][ T5290] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 275.987206][ T5290] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 276.034235][ T5290] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.441601][ T5290] usb 1-1: GET_CAPABILITIES returned 0 [ 276.450129][ T5290] usbtmc 1-1:16.0: can't read capabilities [ 276.656625][ T5290] usb 1-1: USB disconnect, device number 5 [ 278.413544][ T7701] syz1: rxe_newlink: already configured on lo [ 278.694839][ T5231] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 278.916337][ T59] usb 2-1: USB disconnect, device number 5 [ 279.014667][ T5231] usb 5-1: Using ep0 maxpacket: 8 [ 279.030679][ T5231] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 279.085109][ T5231] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 279.150620][ T5231] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 279.206928][ T5231] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 279.278406][ T5231] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 279.345447][ T5231] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 279.429015][ T5231] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 279.944525][ T7719] netlink: 4 bytes leftover after parsing attributes in process `syz.2.609'. [ 280.757029][ T7735] rdma_rxe: rxe_newlink: failed to add lo [ 281.900339][ T5231] usb 5-1: unable to read config index 1 descriptor/start: -71 [ 281.929012][ T5231] usb 5-1: can't read configurations, error -71 [ 282.028516][ T25] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 282.135439][ T7750] dns_resolver: Unsupported server list version (0) [ 282.204660][ T59] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 282.225431][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 282.254197][ T25] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 282.276920][ T25] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 282.300837][ T25] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 282.324421][ T25] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 282.360157][ T25] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 282.407622][ T59] usb 6-1: Using ep0 maxpacket: 8 [ 282.417421][ T25] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 282.435226][ T59] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 282.457290][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.469153][ T59] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 282.500310][ T59] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 282.527776][ T59] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 282.563941][ T59] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 282.599609][ T59] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 282.632321][ T59] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.702277][ T25] usb 4-1: usb_control_msg returned -71 [ 282.711801][ T25] usbtmc 4-1:16.0: can't read capabilities [ 282.755455][ T25] usb 4-1: USB disconnect, device number 10 [ 282.974944][ T59] usb 6-1: GET_CAPABILITIES returned 0 [ 282.981374][ T59] usbtmc 6-1:16.0: can't read capabilities [ 283.467185][ T7766] 9pnet_fd: Insufficient options for proto=fd [ 283.644001][ T7771] netlink: 4 bytes leftover after parsing attributes in process `syz.3.628'. [ 285.224218][ T5249] Bluetooth: hci2: command 0x0c1a tx timeout [ 285.370663][ T7790] rdma_rxe: rxe_newlink: failed to add lo [ 285.451883][ T5293] usb 6-1: USB disconnect, device number 4 [ 286.116461][ T7812] netlink: 4 bytes leftover after parsing attributes in process `syz.4.643'. [ 286.126114][ T25] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 286.355047][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 286.368011][ T25] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 286.386344][ T25] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 286.442776][ T25] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 286.468373][ T25] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 286.488897][ T25] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 286.502518][ T25] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 286.512239][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.980956][ T25] usb 3-1: usb_control_msg returned -71 [ 286.996641][ T25] usbtmc 3-1:16.0: can't read capabilities [ 288.035729][ T25] usb 3-1: USB disconnect, device number 5 [ 288.080559][ T7823] 9pnet_fd: Insufficient options for proto=fd [ 288.394771][ T5293] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 288.505385][ T5249] Bluetooth: hci2: command 0x0c1a tx timeout [ 288.604912][ T5293] usb 6-1: Using ep0 maxpacket: 8 [ 288.653840][ T5293] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 288.698269][ T5293] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 288.779155][ T5293] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 288.880794][ T5293] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 288.938550][ T5293] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 289.045204][ T5293] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 289.097077][ T5293] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.274004][ T7853] netlink: 4 bytes leftover after parsing attributes in process `syz.1.657'. [ 289.393298][ T5293] usb 6-1: GET_CAPABILITIES returned 0 [ 289.502478][ T5293] usbtmc 6-1:16.0: can't read capabilities [ 291.463201][ T25] usb 6-1: USB disconnect, device number 5 [ 291.833493][ T7886] 9pnet_fd: Insufficient options for proto=fd [ 292.066402][ T5293] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 292.117202][ T7894] netlink: 4 bytes leftover after parsing attributes in process `syz.5.673'. [ 292.285059][ T5293] usb 3-1: Using ep0 maxpacket: 8 [ 292.320828][ T5293] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 292.344637][ T5293] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 292.389162][ T5293] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 292.440158][ T5293] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 292.707320][ T5293] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 293.674681][ T5293] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 293.704658][ T5293] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.972120][ T5293] usb 3-1: usb_control_msg returned -71 [ 294.013669][ T5293] usbtmc 3-1:16.0: can't read capabilities [ 294.072043][ T5293] usb 3-1: USB disconnect, device number 6 [ 294.134825][ T5295] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 294.370707][ T5295] usb 6-1: Using ep0 maxpacket: 8 [ 294.407860][ T5295] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 294.440693][ T5295] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 294.464806][ T5295] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 294.476086][ T5295] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 294.486354][ T5295] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 294.514228][ T5295] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 294.536516][ T5295] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.898322][ T5295] usb 6-1: GET_CAPABILITIES returned 0 [ 294.903899][ T5295] usbtmc 6-1:16.0: can't read capabilities [ 295.239548][ T7943] netlink: 4 bytes leftover after parsing attributes in process `syz.4.689'. [ 295.769788][ T7960] 9pnet_fd: Insufficient options for proto=fd [ 296.021594][ T5249] Bluetooth: hci5: sending frame failed (-49) [ 296.032061][ T55] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 296.976726][ T25] usb 6-1: USB disconnect, device number 6 [ 297.771908][ T7994] netlink: 4 bytes leftover after parsing attributes in process `syz.2.709'. [ 297.900940][ T8000] 9pnet_fd: Insufficient options for proto=fd [ 299.154957][ T5295] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 299.375916][ T5295] usb 6-1: Using ep0 maxpacket: 8 [ 299.389315][ T5295] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 299.408039][ T5295] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 299.448580][ T5295] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 299.469400][ T5295] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 299.494153][ T5295] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 299.515484][ T5295] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 299.543192][ T5295] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.766088][ T8037] netlink: 4 bytes leftover after parsing attributes in process `syz.4.725'. [ 299.777343][ T5295] usb 6-1: GET_CAPABILITIES returned 0 [ 299.794783][ T5295] usbtmc 6-1:16.0: can't read capabilities [ 300.267190][ T8050] 9pnet_fd: Insufficient options for proto=fd [ 301.218694][ T8073] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 301.871817][ T5231] usb 6-1: USB disconnect, device number 7 [ 302.743976][ T8115] 9pnet_fd: Insufficient options for proto=fd [ 303.745019][ T5293] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 303.976291][ T5293] usb 6-1: Using ep0 maxpacket: 8 [ 304.001905][ T5293] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 304.070503][ T5293] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 304.161997][ T5293] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 304.218271][ T5293] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 304.267696][ T8156] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 304.312790][ T5293] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 304.455898][ T5293] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 304.523216][ T5293] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.672313][ T8169] overlayfs: missing 'lowerdir' [ 304.942723][ T5293] usb 6-1: GET_CAPABILITIES returned 0 [ 304.982668][ T5293] usbtmc 6-1:16.0: can't read capabilities [ 306.456942][ T8202] rdma_rxe: rxe_newlink: failed to add lo [ 306.524189][ T8206] 9pnet_fd: Insufficient options for proto=fd [ 306.869622][ T8213] netlink: 12 bytes leftover after parsing attributes in process `syz.0.785'. [ 307.191125][ T8218] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 307.354637][ T25] usb 6-1: USB disconnect, device number 8 [ 308.044758][ T8241] overlayfs: missing 'lowerdir' [ 308.898677][ T8254] No control pipe specified [ 309.414017][ T8270] netlink: 12 bytes leftover after parsing attributes in process `syz.0.799'. [ 310.506578][ T5293] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 310.553609][ T8289] 9pnet_virtio: no channels available for device syz [ 310.734767][ T5293] usb 4-1: Using ep0 maxpacket: 8 [ 310.761265][ T5293] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 310.780303][ T5231] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 310.805886][ T5293] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 310.834758][ T5293] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 310.884893][ T5293] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 310.923295][ T5293] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 310.984806][ T5293] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 311.025602][ T5231] usb 3-1: Using ep0 maxpacket: 16 [ 311.044052][ T5293] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.089518][ T5231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 311.252969][ T5231] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 311.328222][ T5293] usb 4-1: GET_CAPABILITIES returned 0 [ 311.336433][ T5231] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 311.395069][ T5231] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.410166][ T5293] usbtmc 4-1:16.0: can't read capabilities [ 311.471074][ T5231] usb 3-1: config 0 descriptor?? [ 322.845444][ T1264] ieee802154 phy1 wpan1: encryption failed: -22 [ 416.764536][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 416.771650][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P8296/1:b..l [ 416.780396][ C1] rcu: (detected by 1, t=10502 jiffies, g=35513, q=308 ncpus=2) [ 416.788147][ C1] task:syz.0.809 state:R running task stack:26480 pid:8296 tgid:8292 ppid:5372 flags:0x00004004 [ 416.801900][ C1] Call Trace: [ 416.805189][ C1] [ 416.808120][ C1] __schedule+0x1800/0x4a60 [ 416.812638][ C1] ? finish_task_switch+0x1e5/0x870 [ 416.817865][ C1] ? __pfx___schedule+0x10/0x10 [ 416.822741][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 416.828399][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 416.834401][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 416.839686][ C1] preempt_schedule_irq+0xfb/0x1c0 [ 416.844799][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 416.850523][ C1] irqentry_exit+0x5e/0x90 [ 416.854932][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 416.860918][ C1] RIP: 0010:sk_psock_get+0x159/0x520 [ 416.866207][ C1] Code: 20 00 74 08 4c 89 ff e8 05 69 b2 f7 4d 8b 37 e8 cd 35 71 01 89 c3 31 ff 89 c6 e8 82 25 4b f7 85 db 74 1f e8 a9 02 30 f7 89 c3 <31> ff 89 c6 e8 6e 25 4b f7 85 db 0f 84 84 01 00 00 e8 21 21 4b f7 [ 416.885844][ C1] RSP: 0018:ffffc90003f47500 EFLAGS: 00000282 [ 416.891925][ C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000080000000 [ 416.899902][ C1] RDX: ffff88802a9d1e00 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c608f40 [ 416.907874][ C1] RBP: ffffc90003f475b0 R08: ffffffff8a486b6e R09: 1ffffffff283c908 [ 416.915847][ C1] R10: dffffc0000000000 R11: fffffbfff283c909 R12: dffffc0000000000 [ 416.923818][ C1] R13: 1ffff920007e8eea R14: 0000000000000000 R15: ffff8880530c6c90 [ 416.931806][ C1] ? sk_psock_get+0x14e/0x520 [ 416.936516][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 416.942162][ C1] ? sk_psock_get+0x7f/0x520 [ 416.946761][ C1] ? __pfx_sk_psock_get+0x10/0x10 [ 416.951793][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 416.957447][ C1] tls_sw_recvmsg+0x248/0x1c20 [ 416.962214][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 416.967852][ C1] ? mark_lock+0x9a/0x350 [ 416.972191][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 416.977823][ C1] ? lockdep_hardirqs_on_prepare+0x3e1/0x780 [ 416.983814][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 416.989451][ C1] ? __lock_acquire+0x137a/0x2040 [ 416.994488][ C1] ? __pfx_tls_sw_recvmsg+0x10/0x10 [ 416.999719][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 417.005367][ C1] ? __pfx_tls_sw_recvmsg+0x10/0x10 [ 417.010573][ C1] inet6_recvmsg+0x2cb/0x730 [ 417.015187][ C1] ? __pfx_inet6_recvmsg+0x10/0x10 [ 417.020588][ C1] ? iovec_from_user+0x61/0x240 [ 417.025457][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 417.031099][ C1] ? __import_iovec+0x361/0x820 [ 417.035962][ C1] sock_recvmsg_nosec+0x9a/0x1d0 [ 417.040900][ C1] ____sys_recvmsg+0x3c0/0x470 [ 417.045680][ C1] ? __pfx_____sys_recvmsg+0x10/0x10 [ 417.050982][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 417.056629][ C1] ? __might_fault+0xaa/0x120 [ 417.061322][ C1] do_recvmmsg+0x474/0xae0 [ 417.065754][ C1] ? __pfx___futex_wait+0x10/0x10 [ 417.070806][ C1] ? __pfx_do_recvmmsg+0x10/0x10 [ 417.075752][ C1] ? __pfx_futex_wake_mark+0x10/0x10 [ 417.081060][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 417.086704][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 417.092341][ C1] ? futex_wait+0x285/0x360 [ 417.096856][ C1] ? __pfx_futex_wait+0x10/0x10 [ 417.101721][ C1] ? do_sock_setsockopt+0x3e2/0x720 [ 417.106936][ C1] ? __pfx_do_futex+0x10/0x10 [ 417.111624][ C1] __x64_sys_recvmmsg+0x199/0x250 [ 417.116657][ C1] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 417.122204][ C1] ? do_syscall_64+0x100/0x230 [ 417.126969][ C1] ? do_syscall_64+0xb6/0x230 [ 417.131649][ C1] do_syscall_64+0xf3/0x230 [ 417.136158][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 417.141813][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.147891][ C1] RIP: 0033:0x7fa0be17def9 [ 417.152300][ C1] RSP: 002b:00007fa0befec038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 417.160725][ C1] RAX: ffffffffffffffda RBX: 00007fa0be336058 RCX: 00007fa0be17def9 [ 417.168788][ C1] RDX: 00000000ffffff1f RSI: 00000000200061c0 RDI: 0000000000000003 [ 417.176762][ C1] RBP: 00007fa0be1f09f6 R08: 0000000000000000 R09: 0000000000000000 [ 417.184735][ C1] R10: 0000000000000102 R11: 0000000000000246 R12: 0000000000000000 [ 417.192716][ C1] R13: 0000000000000000 R14: 00007fa0be336058 R15: 00007fff2fd6ae88 [ 417.200740][ C1] [ 417.203758][ C1] rcu: rcu_preempt kthread starved for 10376 jiffies! g35513 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 417.214955][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 417.224915][ C1] rcu: RCU grace-period kthread stack dump: [ 417.230786][ C1] task:rcu_preempt state:R running task stack:24912 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 417.242532][ C1] Call Trace: [ 417.245802][ C1] [ 417.248728][ C1] __schedule+0x1800/0x4a60 [ 417.253276][ C1] ? __pfx___schedule+0x10/0x10 [ 417.258140][ C1] ? __pfx_lock_release+0x10/0x10 [ 417.263176][ C1] ? __asan_memset+0x23/0x50 [ 417.267782][ C1] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 417.273597][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 417.279932][ C1] ? schedule+0x90/0x320 [ 417.284182][ C1] schedule+0x14b/0x320 [ 417.288346][ C1] schedule_timeout+0x1be/0x310 [ 417.293217][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 417.298620][ C1] ? __pfx_process_timeout+0x10/0x10 [ 417.303920][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 417.309557][ C1] ? prepare_to_swait_event+0x32e/0x350 [ 417.315116][ C1] rcu_gp_fqs_loop+0x2df/0x1330 [ 417.319971][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 417.325167][ C1] ? rcu_gp_init+0x1256/0x1630 [ 417.329937][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 417.334869][ C1] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 417.340939][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 417.346222][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 417.352128][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 417.357771][ C1] ? finish_swait+0xd4/0x1e0 [ 417.362368][ C1] rcu_gp_kthread+0xa7/0x3b0 [ 417.366970][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 417.372171][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 417.378079][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 417.383715][ C1] ? __kthread_parkme+0x169/0x1d0 [ 417.388748][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 417.393951][ C1] kthread+0x2f2/0x390 [ 417.398015][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 417.403310][ C1] ? __pfx_kthread+0x10/0x10 [ 417.407915][ C1] ret_from_fork+0x4d/0x80 [ 417.412339][ C1] ? __pfx_kthread+0x10/0x10 [ 417.416925][ C1] ret_from_fork_asm+0x1a/0x30 [ 417.421708][ C1] [ 417.424716][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 417.431021][ C1] Sending NMI from CPU 1 to CPUs 0: [ 417.436233][ C0] NMI backtrace for cpu 0 skipped: idling at acpi_safe_halt+0x21/0x30