last executing test programs: 5.666454534s ago: executing program 2 (id=2999): r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0xa2a}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) write$binfmt_script(r3, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) statx(0xffffffffffffffff, &(0x7f0000001340)='./file0\x00', 0x100, 0x40, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000001480)='./file0/file0\x00', &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0xa000, &(0x7f0000001540)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x1}}], [{@smackfshat={'smackfshat', 0x3d, '*'}}, {@subj_user}]}}, 0x0, 0x0, &(0x7f0000001600)="3c677acb98be2ecf60d8f66637fdc7ebc77bfece7b133e791f17f445a06604481c1895fb78661a9b62677109faee9b67a36d30c0ab64a17f05624521411085bf739cdc02321eea652711f241f39595c0ab3667534015540b2c813fa81753ba8b6e0592587ba962bbc934608ab5db7cae6935c17901bd67825de7f14ba52ea83d3f9d7f166a41195ba2b7508108fda9e8b9965347702e487dbee36951be7a31d08029fd98c70ae68f56cbcddfa21ed3b81c4b5d") getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000003140)=""/4095, &(0x7f0000000000)=0xfff) socket$inet6_sctp(0xa, 0x0, 0x84) keyctl$unlink(0xb, 0x0, 0xfffffffffffffffc) read$FUSE(0xffffffffffffffff, &(0x7f0000004d00)={0x2020}, 0x2020) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000004c80)=""/83, 0x0}) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$SNDCTL_DSP_GETOPTR(r6, 0x800c5012, &(0x7f00000016c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0x200000, 0x0, 0x28011, r6, 0x0) 5.128224417s ago: executing program 2 (id=3000): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) syz_mount_image$erofs(&(0x7f00000000c0), &(0x7f0000000140)='./bus\x00', 0x0, &(0x7f0000000080)=ANY=[], 0xfd, 0x1e9, &(0x7f0000000700)="$eJzsmT2LE0EYx/8zu9nkDhFsLGwUPPCEu83uRuUai/MLKNz51hm89Tjdu0huiyQgGGxs/Bh+BYtUKezsbLVQQbAwpfXI7DzZDHkjiQkKPj+4ud/OPPvMSzZPIAHDMP8t377++vLm1s7+FoAz2ECR+n84gxhpxX8ukXx6+/7k7IvOcD4dK4x2Z11Dd9dBSq6UUvbYBv3fh8z9LiSukt+HgE/+CBL3yGMIPCR/anltjSSJ/ce15ODJURIHugl1E+mmYs/vAui1BQ4AlGh9who/bbaeVZMkrg9LQfXnGRmaV6adnQu4vV2Jm9b56dfgwetXbX3dP5vAOr8QEiF5BQJ75Dsowvd9/QiYI7H2f8Ed5Hdm2f8icruwnDwejJzbnha8tZS5FhQPwN+bfW5p/xvLWI4Iq2dNi35D5z3ne50Po3d9X+XCLq12y6CaPTL0cf3PMntUBMbGDOqnLrlXrPrkws3rRzk9fl4+bba2j46rh/FhfBJFlRvBtSC4HpWz2mzaKfWvlNWndSt/YUKsJzw0qmlaDxtAWg/z68i0VsXde1f7md0js/onsXnZ5NCPSrbt4vg5BP2Zz0Ftm87ExTMMwzAMwzAMwzAMwzAMw8zFRYjsW1D6oUophZdmRNlEd7K+3wEAAP//zPhXeA==") 4.748546293s ago: executing program 2 (id=3001): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40)={[{@stripe={'stripe', 0x3d, 0x3}}, {@noauto_da_alloc}, {@jqfmt_vfsold}, {@data_err_ignore}, {@noauto_da_alloc}, {@delalloc}, {@resuid}, {@oldalloc}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000340)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000004340)='\aK', 0x2}], 0x1, 0x7fff, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305839, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3fffffff404}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r3, 0x6628) sendfile(r1, r3, 0x0, 0xd612) 4.224594682s ago: executing program 2 (id=3005): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 4.043392042s ago: executing program 3 (id=3007): sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040), 0xc, 0x0}, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/145, 0x91}], 0x1) 3.852353079s ago: executing program 3 (id=3008): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r1}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000780)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800450000b000000000001181780000000000000000fffc4e20009c907801357ea314a14fa4bb126c5f592b050000000000000000000000190000004ceef9ddabd01b9dc5ef339c6d1e1c4b329f3b218c46565d8eb6fc8a3338e2792c34722647698634a5a3fa6e0601a63ea852d8001e63559b9555ba6da1eb84cb43ef71bd041a4ce7cd5533b2734a5cce3d303391cf113a001f247df1ec6a5851d09eafe24849040ec6b3dc5f0000000000000000000069c2bb9ddbc8a70a229dc9ba4c7338f0fb384016a47fb67c68f42d1b53c8b7e386bfdc"], 0x0) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="1f89b5"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000002c0)=ANY=[@ANYBLOB="000002000000f9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.300110562s ago: executing program 4 (id=3011): r0 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000440)={0x2, @raw_data="e661f34b8378a06377e5cfcd6420069066aaee5536e101c89c3f1b2e25248ea6c1ccda0b6bfb69071095adeb17d90efbb97e19b831e11ec971680df353bc6284ac3b49889bbffefaeee251657191a2c27d2a2178ade7544120645feb845fdc9a85da0098fdc0acb1c9bca7107ec11f46d4fde4926681d05166fa335ed2583d55529ce209782e85a8ba6ff93f223926b645ea444de345e0680b9f6a9b13abc9c5a8e65cab6801c47e05aa8704df99035b26ceb1f01f4192ae3b0bbd217d1e42b6b938118041be7dfe"}) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040)={0xa}, 0x8) shutdown(r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x16, 0x34, &(0x7f000001ba80)=ANY=[@ANYBLOB="180000000700000000000000e500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000040000000850000000600000018110000", @ANYRES32, @ANYBLOB="000065d98b000000000000b70200004b5022fe850000008600000018100000", @ANYRES32, @ANYBLOB="000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa2000053e1f1fbffffff07020000f8ffffffb703000008000000b70400000200000085000000820000006da3910001000000b7080000000000007b8af8ff00000000b7080000050000007b8af0ff00000000bfa100000000000007ffffffbfa400000000000007040000f0ffffffb7020000080000001800000000", @ANYRES32, @ANYRES8=r1], &(0x7f0000000140)='GPL\x00', 0xa, 0x95, &(0x7f0000000180)=""/149}, 0x90) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r5 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) ioctl$BTRFS_IOC_RM_DEV(r1, 0x5000940b, &(0x7f000001aa80)={{r3}, "a84ceff24ec05af58873137ef001ed7909206d51bff32e41903334a11ff3aebb1ce38a2555b4d03da9f3e2db0aca17f7bba49a81047c96bbf97d712c175c94a91a0be6a6a31198205b4e0d56e0aba875e92491db2cf9e53d63c1f2bbde789e7871f1249d946bdbc3c1601ab37b7bccfcbc53b0500c37f7deb3fe32aa267f382c005071539eeb3b833ecd8b915c88f2ff618b06c9991e0942bf495a16935faafcf94f454753ad5347d5dd30c0938c237095b00982c56e8a53c04b1434d84b7e2325ef05d1f0b7fc194cd2264cfeeda95996b763fc8165e83757f8ddd78c9e05c6c9e7a7c8ec57dfc2cc374d34f2cbaf865ace7869b7e60b5deeea3570fadeb5e3dd8e73cc9f36185f716756bda4bb21770cd3d55f38a8a16e7359171eb060c38d5d136db883cbb6fbbf6e553f79424d47f1685d6f040fbb87f258c54b6e57dc8a30754915a821c947b68981e34817697fc947e00a2824968f7d2e143d6083e6027235d3e43cab71d97a681abf6a982445cda15407b5a6dd8b22c928ce4ebdd23e17f5a33459f39ff588b1115f244abf9de512e0a59304d89199c0d461220986875999960c997d1c21a8d1de0a683af0f85c55c45c7b4bd0b872a220f4ca6c700406699fc7db920352440a62a391bb6a83da2d2d6bc4ef75f416de91359dcdc52fe4eacc1ed47d55eee1b1abb16e9cc11003f0deb0ded3e1f8a9f8aec8230635e9dc051c2f15d175f35a628c74d9a6b2d82c5a75f3d9e979c92cb538434581f4eceb6e189eca76a2c1555b0cfe6617f79daccdc7c468c48fa15aea77cb272616d39193a661a93b568f76c1ccfe01636a43c0d1764890f34a3896d1c2dac1682911cbb83a2ecb821a1f0291ad043f4dfdef23df8692d76aec010cae0a3ab31953412957c6a9bb85e3877e05a4329866b58de2b277a8b1f0ae9972fadd28bbb9f4d9a9ccb984b62c2433dfa717b50cca7e6fabea75c3067fba80e29a8dbd8207b262ea81f359c8560f91188d569b7097682d57b7baacfed370b75176b58823cae76ad34c81cc57ff73b3c1a26fedbd90cc27bbeab4653cdec015383cc83f111899ba5f4837325e311ab7d5dab941544676cb99e687e29da025363e6f9764c058cad8c8312c66abd603c59b52013631efdb8aa34f6b9904b2adfaba3332989c6cdec0855496b41c48875cd9a71f6a96d7ad70a109fc5e47b5994479ac31c6ddb74748d1339d157ea853bc9fec8e6795e3e035e4a11773d76cf18e791aaf5e6503db5a0391970a5e8e65ac7061ee837c006044a987c7cbb9760dd6df4450128975f0e6032cc71fc97a376422f3dd25402538bd218ad7e1a94cbba262f3e57738f3ccf1a57fcfb26e775834e8fd5af755a74d80033e88a8ffa5e1325b405ca45943d57f23fbeb149f9ec8f86862d5dad3e268cd7cb4f115d12f900c74960491f7431726c151f64ee258ff69e71746307a0211f60f24a5b27d2eea8d5af6ce83adc54a7d3538ad6374a1f36941a012281f2adba505f59df15620ca19a42d889f03f71ebf75706d3f1759a18fab65e4a1355d7ce1b064047587fe413054876f4270ccc08976be391230bda8f3a705200b6d909073a3472777fff8727f71d830d4e88acfcca4fc3fe2ea7a2d46e9851816765da18728ca5600cfed2fc097e72c15aa93d3f2d850e870060f058497ac425276f3b8b1b87974571313b3ce36e4ce9f8e6a3604765bb9a263c36cbd3310f824c535e2f0d02c12a71d5b7965e3f2370d11a9e877d7cae8432ee32d5f370073f50b0fd1b8319aa39c044d373af3468a9193c8bb11993539a741f66370b38b4b105c76b2c3103614fdcd9dd9e20474d4c8382d64fb77027e6d088dbf021bb0923f1a15f3a234efe4ac36e45844dff62935f30795aff187c2f4f0c9d48cbc131b4530cf1ed9a929d5aa1ed76ed9cb73a4f6b9ce18db2ae89662a7a2b6170a0dc9c489e797596ffea0d6b355f4e6633e6ae064386858a5cfaed24d02be0dd2720e61c3c414731b109543959874e8791c1eb482541d26dcbe7f724856490967b651c3ed570475fbd5ae30259f547f30c9732009be3c8ae5568ff30066cf53bac54b64826ea01ba58ecf900f5451e5d7e36f5e28a190e681673670358307eac6d176b40d71ed91fe9f95a1ba3bb90ca48713fd6afcf6d4e4f9b96c173bb2592ed06ccbb7cb86dd9b7016e2f4fd98c6649802840429675843e0e8837426d2c1df5e6c2a7086ad683900ab7d13e9bf1b437755ec82f095169d1f03844afeddc1a6b5d1fd185bd41164e29c942481d64923c0a5128848f5df2ba078b8021d4156f112a41ef9cac42800d09a14919130100dd991768ad464cd921d611578a6be358776678a0b3fdd6e4e43c105f3181c623b5a121259e28389e38950ac9d3627204d5ebd5412fe36ce8be034077089879e90d6f8c290ade17a3334e8deeece93fb8450d5e0b09a31dfd20ccd8fec72e6402beb9934ee523a4418e470b90a3d9b3a6bf0fae5bbc929b8b1d767065e65439ed1f3e72047e163c6e2e70f9cb1c0bf50b9e6da89f123adae4e5951cd7fca09e83efc6ffb35edcffc3855127aa660bbcbd75cbdc8bae7193784568805dfee8bb6b4176c7dd458fd85322244d9604049f71bb76c61fc53a8c7b141bc07d18239d008314764c5d46c6d479d89de8a88f189d46fd101883b0b0616409d4555dc0045cac6dbdd4b5dc53c2b7e3da2a251944cc1a018ac8c7d7798bc77c998f9d1ea9d2cb1ab5a91a0efcef51137b1cfc8a4d87656a042e177bc2cb3b9336e840b10f394f25577232bda60b72143dba926a092ac599b82a928075179d40b9b33e2b4f63aee31391818f2d7af81df1a91aa80b8b33a4d5df802c65655ad2806517f2515578aa57d39d9f00576304ab05ca86eaa5523b7d5784c575f9b9018353b063ff01a2c06e3472dad9204de4c52334f1ec4ad8960f269d509758b07e521cff74593af46bbe5694acd9b9fbac7bd88e6d851872bcb7aefc1eafc24c8c4fe151a4dee7f2eb4d65df2288cc16aadd44384db67a175fcfe304bb108de5e807ddc224e5522d7f4d52aef934fe7ffc3126c289de0a437f04b63f9c6ff3cd6fb518c616cd8c4168c9b9d229414b8c0fb1497d7939153fdaec4b565b253b192a55c32a511c8991b68288ad757e7cd2b71368cc661010539114e42e753da305136d56dda37ae6b3ed025560df5996edbe98341f2173c6ca1793d78f686411a7086d332ae0dbb13c54ca63f7b8baadfa55ac53c799f737414deb77c6fa87be6ab37ba39e446ff814de6478259c78b94836e0603cf01c440ef0db77e790c809fd16d39c51a8f49af46be4e44a41a215afcc1ef5f6b32b183a92b76ae92027e7307c02523cc85aa456f4c135c5388cce4336476bfd46a06d559b8a5f90ba177e612382d9f4d6c1964117031ec0048e95df1d926de97ee25b2e09faebc442717a56f05a200f7de52f710b4c5a3617ef92281b05c92d659888f307789ef45ea455674c8cd96d1a89bc29a62739822d3faf13b702fe4242fe6376a1df16496de6e276b70c7128c0b2cc7e0165dac08247e586ef4d8260126f84e84ea5da3cda5b1113874e3552c9043ed18fb0ade68c57b525221559cd7878312b3082e1efba83f631314dfd14d6c3365ca8b01e356d05f9c2a86e1e1da76f2581dcf8f6f8aaa405f9f1ea2e8b7c63cb3722826cf7051bb027fecfee445d34283fda3b6510afb6fce8302126f8481893b292665509f9779aebdb71dcd9276dacdfc44c45fb3b2235dfc68a07cfec48433db3dffd2a79ea55533646c7dbd111aa3c503da07f575d3f14313a81e232b9d6b6dc508f989dfc6d26c2d8e89d949667ec38aa4878e5da2c2e680c576dfc4d8b64307d57b17d2abb004490b5172384a11bf9992bf492bb25972b94d52337951bd2b3f48e1f7e5c56deb7ddcefb06cb063b82c7a567307615554c0813a93d9ea0edb20887f38e25d720c4c0bbbe8bde3419cdcb17091bc760ef7af54fbada0209e7adc920575e3766ad549a0a5334f726c7719cee9363101b1d3fff4bc1989e2302942269c6424191b4923609400f432dd2cb0a11c55b16b2b89531eadf101e608d0a3e332ddb4db1529483e8c0ef7f59e19e1a2d4f81a7e25e678f1021491f828b344c71e263e47a7cc036b6f7ec305744092bb79df283e77c26c29860c07c1606113477f2116d0cfb233721451d4af4697e4749bfc0853ce9391505a0f838ed6cad6e7f70f5b42d6265c3f9ae1e699326ee901e01c8fb8bde931e858be8c9d5b81f18593073388a4329897e540582c315cdafc8c080f8b34728d7ed4ce0364c0187dd0dcd56c2ae206b15257931b691b86640fcd6a7e38d23ad9e3dc6384807ea31074d3448badb17e2793782a93d78bbc6b4029e3e40ae1db9c5c2db15f175383d4c5d60eb58a70a5ab26f5e211d8671b86e6f3421635518f2c788d2543e24bd9368e09e1d104be4ddeeff63474139a10fec1dfdb1c18ee29091a8cf9425dc02a1bc4f9a558b7a8acc75acc7806ea15f843b452c8679ee6c66eeb2335ba76789c66622cca9a2abe63c1506f594f8bbe041865517a90e553d2c5a2f695db10d86dfc35133376b61085b15fe3d1e9518b1a8e369aaa32b83e3fc7d83d5f6619756f6ebca97fc2e4eb2155aea66ad82f625e5cf87a09db24ccb7dbb7bb10dec49af765d3856ccfe2f7620117571d3481274bbc055e3a772e1062cb28311c6cd1ad235be0279f152f3c1c452b5515ad953f1836cfbefef7e5206acb79c6f27b5103ca044d380ea951f55fb88c0c9a61c3d07ffe2b39de6f0bdf3026e5b9cfcd20b487a3061ed6a088419e9be8614a08847e288aa71fc658dffb6da2d99d9655138e77a30337c25186ed38c9ae4ddb6bafd4d9f805fb2aa6098aa8a08373555b3713581ee01976e283e80a2603ec186897a2293e83b7de36c6b311826e427040585b62e84b420655a50f9c1151b0ee8b7929b90fd12d2eb19b9c8977b37374c91205d0e2ac5cd9f1da8441aa37560165db59082be89bd2bd39a6584bdbbbad2c399176a5db1991d9abd7ff2aef088fbf255b7f6b00cf8dbf9d7589b25b26dbac0a4bfe32b414b97c4e556ca1660a18b59e4096243cfdb658d2186e059ee9e1b20817319dc9d7f1879b17b801b0b91f1fadaddec690554799dec483de8c5a0ffe22dc4e4fda00a508521290827e79d439e9a6189671709d0f73c21b81784be5cb87288e9d5eebab74095e22001b04316ee0cffab8cce71bcd33618a94f760adf2bf33a89fce13b1b516ae35ce9566842dc2539a3e122230ab34131583b4282ffab471d9b7486589e2f414920079a3b784db685923c7265f1e44ce18b69d4af34b4ba4457d087685e55a4764e3432c7a5fdf0a48843475c477d8a0f32dce6d1177de77c06a57b236fd7b9d67a8ba350b38ea3eaadbf755aa762d7d9da22085e49f989257b47f334644d02327e8962d102c3725da34cd5f4772ba8d1c45dfc570312b0eae52cebbbf9a44f46d1dab08c1111567732918d2b2165452f370bcc197e3b9a512b14cfd25299140c69a36a98e91266d9953ae1478d418b5ddb9b49ae5a6e60c02f9be1185cc4b8f0846d78df97b0b9f5e5d5b5de29094742a9cc70d808271abd447f0db916dc3921917a191c170c23e31d4d8ac82bd9446d51b876534a5e149f7a15de9c3b8edd2aefde4fe31b478dcfc80d70ebd68de62b66c9e0ff8ca13520c5d5b8a78e50c7c98c60378b6a21f259c4a79331d8f6f02e7e7569987b273"}) sendmmsg$inet(r5, &(0x7f00000018c0)=[{{&(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x10, &(0x7f0000000840)=[{&(0x7f0000000540)="c8b21535c70bafcfb7c14a094c267d78bbfc96224138193b407108dff211c0ef051da28698cb070379f6a9c1983c012143045d8234c7ba485693d80eb60f4fa424481faff49b0bee666569cd87b722da48ab6638fa1b47f3238c95b188fca41b28f0d6b34e5e46e07834c1442a4f3c00", 0x70}, {&(0x7f00000005c0)="6f323c1a74558f5cc0165158f1dbb20281f2cdeaa850e7a14d2a607b70b55eae6fbccf3b028b65d54564329adbda3ca12b1666d317f2b1c621ade62b321a20", 0x3f}, {&(0x7f00000006c0)="5e50c9a21f630f16d89a67f16cf070a320da1c7fbae7df4424ee2be5697a1501864c0c5627c38ba632b425585a97f92e070c3556fc5df964d6790211d1732aff96b4bdf2675ac730e74eaf5badcaf8a97730ae05323e2677d10c5495ec41bbf693e5bb3ab22a5219e1d3688f950b91dcbf51d16d228fd1515a1fb443c2802632d3158f9f38f4a4b07b8e6692d5a720ff5fe932f53d", 0x95}, {&(0x7f0000000600)="1a6f3b288424b934cf9ca4ec26121b96445e325909caad0df700da59a55ce717823003ee812d2c06eb415059a7b969", 0x2f}, {&(0x7f00000007c0)="7c23fba6f6b41d8167589a70c5ccb6bcf305877bc729d82a961152ab2053d5e780504e6109958a812b22ccf7848170efbc58f87e58e54e775358b02fc5e991d38b93bbf266ff86f62e", 0x49}], 0x5, &(0x7f00000008c0)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x10001}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x4}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7}}], 0x48}}, {{&(0x7f0000000640)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000940)="daa6d10daf7b3edf0a252adbb914ef9c49611bbf30250452f07e22b6db9f8b5082fc39ac4b44872a0a66a9c2f06f2b383f22b0543014f6", 0x37}], 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414bbe0000002000000001100000000000000000000000100000004000000000000005000000000000000000000000700000044083860000000000189132cffffffff0a010100ffffffffac1e00018323a10a010101e000000164010102e0000002e0000001e0000001ac1414bbac1414aa00122fe67e5ea07fe9653d39a6e04358cfc5a1ace6b66bd4f6739d6ebb227777ea9f35f7f37ec56c3cd13bbabcc25f84ad2ec13398637758d964a8acb8d236bff3e6ec605cbee080b68c19e25c12db2f12293a31397ac737821b542057d15af6b281f67f17483a6ad54df19b32d3ca1ed118804bef84102c47e5bb86b2e265977f19b04ad292add601018b7bf8ddf4f7ee28b0967a0656f5e973865bcf0aca10b13aa7"], 0x88}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000e80)="302bb7875c25dd7ea4b8b77e8081268c18ac2faccdb72b2fef8719f559142591950ad22a24a319fb4bbe1f9415db508f5a7f8c728bacb04612fe592dac27d57b175793f63159287a2d5fa7b65186a28d0fb39a3d4ae4e44ecc57982e5c616a11254546694f734066ec807fcf47fd9ebae1eb12277ebf656c01b7218b90697655efd024d7f2f67844954a73e0d647ab95ca02947c6f7306378a04b0caa6b18aad7c2740e9da4b9b62356ca3cb23df71", 0xaf}, {&(0x7f0000000f40)="f3f4c3ec9207336cae7a904b18aa21242ff9b07faaa0d90790894a40157c4caf3a8209cb38f7a162dc33d5aa188cb6f7a1b83a990c9d8ef33ba719cc34674e6228a07d3aa7a25b15e349d8414557836460dd6b3f00d9b4b70e95b67836a8093af565945425b7d84a149f9603b1297a99da5bb3b8f87b89964183f4f35da2b590b1c8df42248053e62ee561cb974394e2fb549c64d7475764aa7981820f55cb66b99d8cbcda549cfa572c37c2755ee60832f322995b38a77d865d18ed35f5a5e037ac68d6696e28c0", 0xc8}, {&(0x7f0000001040)="e57d6b43d384f2ed1b807c24e139e9e49bcb6f3b7745adc46a9872160537c7e7897c238edc36118ea64dad0997b32b0986bbb0d857e054d97695fd7df49dc8cf75cfef6384a4937f136e8f41dfb8f201bb567f53e3149f25e8bfcc502e37a480bab2be78cff0a67c0bff404a72a5b74481156d5975d2569fdfdc10e692e532caab3f4f90497b9d03d668e111af2e5e542ecd7c45c11e4ca24fde553fece76cd7ca3450d8f967014bbb8866043acf64986e76e74a0ca1a053c1a7b3c18cff932af5aeea24360e8c", 0xc7}, {&(0x7f0000001140)="fb7c838f55ba7d26787fb8186cb7d12c6842d284de51f731408083ed15c2693a7f0c5478d8ad5d4e8e0b16b5ffaa4ec94bc0c172e0713d7fcb00780a5c4f81d1b52d475595e41774d8ebd045109f9d62927b7d0fe611b917e2c7cf6d7707ece4c6d2bebc894e8a178cd7281a80f673f51904a1c6108d7398e0f51ec130c71add817dfdc3e4c66e2fb1db76ab2252e57f6f47626a495b7811454f77bb07959e2d5417c40e0eeb2b4f", 0xa8}, {&(0x7f0000001200)="4c5f1983428a45fb3d4c68cf2f", 0xd}, {&(0x7f0000001240)="5fada23b41117c895e08123bed0d18843d3e8995dd9c4ebf2abfa96dd8eea174bacfcc4cefb75ccf7531aded468100127b70cc83b329c8e06da40eb0fb2cdfecc4dc3a5f5e36a6fd3419605e5cfc4c4dd78bc72df0031160cd6796ffd4a9dce09583acb8abe11f51683b56879f3a7a76e88269e82113c920f30fdb5f87c927e67268b7a3c952e2014466d3cfe0355bb140e99e7402249b5b2c", 0x99}, {&(0x7f0000001300)="5b08bae724e27576e4b9f725f79068210fe348806cf933e14081c02aeaf34bc3e8fe94091c3d1a51ab9c968bfedefec3683dc02dcb290630880641fd068ac943d973846068983ed362a351804c4fe427e74cbc952580712e10445a4f8cf698684fdd5af71fda0666304c22f82746d2247f08e975ee39243839bf0619", 0x7c}, {&(0x7f0000001380)="e22b5191bc17bd51f8251f7b06b22c7affec2cd2b613dfb88b1940e59474f6eb60abbf50f1b9f87cccc3fe9b6e97b126231d55a2b14364bc167045c88b30fec59faeed46c8ebda622f0f01b33fbe2296647c196bfb2c38d38a0debcd06be3f058bd87734e177333ef24e254d98848b7d5147d2d5c986c62a5e568bdfe294", 0x7e}], 0x8, &(0x7f000001bc00)=[@ip_retopts={{0x68, 0x0, 0x7, {[@rr={0x7, 0x1f, 0x90, [@multicast1, @remote, @multicast1, @dev={0xac, 0x14, 0x14, 0x36}, @private=0xa010100, @remote, @empty]}, @timestamp={0x44, 0x20, 0x7c, 0x0, 0x5, [0x1, 0x3, 0x4, 0x2, 0xc7, 0x3, 0x0]}, @ssrr={0x89, 0x13, 0x8b, [@loopback, @private=0xa010102, @private=0xa010102, @empty]}, @ra={0x94, 0x4}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @broadcast}}}], 0x88}}, {{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f00000014c0)="278c7b0449879a61906636952f636e604dd6390298519951f4154a08c78be39d6c5e096b701c7e8e68b5cb8a1baad7e6b54d9693eba23d1bc543ca700736a065dd2160675d09fc09ae1b2a0c2d6d56f5e30216d8da80b0f426067578154dfc8035ede809b4b96b057427aaa6b55301b9b7bdcafe189cad9307c83ddf6aa3d1676c81e64f0ea48b453ba38ebda97de5e03104f4a260223bdd6ccd9d51d27bbf5608f9d9bb008055b5b2ef015fe5a0fd28edce2694423ab2acc7728406747040cb5dc1ddfe678f6e521e8d26caf984c34269bb43376b2d4c0cd98aaf5244b6", 0xde}], 0x1}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001600)="3c797e26be99a6c0258894fd8813fbf4cdb87f065243f505f5274a81de759247e70731d2bb565600945f83fd79f4b65ad127d5dc064eb9ff1784822a6dca48ddf8d96279da88b3bf6a55367f6ea3703f3ffdb4ea1af6b4288fadfc81117a4cf468fe46d6ac67ace67e1b5a5c0319f1cf7f18df522f8824400eaed8b50ded0a239d69af893022b29266f99917c0ecc7087821a8", 0x93}, {&(0x7f00000016c0)="d3ace6dc07fbb4c355c75c7620186730d51d3d0574b9edce3534358cd802d0c90e2ed88e2a3b8090ea3bc871193863ec775839ab0b7801201f8e24ff5d9f28dd3b831dd9bd2e072155122465043e848a41586c955f4763740979677b9a25d4a10682849e0328fd2f3a23cbd90c5dca43a7ce1079efb7869d6c63b65ace20d702fd62d696cd5d88b911c0947ba5c5ce3e1d58340429fdc19c9728ab64219ccde88e2a8ba24a51043734bce5aa9e09bd7e81f7f166aacfc2f256c62f3fab3743604edd1ec1e015610211cbc1f902205458bdeb6f002ba3acc162807b5dd906a9004460885c43e6d80763786ae0a94689c5b787", 0xf2}], 0x2}}], 0x5, 0x8000) syz_emit_ethernet(0x11a, &(0x7f0000000c80)=ANY=[@ANYBLOB="0180c200000000000000000086dd69a8190700e43a0100000000000000000000000000000001fe8000000000000000000000000000aa16000810660000000301907804000000645021f610008701fe800000000000000000000000000024200100000000000000000000000000025ded547ce3794c81bd3f38111281dabdc39f1bf321c1115599dd24a04d676790c62a855744c3cc4f84e67c313ef6756a58e5ba94a730b94002923c3d27354de57ea84d76db55e62d2d2f5072649d37746f324771a571b190e44d108e0bd47eb5d5cf25c953945b9e1d4bfae06911faf8367b09542649cacab8dc067a5a6c8282c7c60163d171cf7ed99a0d0bd8457757ab4797108f27b06b75d5c8c46b5d2ae8333da5d07d4edbc74a050d75d811956299229dcdbb63b1ccf3110c1f8140f7d3f23328451762af071f63b1cd6e3e4212701bcdb5b6a2446655b382a0cba37466c0cd1e45034eb22fbb144409db60e170e1198f2cdbf9a39a21fb274b07d0afb18f43d03fabc07c468b330f65be414509b772c7f034a7128d7b6f40d98eeb8494eef83fe1f6f37203008dcf227065d078376ce11132911050f7d2d64715"], 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x24, 0x24, 0x10, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0x2}, {0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x44888}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="64000000100003051600000000000000531588473b5afc4caf53607e77f43c0459cdafb9aca7552f62e2171172b05f08c7b49b4256711b384f8309e667fdaafe122d79243f65b91190334065ec56168207d591adfe945a370a06d0e4fe17651195af52a7904d605c741733f722652bcc43c309d8e4", @ANYBLOB="178f5de21e05b6083e65f2ffbef7fc92bf0e51ced8858a5415bad7fcef06aa59b2d49610230a3c27f60816e68a19e62b767bef13693955ab4eb7ac1a8fe7fd74a23f69acd322487ce7", @ANYRES32], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x40048d5}, 0x40044) ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x5c, 0xa, 0x0, "b75c89e7a20c8eac82ad0416bb1844038d2cd97c945462f31638b5394c00", 0x31435641}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r6 = socket(0x3, 0x800, 0x0) sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0) 3.053875886s ago: executing program 2 (id=3012): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) lseek(r4, 0x851, 0x0) 2.177023888s ago: executing program 1 (id=3015): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in, @in=@multicast2, 0x0, 0x0, 0x0, 0x3e87, 0xa}, {}, {}, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @dev}, 0x1c) 2.027252934s ago: executing program 1 (id=3016): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000002c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000500)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) 1.912432193s ago: executing program 3 (id=3017): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='ext4_es_find_extent_range_enter\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f00000010c0)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x200000, &(0x7f0000000140)={[{@user_xattr}, {@nombcache}, {@dioread_lock}, {@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3U1rG0cfAPD/ynLenycOhEB7KIYcmpJGju2+pNBDeixtaKC9p8LemGApCpYcYjfQ5NBceimhUEoDpR+g9x5Dv0A/RaANhBJMe+hFZeWVo8SSrThKrFS/H6w9s7vy7Gj2P57RSCiAkTWZ/ShEvBIR3yQRhzuOFSM/OLl+3trD63PZlkSz+emfSST5vvb5Sf77YDtTjPj1q4iThc3l1ldWF8uVSrqU56ca1StT9ZXVU5eq5YV0Ib08Mzt75u3ZmffefWdgdX3j/N/ff3L3wzNfH1/77uf7R24ncTYO5cc66/EMbnRmJmMyf07G4+wTJ04PoLBhkuz2BbAjY3mcj0fWBxyOsTzqgf++LyOiCYyoRPzDiGqPA9pz+wHNg18aDz5YnwBtrn9x/bWR2NeaGx1YSx6bGWXz3YkBlJ+V8csfd25nWwzudQiAbd24GRGni8XN/V+S9387d7qPc54sQ/8HL87dbPzzZrfxT2Fj/BNdxj8Hu8TuTmwf/4X7Ayimp2z8937X8e/GotXEWJ77X2vMN55cvFRJs77t/xFxIsb3Zvmt1nPOrN1r9jrWOf7Ltqz89lgwv477xb2PP2a+3Cg/S507PbgZ8WrX8W+y0f5Jl/bPno/zfZZxLL3zWq9j29f/+Wr+FPF61/Z/tKKVbL0+OdW6H6bad8Vmf9069luv8ne7/ln7H9i6/hNJ53pt/enL+HHfP2mvYzu9//ckn7XSe/J918qNxtJ0xJ7k4837Zx49tp1vn5/V/8Txrfu/bvf//oj4vM/63zp6q+epw9D+80/V/k+fuPfRFz/0Kr+/9n+rlTqR7+mn/+v3Ap/luQMAAAAAAIBhU4iIQ5EUShvpQqFUWn9/x9E4UKjU6o2TF2vLl+ej9VnZiRgvtFe6D3e8H2I6fz9sOz/zRH42Io5ExLdj+1v50lytMr/blQcAAAAAAAAAAAAAAAAAAIAhcbDH5/8zv4/t9tUBz52v/IbRtW38D+KbnoCh5P8/jC7xD6NL/MPoEv8wusQ/jC7xD6NL/MPoEv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAwUOfPncu25trD63NZfv7qyvJi7eqp+bS+WKouz5XmaktXSgu12kIlLc3Vqtv9vUqtdmV6JpavTTXSemOqvrJ6oVpbvty4cKlaXkgvpOMvpFYAAAAAAAAAAAAAAAAAAADwcqmvrC6WK5V0SUJiR4nicFyGxIATu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAj/wYAAP//Gis4ow==") setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000001400), 0x0, 0x386, 0x0) 1.897061525s ago: executing program 0 (id=3018): bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="85000000080000001f7000000000000085000000080000009500000000000000e135dee43f5d62cdaf5bb32c301264de232ce03ca49ba60071b592758143664bf8505b4845e336472821027a89dba77c8ea9b6ee1398ae73749be1537086ae214b648801a3f00574709ddccbce9ffab959bc042fc0dfcd37b7baa14007c92d4cf2d339d40000000000e2dbfa6211813205b5b8cbd97b7563dcbdbfba95ec64e00d93bfada6b71d91340a4508bcd72d77eba909bd6a9d45359cf11ad81000fb0f5548ced9733ca0fe9d8ca129b43551e5ca8cdad72f668dbfa9a21d9e8c4afb7203e71a4dcefc7a45ea63c8899caca26b63ddd0f7f5b45ad90b1987fee5826217fd21bb69ba143e01ccbef34bdce3099f80a5ae740c01ffa4f0a207fa54f5112a341a195af0662c97c480fce27ae5abd0dfbd0fcdcf8b8c362667a67813555101d3f6abaaea7370a50445c52f0a0354dab0acdc6955a5f2dae85280f9f5a66b411fafe99d8a79d24cc9cf88e456cc5cdd995b8269dc835191a1a94eeda37b147dde6eb00ed338864d7d9855f9ee3a194294c73491ec000000000000000000000000000000000091fda31f8843b2fa5fccec5764e0348809159211996f6fc12b6d7513a5c1c1131e8632c74b10e4f47d1e51d3c3fa8b15e503f44c545754271b9cc0e51879f577940220fbdf363b33bfae380a5b920c2fb3d32a451ce16101ba02100d02d29b7e08177645a68f5fe1ab523185b28ce1486d95af790abd262bb8c5830c796db1dd1b188337c801d7f20ba944c320ededcce65387766ec13a90a996ec8e536aff3ed29ddbec37a15501f3abe0de225a2cdc0f2288deaf3137e750c73ca286d90c36e93115031779cb6653c3a85ebb0c3d"], &(0x7f0000000140)='GPL\x00', 0x0, 0xa0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x44, 0x10, 0x0, 0xffffffffffffff81}, 0x15) 1.883335886s ago: executing program 1 (id=3019): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00') lseek(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r4, 0x4068aea3, &(0x7f0000000040)={0xc0, 0x0, 0x2000000}) r5 = userfaultfd(0x801) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x4) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) setpgid(0x0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000180)={0x7, 0x0, [{0x91d, 0x0, 0x3ff}, {0xbab, 0x0, 0x2}, {0x84d, 0x0, 0x1}, {0xc0011038}, {0xa10, 0x0, 0x5f}, {0x236, 0x0, 0x355}, {0x93b, 0x0, 0xfffffffffffffff3}]}) open(&(0x7f0000000000)='.\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x405}}}, 0x7) 1.869877371s ago: executing program 4 (id=3020): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000100)) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000030400e4ffffffffff", @ANYRES32=0x0, @ANYBLOB="e7ea010000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0) 1.700285734s ago: executing program 0 (id=3021): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f00000005c0)=""/102384, 0x18ff0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000004c0)='./file0\x00', 0x2000, 0x0, 0x20, 0x0, &(0x7f0000000000)) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) recvmmsg(r2, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000004d00)=""/4097, 0x1001}], 0x1}}], 0x2, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) getpid() pipe2$9p(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) getpid() syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x28600aa, &(0x7f0000000280)={[{@jqfmt_vfsold}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@noblock_validity}], [{@flag='nolazytime'}, {@uid_lt}, {@subj_type}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@euid_gt}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@fowner_lt}]}, 0x1, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==") ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0185879, 0x0) 1.009412513s ago: executing program 0 (id=3022): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mknod(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000540)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {&(0x7f00000003c0)=""/250, 0xfa}, {&(0x7f0000000080)=""/62, 0x3e}], 0x3, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e00000085000000500000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000370400"/20, @ANYRES32=r5, @ANYBLOB="09920700000000001c0012800b00010069703667726500000c00028008000100", @ANYRES32], 0x3c}}, 0x0) sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x82) r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0) r7 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0) 977.227734ms ago: executing program 4 (id=3023): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_FLAGS={0x8, 0x6}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 976.752708ms ago: executing program 3 (id=3024): r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8}, @ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8}]}, 0x3c}}, 0x0) 876.564101ms ago: executing program 1 (id=3025): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000000)={0xc4}) 794.05517ms ago: executing program 3 (id=3026): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x2200054, &(0x7f0000000140)={[{@minixdf}, {@nodelalloc}]}, 0x1, 0x242, &(0x7f0000000540)="$eJzs3T9oM2UcB/DvXRJf+75BX3URBBVERAvldRNcXheFgpQiIqhQEXFRWqG2uLVOLg46q3RyKeJmdZQiFBdFcKraoS6CFocWBx0il2u11oh/UnPifT5wyV3yPM/vOS7fJ1mOBGity0muJukkmU7SS1KcbnB7vV0+PtyY2llIBoNHvi+G7erj2km/S0nWk9yXZLss8lw3Wd16Yv+H3YfuenWld+fbW49PTfQkjx3s7z189NbcK+/N3rv66effzhW5mv5vzuv8FSNe6xbJjf9Gsf+Iotv0DPgr5l9694sq9zcluWOY/17K1BfvteVrtnu5580/6vv6d5/dMsm5AudvMOhV34HrA6B1yiT9FOVMknq/LGdm6t/wX3Yuls8vLb84/ezSyuIzTa9UwHnpJ3sPfnDh/Utn8v9Np84/8P9V5f/R+c2vqv2jTtOzASapyv/0U2t3R/6hdeQf2kv+ob3kH9pL/qG95B/aS/6hveQf2kv+ob3+Tv4/mtCcgMk4nX8AoF0GF5q+AxloStPrDwAAAAAAAAAAAAAAAAAA8HsbUzsLJ9ukan78RnLwQJLuqPqd4f8RJ9cOHy8eFlWzXxR1t7E8eduYA/xq8fAfdHqn4buvr/u62fqf3Nps/bXFZP3lJFe63bOfv8H1449/w5+833t6/BrjuP+xZuv/tNls/dnd5MNq/bkyav0pc/PwefT606+u35j1X/hxzAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmJ8DAAD//7lGcFk=") bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x1008}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00', r2}, 0x10) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) 750.302917ms ago: executing program 4 (id=3027): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x0, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}, @NFTA_EXTHDR_SREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 612.764693ms ago: executing program 1 (id=3028): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) sendmsg$nl_route(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000001600156f00000000000000000a0020"], 0x2c}}, 0x0) 457.248336ms ago: executing program 4 (id=3029): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000002c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000500)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) 406.315457ms ago: executing program 0 (id=3030): memfd_create(0x0, 0x0) fdatasync(0xffffffffffffffff) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) r0 = socket(0x10, 0x80002, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c00071bab0925000900070007ab08000c000000f0007e93210001c000000000000000000000000000039915fa2c1ec28670e9889bb94b46fe0000000a0002", 0xff82) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492856, 0x0) 320.497775ms ago: executing program 1 (id=3031): clock_adjtime(0x0, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0xc06855c8, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000400)={'syz_tun\x00', &(0x7f00000003c0)=@ethtool_sfeatures={0x3b, 0x1, [{}]}}) write$P9_RSTATFS(0xffffffffffffffff, &(0x7f00000004c0)={0x43}, 0x43) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) iopl(0x3) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) sendmsg$nl_route(r2, 0x0, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(r3, 0x29, 0x33, &(0x7f0000000040), 0x1a) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x0, 0x0, @empty}, 0x1c) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x0, 0x0, @mcast1}, 0x1c) syz_emit_ethernet(0x5a, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYBLOB], 0x0) 320.145587ms ago: executing program 3 (id=3032): socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$midi(&(0x7f0000000400), 0xb6, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @val=@tcx}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @local, @val={@void}, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "534ead40a3537293"}}}}, 0x0) 185.359856ms ago: executing program 0 (id=3033): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000100)) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000030400e4ffffffffffffff00", @ANYRES32=0x0, @ANYBLOB="e7ea010000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0) 149.167174ms ago: executing program 4 (id=3034): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x91}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = io_uring_setup(0x3f46, &(0x7f00000003c0)={0x0, 0x45c6, 0x8}) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r3, 0x13, &(0x7f0000000100), 0x2) 8.707976ms ago: executing program 0 (id=3035): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00') lseek(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r4, 0x4068aea3, &(0x7f0000000040)={0xc0, 0x0, 0x2000000}) r5 = userfaultfd(0x801) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x4) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) setpgid(0x0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000180)={0x7, 0x0, [{0x91d, 0x0, 0x3ff}, {0xbab, 0x0, 0x2}, {0x84d, 0x0, 0x1}, {0xc0011038}, {0xa10, 0x0, 0x5f}, {0x236, 0x0, 0x355}, {0x93b, 0x0, 0xfffffffffffffff3}]}) open(&(0x7f0000000000)='.\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x405}}}, 0x7) 0s ago: executing program 2 (id=3036): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='ext4_es_find_extent_range_enter\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f00000010c0)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x200000, &(0x7f0000000140)={[{@user_xattr}, {@nombcache}, {@dioread_lock}, {@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3U1rG0cfAPD/ynLenycOhEB7KIYcmpJGju2+pNBDeixtaKC9p8LemGApCpYcYjfQ5NBceimhUEoDpR+g9x5Dv0A/RaANhBJMe+hFZeWVo8SSrThKrFS/H6w9s7vy7Gj2P57RSCiAkTWZ/ShEvBIR3yQRhzuOFSM/OLl+3trD63PZlkSz+emfSST5vvb5Sf77YDtTjPj1q4iThc3l1ldWF8uVSrqU56ca1StT9ZXVU5eq5YV0Ib08Mzt75u3ZmffefWdgdX3j/N/ff3L3wzNfH1/77uf7R24ncTYO5cc66/EMbnRmJmMyf07G4+wTJ04PoLBhkuz2BbAjY3mcj0fWBxyOsTzqgf++LyOiCYyoRPzDiGqPA9pz+wHNg18aDz5YnwBtrn9x/bWR2NeaGx1YSx6bGWXz3YkBlJ+V8csfd25nWwzudQiAbd24GRGni8XN/V+S9387d7qPc54sQ/8HL87dbPzzZrfxT2Fj/BNdxj8Hu8TuTmwf/4X7Ayimp2z8937X8e/GotXEWJ77X2vMN55cvFRJs77t/xFxIsb3Zvmt1nPOrN1r9jrWOf7Ltqz89lgwv477xb2PP2a+3Cg/S507PbgZ8WrX8W+y0f5Jl/bPno/zfZZxLL3zWq9j29f/+Wr+FPF61/Z/tKKVbL0+OdW6H6bad8Vmf9069luv8ne7/ln7H9i6/hNJ53pt/enL+HHfP2mvYzu9//ckn7XSe/J918qNxtJ0xJ7k4837Zx49tp1vn5/V/8Txrfu/bvf//oj4vM/63zp6q+epw9D+80/V/k+fuPfRFz/0Kr+/9n+rlTqR7+mn/+v3Ap/luQMAAAAAAIBhU4iIQ5EUShvpQqFUWn9/x9E4UKjU6o2TF2vLl+ej9VnZiRgvtFe6D3e8H2I6fz9sOz/zRH42Io5ExLdj+1v50lytMr/blQcAAAAAAAAAAAAAAAAAAIAhcbDH5/8zv4/t9tUBz52v/IbRtW38D+KbnoCh5P8/jC7xD6NL/MPoEv8wusQ/jC7xD6NL/MPoEv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAwUOfPncu25trD63NZfv7qyvJi7eqp+bS+WKouz5XmaktXSgu12kIlLc3Vqtv9vUqtdmV6JpavTTXSemOqvrJ6oVpbvty4cKlaXkgvpOMvpFYAAAAAAAAAAAAAAAAAAADwcqmvrC6WK5V0SUJiR4nicFyGxIATu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAj/wYAAP//Gis4ow==") setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000001400), 0x0, 0x386, 0x0) kernel console output (not intermixed with test programs): .0.2461': attribute type 29 has an invalid length. [ 638.489434][ T5142] usb 3-1: USB disconnect, device number 31 [ 638.618410][T13482] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2466'. [ 639.210626][T11511] tipc: Subscription rejected, illegal request [ 639.495787][ T5139] kernel write not supported for file /snd/seq (pid: 5139 comm: kworker/0:3) [ 639.563872][T13508] netlink: 'syz.3.2476': attribute type 29 has an invalid length. [ 639.604791][T13508] netlink: 'syz.3.2476': attribute type 29 has an invalid length. [ 639.756217][ T5104] Bluetooth: hci4: link tx timeout [ 639.761989][ T5104] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 639.945244][ T5139] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 640.147193][ T5139] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 640.197548][ T5139] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 640.231912][ T5139] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 640.264527][ T5139] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 640.291498][ T5139] usb 3-1: config 0 descriptor?? [ 640.293880][ T29] kauditd_printk_skb: 76 callbacks suppressed [ 640.293897][ T29] audit: type=1326 audit(1720340863.448:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 640.414006][ T29] audit: type=1326 audit(1720340863.488:1718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 640.489635][ T29] audit: type=1326 audit(1720340863.498:1719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 640.515333][ T29] audit: type=1326 audit(1720340863.498:1720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 640.544464][ T29] audit: type=1326 audit(1720340863.498:1721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 640.601239][ T29] audit: type=1326 audit(1720340863.498:1722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 640.645089][ T5142] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 640.683282][ T29] audit: type=1326 audit(1720340863.498:1723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 640.714780][T13533] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2484'. [ 640.803418][ T11] tipc: Subscription rejected, illegal request [ 640.805683][ T29] audit: type=1326 audit(1720340863.508:1724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 640.835428][ T5142] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 640.870010][ T5142] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 640.899978][ T5142] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 640.902791][ T29] audit: type=1326 audit(1720340863.508:1725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 640.952478][ T5142] usb 2-1: Product: ࠝ [ 640.966160][ T5142] usb 2-1: Manufacturer: Ḩ [ 641.003900][ T29] audit: type=1326 audit(1720340863.508:1726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 641.159871][ T5104] Bluetooth: hci0: unexpected event for opcode 0x0809 [ 641.201489][T13546] loop3: detected capacity change from 0 to 64 [ 641.261826][ T5104] Bluetooth: hci0: unexpected event 0x01 length: 4 > 1 [ 641.277149][T13521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2482'. [ 641.407417][T13521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2482'. [ 641.440461][ T5104] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 641.440654][T13552] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2491'. [ 641.514672][ T5142] cdc_ncm 2-1:1.0: bind() failure [ 641.550230][ T5142] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 641.572801][ T5142] cdc_ncm 2-1:1.1: bind() failure [ 641.595834][ T5142] usb 2-1: USB disconnect, device number 44 [ 641.646800][T13556] loop3: detected capacity change from 0 to 512 [ 641.666068][T13556] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 641.693478][T13556] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 not in group (block 2)! [ 641.715609][T13556] EXT4-fs (loop3): group descriptors corrupted! [ 641.835219][ T5104] Bluetooth: hci4: command 0x0406 tx timeout [ 642.115336][ T5395] tipc: Subscription rejected, illegal request [ 642.376352][T13576] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2503'. [ 642.614404][T13584] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2505'. [ 642.649951][T13584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2505'. [ 642.692839][T13584] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2505'. [ 642.703945][ T25] usb 3-1: USB disconnect, device number 32 [ 642.785138][T13582] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2504'. [ 642.947600][T13593] loop2: detected capacity change from 0 to 1024 [ 643.042935][T13593] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 643.206705][T12106] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 643.566913][ T5395] tipc: Subscription rejected, illegal request [ 643.574874][ T5105] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 643.765253][T13622] debugfs: Directory 'C|+i!3rU&6 bOo '1©|y' with parent 'ieee80211' already present! [ 643.865429][ T5140] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 643.905310][ T9] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 644.086961][ T5140] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 644.100702][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 644.122070][ T5140] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 644.147553][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 644.163616][ T5140] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 644.182361][ T5140] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.201578][T13632] netlink: 'syz.0.2522': attribute type 10 has an invalid length. [ 644.202837][ T5140] usb 3-1: config 0 descriptor?? [ 644.225246][T13632] netlink: 'syz.0.2522': attribute type 10 has an invalid length. [ 644.255261][ T9] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 644.274195][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.291193][ T9] usb 5-1: Product: syz [ 644.307982][ T9] usb 5-1: Manufacturer: syz [ 644.334704][ T9] usb 5-1: SerialNumber: syz [ 644.357441][ T9] usb 5-1: config 0 descriptor?? [ 644.374559][T13621] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 644.419912][ T9] hub 5-1:0.0: bad descriptor, ignoring hub [ 644.435227][ T9] hub 5-1:0.0: probe with driver hub failed with error -5 [ 644.455296][ T9] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input17 [ 644.694915][ T5142] usb 5-1: USB disconnect, device number 33 [ 644.695057][ C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 644.998927][T13646] __nla_validate_parse: 1 callbacks suppressed [ 644.998955][T13646] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2525'. [ 645.560559][T13653] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2529'. [ 645.833010][ T11] tipc: Subscription rejected, illegal request [ 646.181705][T13668] loop4: detected capacity change from 0 to 64 [ 646.614657][ T5142] usb 3-1: USB disconnect, device number 33 [ 646.875866][T11705] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 647.079319][T11705] usb 4-1: Using ep0 maxpacket: 32 [ 647.081506][T11705] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 647.086635][T11705] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 647.086666][T11705] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.086690][T11705] usb 4-1: Product: syz [ 647.086707][T11705] usb 4-1: Manufacturer: syz [ 647.086724][T11705] usb 4-1: SerialNumber: syz [ 647.089433][T11705] usb 4-1: config 0 descriptor?? [ 647.090336][T13678] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 647.091847][T11705] hub 4-1:0.0: bad descriptor, ignoring hub [ 647.091880][T11705] hub 4-1:0.0: probe with driver hub failed with error -5 [ 647.096692][T11705] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input18 [ 647.338662][ T9] usb 4-1: USB disconnect, device number 32 [ 647.338745][ C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 647.467075][T13692] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2542'. [ 648.383587][ T11] tipc: Subscription rejected, illegal request [ 648.386390][T13694] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2543'. [ 649.155276][ T5105] Bluetooth: hci1: command 0x0406 tx timeout [ 649.644828][T13714] loop3: detected capacity change from 0 to 1024 [ 649.645789][T13714] EXT4-fs: Ignoring removed oldalloc option [ 649.659658][T13714] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 649.714415][T13714] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 649.835008][ T29] kauditd_printk_skb: 50 callbacks suppressed [ 649.835026][ T29] audit: type=1804 audit(1720340872.987:1777): pid=13723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2552" name="/newroot/89/file1/file1" dev="loop3" ino=15 res=1 errno=0 [ 650.072061][T12324] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 650.195592][ T5142] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 650.228284][T13731] loop3: detected capacity change from 0 to 512 [ 650.252958][T13731] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 650.254443][T13732] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2558'. [ 650.272231][T13731] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 not in group (block 2)! [ 650.283556][T13731] EXT4-fs (loop3): group descriptors corrupted! [ 650.396169][ T5142] usb 5-1: Using ep0 maxpacket: 32 [ 650.695523][ T5142] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 651.041376][ T5142] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 651.285453][ T5142] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 651.293505][ T5142] usb 5-1: Product: syz [ 651.345372][ T5142] usb 5-1: Manufacturer: syz [ 651.350014][ T5142] usb 5-1: SerialNumber: syz [ 651.426323][ T5142] usb 5-1: config 0 descriptor?? [ 651.524233][T13726] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 651.546541][ T5142] hub 5-1:0.0: bad descriptor, ignoring hub [ 651.568301][ T5142] hub 5-1:0.0: probe with driver hub failed with error -5 [ 651.602224][ T5142] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input19 [ 651.704356][ T12] tipc: Subscription rejected, illegal request [ 651.853145][ T926] usb 5-1: USB disconnect, device number 34 [ 651.853313][ C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 652.661757][T13768] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2569'. [ 652.661787][T13768] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2569'. [ 653.806699][ T12] tipc: Subscription rejected, illegal request [ 654.312957][T13798] loop2: detected capacity change from 0 to 64 [ 654.605749][ T5142] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 654.681029][ T5104] Bluetooth: hci4: unexpected event for opcode 0x0809 [ 654.759512][T13803] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2583'. [ 654.785574][T11705] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 654.809501][T13803] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2583'. [ 654.826114][ T5142] usb 5-1: Using ep0 maxpacket: 32 [ 654.875666][ T5142] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 654.918010][ T5142] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 654.943233][ T5142] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 654.967997][ T5142] usb 5-1: Product: syz [ 654.972206][ T5142] usb 5-1: Manufacturer: syz [ 654.985419][ T5142] usb 5-1: SerialNumber: syz [ 655.006398][ T5142] usb 5-1: config 0 descriptor?? [ 655.011620][T11705] usb 3-1: Using ep0 maxpacket: 8 [ 655.019317][T11705] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 655.028842][T13797] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 655.036222][T11705] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 655.065514][T11705] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 655.088478][ T5142] hub 5-1:0.0: bad descriptor, ignoring hub [ 655.094477][ T5142] hub 5-1:0.0: probe with driver hub failed with error -5 [ 655.103927][T11705] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 655.130946][ T5142] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input20 [ 655.140165][T11705] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 655.160057][T11705] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 655.207144][T11705] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 655.235483][T11705] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 655.261553][T11705] usbtmc 3-1:16.0: probe with driver usbtmc failed with error -22 [ 655.351523][ T61] tipc: Subscription rejected, illegal request [ 655.376618][T13821] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2592'. [ 655.401419][ T9] usb 5-1: USB disconnect, device number 35 [ 655.401486][ C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 655.416889][T13821] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2592'. [ 655.425921][T13821] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2592'. [ 655.910955][ T5104] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 655.932332][T13839] program syz.3.2599 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 656.863844][T13854] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2603'. [ 656.876647][T13854] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2603'. [ 656.915150][T13854] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2603'. [ 657.177396][ T12] tipc: Subscription rejected, illegal request [ 658.628288][ T9] usb 3-1: USB disconnect, device number 34 [ 658.866217][ T5105] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 658.997364][T13882] loop2: detected capacity change from 0 to 1024 [ 659.089481][T13882] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 659.193912][T13896] loop3: detected capacity change from 0 to 64 [ 659.318803][T12106] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 660.152527][T13914] program syz.0.2624 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 661.025568][ T12] tipc: Subscription rejected, illegal request [ 662.295477][T13922] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2627'. [ 662.295505][T13922] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2627'. [ 662.368572][ T29] audit: type=1326 audit(1720340885.527:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.3.2629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 662.373578][ T29] audit: type=1326 audit(1720340885.527:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.3.2629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 662.379985][ T29] audit: type=1326 audit(1720340885.537:1780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.3.2629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 662.401573][ C0] vkms_vblank_simulate: vblank timer overrun [ 662.556008][ T5142] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 662.572720][ T29] audit: type=1326 audit(1720340885.627:1781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.3.2629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 662.572759][ T29] audit: type=1326 audit(1720340885.627:1782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.3.2629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 662.749667][ T5140] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 662.758132][ T5142] usb 5-1: Using ep0 maxpacket: 8 [ 662.818183][T13934] loop2: detected capacity change from 0 to 64 [ 662.854339][ T5142] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 662.878920][ T5142] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 662.909646][ T5142] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 662.935752][ T5142] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 662.954226][ T5140] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 662.955744][ T5142] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 662.983306][ T5140] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 662.995723][ T5142] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 663.001897][ T5140] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.004778][ T5142] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.044084][ T5140] usb 4-1: Product: ࠝ [ 663.056501][ T5140] usb 4-1: Manufacturer: Ḩ [ 663.065287][T13939] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2634'. [ 663.084727][T13939] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2634'. [ 663.095306][T13939] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2634'. [ 663.305756][ T5142] usb 5-1: usb_control_msg returned -71 [ 663.311399][ T5142] usbtmc 5-1:16.0: can't read capabilities [ 663.337987][T13928] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2629'. [ 663.346926][ T29] audit: type=1326 audit(1720340886.487:1783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.3.2629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 663.407294][T13928] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2629'. [ 663.429238][ T5142] usb 5-1: USB disconnect, device number 36 [ 663.457311][ T5104] Bluetooth: hci4: Unknown advertising packet type: 0x14 [ 663.458571][ T29] audit: type=1326 audit(1720340886.487:1784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.3.2629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 663.506146][ T9] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 663.514264][ T5140] cdc_ncm 4-1:1.0: bind() failure [ 663.533614][ T5140] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 663.573690][ T29] audit: type=1326 audit(1720340886.487:1785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.3.2629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 663.575968][ T5140] cdc_ncm 4-1:1.1: bind() failure [ 663.785954][ T29] audit: type=1326 audit(1720340886.487:1786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.3.2629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 663.816183][ T29] audit: type=1326 audit(1720340886.487:1787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.3.2629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 663.848370][ T5140] usb 4-1: USB disconnect, device number 33 [ 663.887952][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 663.890178][ T9] usb 1-1: config 137 has an invalid interface number: 211 but max is 0 [ 663.890236][ T9] usb 1-1: config 137 has no interface number 0 [ 663.890282][ T9] usb 1-1: config 137 interface 211 altsetting 233 has an invalid descriptor for endpoint zero, skipping [ 663.890311][ T9] usb 1-1: config 137 interface 211 altsetting 233 endpoint 0x8E has an invalid bInterval 127, changing to 10 [ 663.890344][ T9] usb 1-1: config 137 interface 211 altsetting 233 has an invalid descriptor for endpoint zero, skipping [ 663.890371][ T9] usb 1-1: config 137 interface 211 altsetting 233 endpoint 0x9 has an invalid bInterval 72, changing to 7 [ 663.890404][ T9] usb 1-1: config 137 interface 211 has no altsetting 0 [ 663.894722][ T9] usb 1-1: string descriptor 0 read error: -22 [ 664.337952][ T9] usb 1-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=8f.d5 [ 664.347412][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.362962][T13943] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 664.372651][ T9] ums_eneub6250 1-1:137.211: USB Mass Storage device detected [ 664.674740][T13962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2640'. [ 664.674767][T13962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2640'. [ 664.783776][ T5104] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 664.794139][ T5104] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 664.854089][ T5105] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 664.927552][ T5172] usb 1-1: USB disconnect, device number 39 [ 665.830375][T13988] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2647'. [ 666.421028][T14015] program syz.0.2655 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 666.506227][ T9] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 666.905970][ T9] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 667.075604][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 667.308216][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.318458][ T9] usb 3-1: Product: ࠝ [ 667.326007][ T9] usb 3-1: Manufacturer: Ḩ [ 667.519320][ T5105] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 667.567936][ T29] kauditd_printk_skb: 66 callbacks suppressed [ 667.567956][ T29] audit: type=1326 audit(1720340890.727:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13997 comm="syz.2.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 667.568010][ T29] audit: type=1326 audit(1720340890.727:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13997 comm="syz.2.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 667.625519][ T29] audit: type=1326 audit(1720340890.777:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13997 comm="syz.2.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 667.625633][ T29] audit: type=1326 audit(1720340890.777:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13997 comm="syz.2.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 667.626841][ T29] audit: type=1326 audit(1720340890.787:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13997 comm="syz.2.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 667.626895][ T29] audit: type=1326 audit(1720340890.787:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13997 comm="syz.2.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 667.626963][ T29] audit: type=1326 audit(1720340890.787:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13997 comm="syz.2.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 667.627724][T14030] __nla_validate_parse: 4 callbacks suppressed [ 667.627762][T14030] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2662'. [ 667.627839][T14030] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2662'. [ 667.627939][T14030] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2662'. [ 667.636953][ T29] audit: type=1326 audit(1720340890.797:1861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13997 comm="syz.2.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 667.637008][ T29] audit: type=1326 audit(1720340890.797:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13997 comm="syz.2.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 667.637078][ T29] audit: type=1326 audit(1720340890.797:1863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13997 comm="syz.2.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 667.656748][T14003] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2652'. [ 667.667605][ T5105] Bluetooth: hci1: Unknown advertising packet type: 0x14 [ 667.736904][ T9] cdc_ncm 3-1:1.0: bind() failure [ 667.741136][ T9] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 667.741186][ T9] cdc_ncm 3-1:1.1: bind() failure [ 667.755447][ T9] usb 3-1: USB disconnect, device number 35 [ 668.056840][ C0] vkms_vblank_simulate: vblank timer overrun [ 668.091656][ C0] vkms_vblank_simulate: vblank timer overrun [ 668.341421][ C0] vkms_vblank_simulate: vblank timer overrun [ 669.133655][T14062] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2675'. [ 669.133697][T14062] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2675'. [ 669.133710][T14062] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2675'. [ 670.087147][T14079] snd_dummy snd_dummy.0: control 0:1025:0:syz1:4 is already present [ 671.181402][T14096] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2686'. [ 671.240724][T14096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2686'. [ 671.299558][T14096] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2686'. [ 671.933625][T14107] overlayfs: failed to resolve './file1': -2 [ 673.305114][ T5105] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 673.324818][T14118] netlink: 'syz.1.2695': attribute type 2 has an invalid length. [ 673.383991][T14118] __nla_validate_parse: 1 callbacks suppressed [ 673.416022][T14118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2695'. [ 673.416301][T14122] netlink: 'syz.1.2695': attribute type 1 has an invalid length. [ 673.416324][T14122] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2695'. [ 673.430279][T14118] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2695'. [ 673.538660][T14122] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2695'. [ 673.779875][T14130] netlink: 'syz.1.2697': attribute type 3 has an invalid length. [ 673.779900][T14130] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2697'. [ 674.276617][ T5105] Bluetooth: hci5: unexpected event 0x2f length: 763 > 260 [ 674.425234][T14142] loop3: detected capacity change from 0 to 1024 [ 674.425822][T14142] EXT4-fs: Ignoring removed oldalloc option [ 674.429664][T14142] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 674.448231][T14142] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 674.474140][T14139] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2700'. [ 674.474172][T14139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2700'. [ 674.474183][T14139] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2700'. [ 674.484664][ T29] kauditd_printk_skb: 33 callbacks suppressed [ 674.484679][ T29] audit: type=1804 audit(1720340897.637:1897): pid=14142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2701" name="/newroot/111/file1/file1" dev="loop3" ino=15 res=1 errno=0 [ 674.532351][T12324] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 674.679548][T14140] debugfs: Directory 'C|+i!3rU&6 bOo '1©|y' with parent 'ieee80211' already present! [ 674.834291][T14154] overlayfs: failed to resolve './file1': -2 [ 676.109158][T14160] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2706'. [ 676.342244][T14165] netlink: 'syz.2.2708': attribute type 3 has an invalid length. [ 676.342269][T14165] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2708'. [ 676.353214][T14166] netlink: 'syz.1.2707': attribute type 2 has an invalid length. [ 676.354123][T14166] netlink: 'syz.1.2707': attribute type 1 has an invalid length. [ 676.562682][ T29] audit: type=1326 audit(1720340899.716:1898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14168 comm="syz.3.2709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 676.562732][ T29] audit: type=1326 audit(1720340899.716:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14168 comm="syz.3.2709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 676.563377][ T29] audit: type=1326 audit(1720340899.716:1900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14168 comm="syz.3.2709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 676.563532][ T29] audit: type=1326 audit(1720340899.716:1901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14168 comm="syz.3.2709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 676.563798][ T29] audit: type=1326 audit(1720340899.716:1902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14168 comm="syz.3.2709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 676.575021][ T29] audit: type=1326 audit(1720340899.726:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14168 comm="syz.3.2709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 676.575202][ T29] audit: type=1326 audit(1720340899.726:1904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14168 comm="syz.3.2709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 676.575364][ T29] audit: type=1326 audit(1720340899.726:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14168 comm="syz.3.2709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 676.575557][ T29] audit: type=1326 audit(1720340899.726:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14168 comm="syz.3.2709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6851f75bd9 code=0x7ffc0000 [ 676.939031][ T25] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 677.250636][ T25] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 677.255567][ T25] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 677.255599][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.255623][ T25] usb 4-1: Product: ࠝ [ 677.255641][ T25] usb 4-1: Manufacturer: Ḩ [ 677.391969][ C0] vkms_vblank_simulate: vblank timer overrun [ 677.495064][ C0] vkms_vblank_simulate: vblank timer overrun [ 677.611992][T14183] loop2: detected capacity change from 0 to 1024 [ 677.612745][T14183] EXT4-fs: Ignoring removed oldalloc option [ 677.640770][T14183] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 677.684096][ T5105] Bluetooth: hci4: Unknown advertising packet type: 0x14 [ 677.698966][T14183] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 677.739322][ T25] cdc_ncm 4-1:1.0: bind() failure [ 677.743690][ T25] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 677.743757][ T25] cdc_ncm 4-1:1.1: bind() failure [ 677.756746][ T25] usb 4-1: USB disconnect, device number 34 [ 677.951120][T12106] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 678.143777][T14191] loop2: detected capacity change from 0 to 1024 [ 678.160891][T14191] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 678.224219][T12106] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 678.633551][T14205] netlink: 'syz.0.2718': attribute type 5 has an invalid length. [ 678.642430][T14205] __nla_validate_parse: 8 callbacks suppressed [ 678.642446][T14205] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2718'. [ 678.928017][T14215] netlink: 'syz.3.2720': attribute type 3 has an invalid length. [ 678.948400][T14215] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2720'. [ 679.028592][T14217] netlink: 'syz.1.2721': attribute type 2 has an invalid length. [ 679.066440][T14217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2721'. [ 679.105366][T14217] netlink: 'syz.1.2721': attribute type 1 has an invalid length. [ 679.150625][T14217] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2721'. [ 679.207481][T14219] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2721'. [ 679.312329][T14217] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2721'. [ 679.415480][T14223] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2722'. [ 679.673266][ T5105] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 679.804009][ T5105] Bluetooth: hci3: unexpected event 0x01 length: 4 > 1 [ 680.142219][T14236] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2725'. [ 680.173251][T14236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2725'. [ 680.194802][T14236] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2725'. [ 680.456916][ T29] kauditd_printk_skb: 91 callbacks suppressed [ 680.456929][ T29] audit: type=1326 audit(1720340903.626:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14240 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 680.548497][ T29] audit: type=1326 audit(1720340903.646:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14240 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 680.611411][ T29] audit: type=1326 audit(1720340903.656:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14240 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 680.656557][ T29] audit: type=1326 audit(1720340903.656:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14240 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 680.722238][ T29] audit: type=1326 audit(1720340903.656:2002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14240 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 680.750475][ T29] audit: type=1326 audit(1720340903.656:2003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14240 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 680.820628][ T5139] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 680.882469][ T29] audit: type=1326 audit(1720340903.656:2004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14240 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 680.945822][ T29] audit: type=1326 audit(1720340903.656:2005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14240 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 680.981102][T14258] netlink: 'syz.4.2732': attribute type 3 has an invalid length. [ 681.030772][ T5139] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 681.070629][ T5139] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 681.070753][ T29] audit: type=1326 audit(1720340903.656:2006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14240 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 681.117983][T14260] netlink: 'syz.2.2733': attribute type 5 has an invalid length. [ 681.160535][ T5139] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 681.203737][ T29] audit: type=1326 audit(1720340903.656:2007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14240 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4c575bd9 code=0x7ffc0000 [ 681.209447][ T5139] usb 2-1: Product: ࠝ [ 681.240740][ T5139] usb 2-1: Manufacturer: Ḩ [ 681.633600][ T5139] cdc_ncm 2-1:1.0: bind() failure [ 681.655225][ T5139] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 681.669139][ T5139] cdc_ncm 2-1:1.1: bind() failure [ 681.694302][ T5139] usb 2-1: USB disconnect, device number 45 [ 682.244175][ T5105] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 682.316374][ T5105] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 682.669893][T14292] capability: warning: `syz.0.2741' uses 32-bit capabilities (legacy support in use) [ 683.651822][T14321] netlink: 'syz.3.2750': attribute type 5 has an invalid length. [ 683.670266][T14321] __nla_validate_parse: 4 callbacks suppressed [ 683.670285][T14321] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2750'. [ 684.393269][T14329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2752'. [ 685.636426][ T5139] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 686.461176][T14326] Bluetooth: hci4: command 0x0406 tx timeout [ 686.481602][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.496424][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.558327][ T5139] usb 5-1: Using ep0 maxpacket: 32 [ 686.636561][ T5139] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 686.703702][T14367] input: syz1 as /devices/virtual/input/input21 [ 686.709970][ T5139] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 686.710004][ T5139] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 686.710030][ T5139] usb 5-1: Product: syz [ 686.710048][ T5139] usb 5-1: Manufacturer: syz [ 686.710074][ T5139] usb 5-1: SerialNumber: syz [ 686.750282][ T5139] usb 5-1: config 0 descriptor?? [ 686.792255][T14342] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 686.865841][ T5139] hub 5-1:0.0: bad descriptor, ignoring hub [ 686.881097][ T5139] hub 5-1:0.0: probe with driver hub failed with error -5 [ 686.916756][ T5139] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input22 [ 687.170492][T14374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2766'. [ 687.190800][ C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 687.190822][ T5142] usb 5-1: USB disconnect, device number 37 [ 687.508720][T14378] loop3: detected capacity change from 0 to 1024 [ 687.570372][T14378] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 687.722234][T12324] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 688.230169][T14394] netlink: 'syz.1.2770': attribute type 5 has an invalid length. [ 688.250255][T14394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2770'. [ 689.610706][ T5105] Bluetooth: hci5: unexpected event 0x01 length: 4 > 1 [ 690.938466][T14435] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2784'. [ 690.954420][T14435] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2784'. [ 690.963781][T14435] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2784'. [ 691.169118][T14439] loop3: detected capacity change from 0 to 1024 [ 691.176296][T14439] EXT4-fs: Ignoring removed orlov option [ 691.228601][T14439] EXT4-fs: Ignoring removed nomblk_io_submit option [ 691.267834][T14439] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 691.637420][ T5105] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 691.670507][T14466] netlink: 'syz.0.2796': attribute type 29 has an invalid length. [ 691.707008][T14466] netlink: 'syz.0.2796': attribute type 29 has an invalid length. [ 691.727190][T14466] netlink: 'syz.0.2796': attribute type 29 has an invalid length. [ 691.783634][ T5105] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 691.912806][T12324] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 692.130538][T14476] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2799'. [ 692.176810][T14476] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2799'. [ 692.226911][T14476] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2799'. [ 693.117914][T14507] netlink: 'syz.1.2808': attribute type 29 has an invalid length. [ 693.137252][T14507] netlink: 'syz.1.2808': attribute type 29 has an invalid length. [ 693.147372][T14507] netlink: 'syz.1.2808': attribute type 29 has an invalid length. [ 693.166574][ T29] kauditd_printk_skb: 71 callbacks suppressed [ 693.166592][ T29] audit: type=1326 audit(1720340916.326:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14504 comm="syz.2.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 693.251540][ T29] audit: type=1326 audit(1720340916.356:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14504 comm="syz.2.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 693.328571][ T29] audit: type=1326 audit(1720340916.366:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14504 comm="syz.2.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 693.353934][ T29] audit: type=1326 audit(1720340916.366:2082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14504 comm="syz.2.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 693.416791][ T29] audit: type=1326 audit(1720340916.366:2083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14504 comm="syz.2.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 693.444671][T14524] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2813'. [ 693.470896][ T29] audit: type=1326 audit(1720340916.366:2084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14504 comm="syz.2.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 693.496953][T14524] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2813'. [ 693.504194][ T5139] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 693.515470][ T5105] Bluetooth: hci5: unexpected event 0x01 length: 4 > 1 [ 693.526882][T14524] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2813'. [ 693.542975][ T29] audit: type=1326 audit(1720340916.366:2085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14504 comm="syz.2.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 693.592780][ T29] audit: type=1326 audit(1720340916.366:2086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14504 comm="syz.2.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 693.619496][ T29] audit: type=1326 audit(1720340916.366:2087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14504 comm="syz.2.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 693.642759][ T29] audit: type=1326 audit(1720340916.366:2088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14504 comm="syz.2.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 693.742751][ T5139] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 693.767869][ T5139] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 693.796661][ T5139] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.815035][ T5139] usb 3-1: Product: ࠝ [ 693.830851][ T5139] usb 3-1: Manufacturer: Ḩ [ 693.956345][T14536] netlink: 'syz.1.2818': attribute type 3 has an invalid length. [ 694.378289][T14550] netlink: 'syz.1.2822': attribute type 29 has an invalid length. [ 694.381140][T14509] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2809'. [ 694.777732][T14550] netlink: 'syz.1.2822': attribute type 29 has an invalid length. [ 695.340030][T14553] netlink: 'syz.1.2822': attribute type 29 has an invalid length. [ 695.442082][ T5139] cdc_ncm 3-1:1.0: bind() failure [ 695.482754][ T5139] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 695.511030][ T5139] cdc_ncm 3-1:1.1: bind() failure [ 695.524432][ T5139] usb 3-1: USB disconnect, device number 36 [ 695.847941][T14569] 9pnet: Could not find request transport: fd0x0000000000000004 [ 696.086942][ T5105] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 696.098832][ T5105] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 696.100727][ T5105] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 696.172011][ T5105] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 696.308909][T14596] sysfs: cannot create duplicate filename '/class/ieee80211/C|+i!3rU&6 bOo '1©|y' [ 696.345218][T14596] CPU: 1 UID: 0 PID: 14596 Comm: syz.1.2831 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 696.355499][T14596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 696.365577][T14596] Call Trace: [ 696.368889][T14596] [ 696.371864][T14596] dump_stack_lvl+0x241/0x360 [ 696.376606][T14596] ? __pfx_dump_stack_lvl+0x10/0x10 [ 696.381866][T14596] ? __pfx__printk+0x10/0x10 [ 696.386510][T14596] ? sysfs_warn_dup+0x51/0xa0 [ 696.391237][T14596] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 696.396875][T14596] sysfs_warn_dup+0x8e/0xa0 [ 696.401414][T14596] sysfs_do_create_link_sd+0xbe/0x110 [ 696.406808][T14596] device_add_class_symlinks+0x1c5/0x250 [ 696.412454][T14596] device_add+0x553/0xbf0 [ 696.416794][T14596] wiphy_register+0x1d3f/0x2b30 [ 696.421675][T14596] ? __pfx_wiphy_register+0x10/0x10 [ 696.426880][T14596] ? minstrel_ht_alloc+0x72b/0x860 [ 696.432005][T14596] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 696.438096][T14596] ieee80211_register_hw+0x304a/0x3d30 [ 696.443603][T14596] ? ieee80211_register_hw+0x1081/0x3d30 [ 696.449266][T14596] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 696.455099][T14596] ? __asan_memset+0x23/0x50 [ 696.459698][T14596] ? __hrtimer_init+0x170/0x250 [ 696.464571][T14596] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 696.470329][T14596] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 696.476402][T14596] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 696.483002][T14596] ? kstrndup+0x5c/0xb0 [ 696.487170][T14596] ? __asan_memcpy+0x40/0x70 [ 696.491766][T14596] hwsim_new_radio_nl+0xe4c/0x21d0 [ 696.496903][T14596] ? __pfx___nla_validate_parse+0x10/0x10 [ 696.502689][T14596] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 696.508268][T14596] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 696.514606][T14596] genl_rcv_msg+0xb14/0xec0 [ 696.519132][T14596] ? mark_lock+0x9a/0x360 [ 696.523480][T14596] ? __pfx_genl_rcv_msg+0x10/0x10 [ 696.528550][T14596] ? __pfx_lock_acquire+0x10/0x10 [ 696.533585][T14596] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 696.539154][T14596] ? __pfx___might_resched+0x10/0x10 [ 696.544463][T14596] netlink_rcv_skb+0x1e3/0x430 [ 696.549248][T14596] ? __pfx_genl_rcv_msg+0x10/0x10 [ 696.554290][T14596] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 696.559606][T14596] ? __netlink_deliver_tap+0x77e/0x7c0 [ 696.565087][T14596] genl_rcv+0x28/0x40 [ 696.569092][T14596] netlink_unicast+0x7f0/0x990 [ 696.573882][T14596] ? __pfx_netlink_unicast+0x10/0x10 [ 696.579190][T14596] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 696.584665][T14596] ? __check_object_size+0x49c/0x900 [ 696.589961][T14596] ? bpf_lsm_netlink_send+0x9/0x10 [ 696.595085][T14596] netlink_sendmsg+0x8e4/0xcb0 [ 696.599872][T14596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 696.605164][T14596] ? __import_iovec+0x536/0x820 [ 696.610025][T14596] ? aa_sock_msg_perm+0x91/0x160 [ 696.614973][T14596] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 696.620272][T14596] ? security_socket_sendmsg+0x87/0xb0 [ 696.625748][T14596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 696.631036][T14596] __sock_sendmsg+0x221/0x270 [ 696.635732][T14596] ____sys_sendmsg+0x525/0x7d0 [ 696.640519][T14596] ? __pfx_____sys_sendmsg+0x10/0x10 [ 696.645849][T14596] __sys_sendmsg+0x2b0/0x3a0 [ 696.650461][T14596] ? __pfx___sys_sendmsg+0x10/0x10 [ 696.655627][T14596] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 696.661967][T14596] ? do_syscall_64+0x100/0x230 [ 696.666738][T14596] ? do_syscall_64+0xb6/0x230 [ 696.671421][T14596] do_syscall_64+0xf3/0x230 [ 696.675928][T14596] ? clear_bhb_loop+0x35/0x90 [ 696.680617][T14596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.686536][T14596] RIP: 0033:0x7fae4c575bd9 [ 696.690961][T14596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 696.710590][T14596] RSP: 002b:00007fae4d390048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 696.719025][T14596] RAX: ffffffffffffffda RBX: 00007fae4c704038 RCX: 00007fae4c575bd9 [ 696.727001][T14596] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 696.734971][T14596] RBP: 00007fae4c5e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 696.742948][T14596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 696.750924][T14596] R13: 000000000000006e R14: 00007fae4c704038 R15: 00007fff44276958 [ 696.758916][T14596] [ 697.433449][T14614] loop4: detected capacity change from 0 to 1024 [ 697.484100][T14614] EXT4-fs: Ignoring removed oldalloc option [ 697.534599][T14614] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 697.569273][T14616] 9pnet: Could not find request transport: fd0x0000000000000004 [ 698.548022][T14614] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 698.913851][ T29] kauditd_printk_skb: 54 callbacks suppressed [ 698.913871][ T29] audit: type=1804 audit(1720340922.076:2143): pid=14633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2837" name="/newroot/106/file1/file1" dev="loop4" ino=15 res=1 errno=0 [ 699.014175][ T29] audit: type=1326 audit(1720340922.116:2144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14634 comm="syz.0.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f3175bd9 code=0x7ffc0000 [ 699.085809][T14641] validate_nla: 4 callbacks suppressed [ 699.085830][T14641] netlink: 'syz.2.2845': attribute type 29 has an invalid length. [ 699.112907][ T29] audit: type=1326 audit(1720340922.116:2145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14634 comm="syz.0.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f3175bd9 code=0x7ffc0000 [ 699.171114][T14641] netlink: 'syz.2.2845': attribute type 29 has an invalid length. [ 699.234875][ T29] audit: type=1326 audit(1720340922.166:2146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14634 comm="syz.0.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f48f3175bd9 code=0x7ffc0000 [ 699.235706][T14644] netlink: 'syz.2.2845': attribute type 29 has an invalid length. [ 699.268051][T12461] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 699.296251][ T29] audit: type=1326 audit(1720340922.166:2147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14634 comm="syz.0.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f3175bd9 code=0x7ffc0000 [ 699.328177][ T8] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 699.341364][T14646] netlink: 'syz.2.2845': attribute type 29 has an invalid length. [ 699.396817][ T29] audit: type=1326 audit(1720340922.166:2148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14634 comm="syz.0.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f48f3175bd9 code=0x7ffc0000 [ 699.507231][ T29] audit: type=1326 audit(1720340922.166:2149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14634 comm="syz.0.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f3175bd9 code=0x7ffc0000 [ 699.547597][ T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 699.629644][ T29] audit: type=1326 audit(1720340922.166:2150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14634 comm="syz.0.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f3175bd9 code=0x7ffc0000 [ 699.669391][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 699.730390][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 699.734082][ T29] audit: type=1326 audit(1720340922.166:2151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14634 comm="syz.0.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f48f3175bd9 code=0x7ffc0000 [ 699.796902][ T8] usb 1-1: Product: ࠝ [ 699.801105][ T8] usb 1-1: Manufacturer: Ḩ [ 699.902553][ T29] audit: type=1326 audit(1720340922.166:2152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14634 comm="syz.0.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f3175bd9 code=0x7ffc0000 [ 700.136555][T14639] __nla_validate_parse: 3 callbacks suppressed [ 700.136569][T14639] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2843'. [ 700.360493][ T8] cdc_ncm 1-1:1.0: bind() failure [ 700.364616][ T8] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 700.364678][ T8] cdc_ncm 1-1:1.1: bind() failure [ 700.391232][ T8] usb 1-1: USB disconnect, device number 40 [ 700.437057][ T5105] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 700.834013][T14675] vhci_hcd: invalid port number 63 [ 700.834082][T14675] vhci_hcd: default hub control req: 0500 v0020 i003f l76 [ 702.798672][T14685] loop4: detected capacity change from 0 to 512 [ 702.897041][T14685] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz.4.2855: corrupted in-inode xattr: invalid ea_ino [ 702.897375][T14685] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz.4.2855: couldn't read orphan inode 15 (err -117) [ 702.908761][T14685] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 702.910783][T14693] netlink: 'syz.0.2859': attribute type 29 has an invalid length. [ 702.911214][T14693] netlink: 'syz.0.2859': attribute type 29 has an invalid length. [ 702.912570][T14693] netlink: 'syz.0.2859': attribute type 29 has an invalid length. [ 702.912885][T14693] netlink: 'syz.0.2859': attribute type 29 has an invalid length. [ 702.944559][T14694] loop2: detected capacity change from 0 to 1024 [ 702.945530][T14694] EXT4-fs: Ignoring removed oldalloc option [ 702.949491][T14694] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 702.969601][T14694] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 702.971628][T14696] netlink: 'syz.3.2860': attribute type 4 has an invalid length. [ 703.034977][T14326] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 703.048154][T14326] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260 [ 703.164655][T12106] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 703.185067][T14701] sysfs: cannot create duplicate filename '/class/ieee80211/C|+i!3rU&6 bOo '1©|y' [ 703.185091][T14701] CPU: 0 UID: 0 PID: 14701 Comm: syz.0.2861 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 703.185123][T14701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 703.185138][T14701] Call Trace: [ 703.185148][T14701] [ 703.185160][T14701] dump_stack_lvl+0x241/0x360 [ 703.185201][T14701] ? __pfx_dump_stack_lvl+0x10/0x10 [ 703.185235][T14701] ? __pfx__printk+0x10/0x10 [ 703.185273][T14701] ? sysfs_warn_dup+0x51/0xa0 [ 703.185302][T14701] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 703.185341][T14701] sysfs_warn_dup+0x8e/0xa0 [ 703.185371][T14701] sysfs_do_create_link_sd+0xbe/0x110 [ 703.185406][T14701] device_add_class_symlinks+0x1c5/0x250 [ 703.185436][T14701] device_add+0x553/0xbf0 [ 703.185470][T14701] wiphy_register+0x1d3f/0x2b30 [ 703.185533][T14701] ? __pfx_wiphy_register+0x10/0x10 [ 703.185559][T14701] ? minstrel_ht_alloc+0x72b/0x860 [ 703.185589][T14701] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 703.185613][T14701] ieee80211_register_hw+0x304a/0x3d30 [ 703.185645][T14701] ? ieee80211_register_hw+0x1081/0x3d30 [ 703.185671][T14701] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 703.185700][T14701] ? __asan_memset+0x23/0x50 [ 703.185716][T14701] ? __hrtimer_init+0x170/0x250 [ 703.185737][T14701] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 703.185773][T14701] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 703.185791][T14701] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 703.185815][T14701] ? kstrndup+0x5c/0xb0 [ 703.185838][T14701] ? __asan_memcpy+0x40/0x70 [ 703.185858][T14701] hwsim_new_radio_nl+0xe4c/0x21d0 [ 703.185886][T14701] ? __pfx___nla_validate_parse+0x10/0x10 [ 703.185907][T14701] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 703.185951][T14701] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 703.185978][T14701] genl_rcv_msg+0xb14/0xec0 [ 703.185997][T14701] ? mark_lock+0x9a/0x360 [ 703.186025][T14701] ? __pfx_genl_rcv_msg+0x10/0x10 [ 703.186064][T14701] ? __pfx_lock_acquire+0x10/0x10 [ 703.186084][T14701] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 703.186104][T14701] ? __pfx___might_resched+0x10/0x10 [ 703.186131][T14701] netlink_rcv_skb+0x1e3/0x430 [ 703.186156][T14701] ? __pfx_genl_rcv_msg+0x10/0x10 [ 703.186177][T14701] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 703.186211][T14701] ? __netlink_deliver_tap+0x77e/0x7c0 [ 703.186240][T14701] genl_rcv+0x28/0x40 [ 703.186258][T14701] netlink_unicast+0x7f0/0x990 [ 703.186287][T14701] ? __pfx_netlink_unicast+0x10/0x10 [ 703.186308][T14701] ? __virt_addr_valid+0x183/0x530 [ 703.186333][T14701] ? __check_object_size+0x49c/0x900 [ 703.186353][T14701] ? bpf_lsm_netlink_send+0x9/0x10 [ 703.186377][T14701] netlink_sendmsg+0x8e4/0xcb0 [ 703.186402][T14701] ? __pfx_netlink_sendmsg+0x10/0x10 [ 703.186417][T14701] ? __import_iovec+0x1dd/0x820 [ 703.186437][T14701] ? __import_iovec+0x536/0x820 [ 703.186455][T14701] ? aa_sock_msg_perm+0x91/0x160 [ 703.186480][T14701] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 703.186502][T14701] ? security_socket_sendmsg+0x87/0xb0 [ 703.186527][T14701] ? __pfx_netlink_sendmsg+0x10/0x10 [ 703.186542][T14701] __sock_sendmsg+0x221/0x270 [ 703.186569][T14701] ____sys_sendmsg+0x525/0x7d0 [ 703.186596][T14701] ? __pfx_____sys_sendmsg+0x10/0x10 [ 703.186629][T14701] __sys_sendmsg+0x2b0/0x3a0 [ 703.186651][T14701] ? __pfx___sys_sendmsg+0x10/0x10 [ 703.186704][T14701] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 703.186726][T14701] ? do_syscall_64+0x100/0x230 [ 703.186744][T14701] ? do_syscall_64+0xb6/0x230 [ 703.186761][T14701] do_syscall_64+0xf3/0x230 [ 703.186776][T14701] ? clear_bhb_loop+0x35/0x90 [ 703.186798][T14701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.186826][T14701] RIP: 0033:0x7f48f3175bd9 [ 703.186847][T14701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.186868][T14701] RSP: 002b:00007f48f3fc7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 703.186894][T14701] RAX: ffffffffffffffda RBX: 00007f48f3304038 RCX: 00007f48f3175bd9 [ 703.186913][T14701] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 703.186929][T14701] RBP: 00007f48f31e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 703.186944][T14701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 703.186959][T14701] R13: 000000000000006e R14: 00007f48f3304038 R15: 00007fff8ac9f508 [ 703.186995][T14701] [ 703.300944][ T926] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 703.489974][ T926] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 703.490002][ T926] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 494, setting to 64 [ 703.490022][ T926] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 703.491541][ T926] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 703.491566][ T926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 703.491582][ T926] usb 4-1: SerialNumber: syz [ 703.494120][T14696] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 703.768128][ T5142] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 703.931230][T14326] Bluetooth: hci5: command 0x0406 tx timeout [ 703.943688][ T926] cdc_acm 4-1:1.0: ttyACM0: USB ACM device [ 703.961172][ T5142] usb 3-1: config index 0 descriptor too short (expected 5292, got 36) [ 703.961207][ T5142] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 703.961232][ T5142] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 20 [ 703.963469][ T926] usb 4-1: USB disconnect, device number 35 [ 703.965776][ T5142] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 703.965809][ T5142] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 703.965835][ T5142] usb 3-1: Product: syz [ 703.965854][ T5142] usb 3-1: Manufacturer: syz [ 703.965871][ T5142] usb 3-1: SerialNumber: syz [ 703.978008][ T5142] usb 3-1: config 0 descriptor?? [ 704.460730][T12461] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 706.216237][ T5140] usb 3-1: USB disconnect, device number 37 [ 706.656098][T14727] program syz.1.2868 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 707.557830][T14745] 9pnet_fd: Insufficient options for proto=fd [ 707.916404][ T5105] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 708.032419][T14753] vhci_hcd: invalid port number 63 [ 708.032462][T14753] vhci_hcd: default hub control req: 0500 v0020 i003f l76 [ 709.787755][T14764] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2881'. [ 709.787793][T14764] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2881'. [ 709.787807][T14764] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2881'. [ 710.278003][ T25] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 710.402658][T14774] 9pnet_fd: Insufficient options for proto=fd [ 710.460155][ T25] usb 1-1: config index 0 descriptor too short (expected 5292, got 36) [ 710.507143][ T25] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 710.555132][ T25] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 20 [ 710.588877][ T25] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 710.617956][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 710.626306][ T25] usb 1-1: Product: syz [ 710.638406][ T25] usb 1-1: Manufacturer: syz [ 710.643038][ T25] usb 1-1: SerialNumber: syz [ 710.671868][ T25] usb 1-1: config 0 descriptor?? [ 710.752650][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.949395][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.172631][T14784] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2893'. [ 711.207292][T14784] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2893'. [ 711.259265][T14784] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2893'. [ 711.284441][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.748791][ T5142] usb 1-1: USB disconnect, device number 41 [ 711.972889][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.948648][T14326] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 712.961178][T14326] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 712.969532][T14326] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 713.017671][T14326] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 713.027520][T14326] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 713.034887][T14326] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 713.209228][ T12] bridge_slave_1: left allmulticast mode [ 713.241606][ T12] bridge_slave_1: left promiscuous mode [ 713.260461][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 713.314987][ T12] bridge_slave_0: left allmulticast mode [ 713.347021][ T12] bridge_slave_0: left promiscuous mode [ 713.374756][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 713.794004][ T12] ip6gretap0 (unregistering): left allmulticast mode [ 713.959064][T14805] 9pnet_fd: Insufficient options for proto=fd [ 714.093407][T14800] loop4: detected capacity change from 0 to 4096 [ 714.100264][T14800] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512). [ 714.137305][T14800] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 715.131600][T14326] Bluetooth: hci3: command tx timeout [ 716.379705][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 716.398431][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 716.510533][ T12] bond0 (unregistering): Released all slaves [ 716.901296][T14832] 9pnet_fd: Insufficient options for proto=fd [ 717.217951][T14841] netlink: 'syz.2.2912': attribute type 3 has an invalid length. [ 717.470613][T14843] loop3: detected capacity change from 0 to 4096 [ 717.497800][T14843] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 717.535559][T14792] chnl_net:caif_netlink_parms(): no params data found [ 717.646451][T14326] Bluetooth: hci3: command tx timeout [ 718.318472][T14326] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 718.321239][T14843] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 718.506682][T14856] 9pnet_fd: Insufficient options for proto=fd [ 718.557783][ T12] hsr_slave_0: left promiscuous mode [ 718.558605][ T12] hsr_slave_1: left promiscuous mode [ 718.577534][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 718.577597][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 718.581533][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 718.581568][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 718.605298][T14326] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 718.609016][T14326] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 718.610159][T14326] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 718.611689][T14326] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 718.612484][T14326] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 718.612879][T14326] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 718.675681][ T12] veth1_macvtap: left promiscuous mode [ 718.675773][ T12] veth0_macvtap: left promiscuous mode [ 718.675970][ T12] veth1_vlan: left promiscuous mode [ 718.676126][ T12] veth0_vlan: left promiscuous mode [ 719.688127][T14326] Bluetooth: hci3: command tx timeout [ 720.769675][T14326] Bluetooth: hci5: command tx timeout [ 721.757853][T14326] Bluetooth: hci3: command tx timeout [ 722.117971][ T12] team0 (unregistering): Port device team_slave_1 removed [ 722.245166][ T12] team0 (unregistering): Port device team_slave_0 removed [ 722.802344][T14326] Bluetooth: hci5: command tx timeout [ 723.231083][T14884] netlink: 'syz.0.2927': attribute type 3 has an invalid length. [ 723.239576][T14884] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2927'. [ 723.600776][T14792] bridge0: port 1(bridge_slave_0) entered blocking state [ 723.608404][T14792] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.615814][T14792] bridge_slave_0: entered allmulticast mode [ 723.625267][T14792] bridge_slave_0: entered promiscuous mode [ 723.649038][T14792] bridge0: port 2(bridge_slave_1) entered blocking state [ 723.656369][T14792] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.668020][T14792] bridge_slave_1: entered allmulticast mode [ 723.678490][T14792] bridge_slave_1: entered promiscuous mode [ 723.777811][ T5142] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 723.798558][T14792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 723.831401][T14792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 723.937519][ T5142] usb 1-1: device descriptor read/64, error -71 [ 724.092485][T14792] team0: Port device team_slave_0 added [ 724.140729][T14792] team0: Port device team_slave_1 added [ 724.227518][ T5142] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 724.304002][T14792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 724.320336][T14792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 724.417577][ T5142] usb 1-1: device descriptor read/64, error -71 [ 724.441929][ T5105] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 724.444504][T14792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 724.467904][ T5105] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 724.477615][ T5105] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 724.488023][ T5105] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 724.501431][T14792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 724.508947][ T5105] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 724.515991][T14792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 724.542262][ T5105] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 724.549648][ T5142] usb usb1-port1: attempt power cycle [ 724.557175][T14792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 724.823273][T14858] chnl_net:caif_netlink_parms(): no params data found [ 724.863528][T14792] hsr_slave_0: entered promiscuous mode [ 724.871740][T14792] hsr_slave_1: entered promiscuous mode [ 724.878112][T14326] Bluetooth: hci5: command tx timeout [ 724.886577][T14792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 724.895174][T14907] loop2: detected capacity change from 0 to 1024 [ 724.903941][T14792] Cannot create hsr debugfs directory [ 724.952581][T14907] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 724.977574][ T5142] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 725.008293][ T5142] usb 1-1: device descriptor read/8, error -71 [ 725.085436][T12106] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 725.203244][T14914] netlink: 'syz.2.2936': attribute type 3 has an invalid length. [ 725.221022][T14914] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2936'. [ 725.241385][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.288884][ T5142] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 725.338422][ T5142] usb 1-1: device descriptor read/8, error -71 [ 725.414716][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.484782][ T5142] usb usb1-port1: unable to enumerate USB device [ 725.514397][T14858] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.537117][T14858] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.545583][T14858] bridge_slave_0: entered allmulticast mode [ 725.563732][T14858] bridge_slave_0: entered promiscuous mode [ 725.626991][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.694575][T14858] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.742322][T14858] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.765798][T14858] bridge_slave_1: entered allmulticast mode [ 725.784986][T14858] bridge_slave_1: entered promiscuous mode [ 725.937983][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.220080][T14858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 726.259552][T14858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 726.517146][T14858] team0: Port device team_slave_0 added [ 726.637879][T14326] Bluetooth: hci4: command tx timeout [ 726.679072][T14858] team0: Port device team_slave_1 added [ 726.846207][T14858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 726.888014][T14858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 726.958950][T14326] Bluetooth: hci5: command tx timeout [ 726.976111][T14858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 727.151946][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.179503][T14938] netlink: 'syz.2.2944': attribute type 3 has an invalid length. [ 727.188950][T14938] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2944'. [ 727.218548][T14858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 727.225515][T14858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 727.337818][T14858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 727.447536][ T29] kauditd_printk_skb: 78 callbacks suppressed [ 727.447554][ T29] audit: type=1326 audit(1720340950.605:2231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14941 comm="syz.2.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 727.961595][ T29] audit: type=1326 audit(1720340950.695:2232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14941 comm="syz.2.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 728.094518][ T29] audit: type=1326 audit(1720340950.905:2233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14941 comm="syz.2.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 728.123045][ T29] audit: type=1326 audit(1720340950.925:2234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14941 comm="syz.2.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 728.145769][ T29] audit: type=1326 audit(1720340950.925:2235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14941 comm="syz.2.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 728.171635][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.183572][ T29] audit: type=1326 audit(1720340950.935:2236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14941 comm="syz.2.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 728.210580][T14900] chnl_net:caif_netlink_parms(): no params data found [ 728.217757][ T29] audit: type=1326 audit(1720340950.995:2237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14941 comm="syz.2.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 728.247052][ T29] audit: type=1326 audit(1720340951.015:2238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14941 comm="syz.2.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 728.269764][ T29] audit: type=1326 audit(1720340951.205:2239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14941 comm="syz.2.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 728.297185][ T29] audit: type=1326 audit(1720340951.205:2240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14941 comm="syz.2.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0da775bd9 code=0x7ffc0000 [ 728.337055][T14858] hsr_slave_0: entered promiscuous mode [ 728.347780][ T5141] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 728.357282][T14858] hsr_slave_1: entered promiscuous mode [ 728.372750][T14858] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 728.392993][T14858] Cannot create hsr debugfs directory [ 728.444902][T14947] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 728.454609][T14947] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 728.476781][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.577999][ T5141] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 728.643281][ T5141] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 728.659872][ T5141] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 728.686223][ T5141] usb 3-1: Product: ࠝ [ 728.692918][ T5141] usb 3-1: Manufacturer: Ḩ [ 728.718102][T14326] Bluetooth: hci4: command tx timeout [ 728.823807][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.894574][T14792] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 728.991888][T14792] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 729.017909][T14792] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 729.067348][T14942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2946'. [ 729.087788][T14792] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 729.221106][ T5141] cdc_ncm 3-1:1.0: bind() failure [ 729.238193][ T5141] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 729.246118][ T5141] cdc_ncm 3-1:1.1: bind() failure [ 729.255443][ T5141] usb 3-1: USB disconnect, device number 38 [ 729.370061][T14900] bridge0: port 1(bridge_slave_0) entered blocking state [ 729.391491][T14900] bridge0: port 1(bridge_slave_0) entered disabled state [ 729.417848][T14900] bridge_slave_0: entered allmulticast mode [ 729.432323][T14900] bridge_slave_0: entered promiscuous mode [ 729.464589][T14900] bridge0: port 2(bridge_slave_1) entered blocking state [ 729.485002][T14900] bridge0: port 2(bridge_slave_1) entered disabled state [ 729.495068][T14900] bridge_slave_1: entered allmulticast mode [ 729.507979][T14900] bridge_slave_1: entered promiscuous mode [ 729.682943][T14900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 729.763471][T14900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 729.949635][ T12] bridge_slave_1: left allmulticast mode [ 729.955376][ T12] bridge_slave_1: left promiscuous mode [ 729.978300][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.013622][ T12] bridge_slave_0: left allmulticast mode [ 730.030748][ T12] bridge_slave_0: left promiscuous mode [ 730.046723][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 730.079581][ T12] bridge_slave_1: left allmulticast mode [ 730.095700][ T12] bridge_slave_1: left promiscuous mode [ 730.102286][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.128423][ T12] bridge_slave_0: left allmulticast mode [ 730.134257][ T12] bridge_slave_0: left promiscuous mode [ 730.141411][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 730.268355][T14972] netlink: 'syz.2.2953': attribute type 3 has an invalid length. [ 730.798214][T14326] Bluetooth: hci4: command tx timeout [ 731.655876][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 731.680462][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 731.713682][ T12] bond0 (unregistering): Released all slaves [ 732.081784][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 732.112681][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 732.144104][ T12] bond0 (unregistering): Released all slaves [ 732.284722][T14900] team0: Port device team_slave_0 added [ 732.321401][T14900] team0: Port device team_slave_1 added [ 732.676331][T14900] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 732.684883][T14980] loop2: detected capacity change from 0 to 4096 [ 732.691632][T14900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 732.704471][T14980] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 732.747798][T14900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 732.752273][T14980] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 732.777248][T14900] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 732.801490][T14900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 732.860486][T14900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 732.881888][T14326] Bluetooth: hci4: command tx timeout [ 733.215344][T14900] hsr_slave_0: entered promiscuous mode [ 733.230158][T14900] hsr_slave_1: entered promiscuous mode [ 733.246045][T14900] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 733.254780][T14900] Cannot create hsr debugfs directory [ 734.159002][T14990] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 734.168844][T14990] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 734.199743][T14792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 734.570404][T14792] 8021q: adding VLAN 0 to HW filter on device team0 [ 734.828976][T14858] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 734.852993][ T5105] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 734.855717][T14858] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 734.869504][ T5105] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 734.877553][ T5105] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 734.898618][ T5139] bridge0: port 1(bridge_slave_0) entered blocking state [ 734.905756][ T5139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 734.919793][ T5105] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 734.938145][ T5105] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 734.946452][ T5105] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 734.998268][T14858] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 735.019315][T14858] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 735.127801][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state [ 735.134984][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 735.463585][ T12] hsr_slave_0: left promiscuous mode [ 735.480761][ T12] hsr_slave_1: left promiscuous mode [ 735.498482][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 735.505915][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 735.552512][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 735.578472][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 735.627490][ T12] hsr_slave_0: left promiscuous mode [ 735.638841][ T12] hsr_slave_1: left promiscuous mode [ 735.678486][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 735.685933][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 735.722345][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 735.730091][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 735.824547][ T12] veth1_macvtap: left promiscuous mode [ 735.858024][ T12] veth0_macvtap: left promiscuous mode [ 735.864995][ T12] veth1_vlan: left promiscuous mode [ 735.879172][ T12] veth0_vlan: left promiscuous mode [ 735.918732][ T12] veth1_macvtap: left promiscuous mode [ 735.924392][ T12] veth0_macvtap: left promiscuous mode [ 735.938228][ T12] veth1_vlan: left promiscuous mode [ 735.943684][ T12] veth0_vlan: left promiscuous mode [ 736.220380][ T5105] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 736.230901][ T5105] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 736.240470][ T5105] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 736.259692][ T5105] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 736.267505][ T5105] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 736.276971][ T5105] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 737.046631][T14326] Bluetooth: hci1: command tx timeout [ 737.100865][ T12] team0 (unregistering): Port device team_slave_1 removed [ 737.181597][ T12] team0 (unregistering): Port device team_slave_0 removed [ 738.398269][T14326] Bluetooth: hci0: command tx timeout [ 738.559527][ T12] team0 (unregistering): Port device team_slave_1 removed [ 738.680812][ T12] team0 (unregistering): Port device team_slave_0 removed [ 739.118140][T14326] Bluetooth: hci1: command tx timeout [ 740.104696][T14858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 740.247642][T14858] 8021q: adding VLAN 0 to HW filter on device team0 [ 740.348644][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 740.355818][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 740.366272][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 740.373461][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 740.403353][T14999] chnl_net:caif_netlink_parms(): no params data found [ 740.485991][T14326] Bluetooth: hci0: command tx timeout [ 740.507752][T14900] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 740.546747][T14900] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 740.626298][T14900] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 740.710561][T14900] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 740.787329][T14996] chnl_net:caif_netlink_parms(): no params data found [ 740.976866][T14999] bridge0: port 1(bridge_slave_0) entered blocking state [ 740.987916][T14999] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.001384][T14999] bridge_slave_0: entered allmulticast mode [ 741.011619][T14999] bridge_slave_0: entered promiscuous mode [ 741.079827][T14999] bridge0: port 2(bridge_slave_1) entered blocking state [ 741.087457][T14999] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.109862][T14999] bridge_slave_1: entered allmulticast mode [ 741.117490][T14999] bridge_slave_1: entered promiscuous mode [ 741.199294][T14326] Bluetooth: hci1: command tx timeout [ 741.283528][T14999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 741.318389][T14792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 741.433459][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.509040][T14999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 741.641163][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.693279][T14999] team0: Port device team_slave_0 added [ 741.728345][T14999] team0: Port device team_slave_1 added [ 741.741298][T14996] bridge0: port 1(bridge_slave_0) entered blocking state [ 741.750159][T14996] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.757377][T14996] bridge_slave_0: entered allmulticast mode [ 741.765856][T14996] bridge_slave_0: entered promiscuous mode [ 741.774900][T14996] bridge0: port 2(bridge_slave_1) entered blocking state [ 741.782204][T14996] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.789766][T14996] bridge_slave_1: entered allmulticast mode [ 741.797169][T14996] bridge_slave_1: entered promiscuous mode [ 741.825697][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.967240][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 742.043936][T14996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 742.056205][T14996] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 742.099759][T14858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 742.179109][T14999] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 742.186087][T14999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 742.227812][T14999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 742.286995][T14999] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 742.295732][T14999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 742.342227][T14999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 742.470863][T14996] team0: Port device team_slave_0 added [ 742.520431][T14999] hsr_slave_0: entered promiscuous mode [ 742.548749][T14999] hsr_slave_1: entered promiscuous mode [ 742.555317][T14999] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 742.559626][T14326] Bluetooth: hci0: command tx timeout [ 742.577852][T14999] Cannot create hsr debugfs directory [ 742.609820][T14996] team0: Port device team_slave_1 added [ 742.744241][T14996] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 742.758336][T14996] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 742.794333][T14996] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 742.824018][T14996] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 742.838166][T14996] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 742.873852][T14996] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 743.049720][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.101641][T14900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 743.157426][T14996] hsr_slave_0: entered promiscuous mode [ 743.164194][T14996] hsr_slave_1: entered promiscuous mode [ 743.170630][T14996] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 743.180177][T14996] Cannot create hsr debugfs directory [ 743.214000][T14792] veth0_vlan: entered promiscuous mode [ 743.275300][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.278320][T14326] Bluetooth: hci1: command tx timeout [ 743.423245][T14900] 8021q: adding VLAN 0 to HW filter on device team0 [ 743.478304][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.516273][T14792] veth1_vlan: entered promiscuous mode [ 743.624884][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.661694][ T5139] bridge0: port 1(bridge_slave_0) entered blocking state [ 743.668881][ T5139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 743.780385][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.787674][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 743.855975][T14858] veth0_vlan: entered promiscuous mode [ 743.926035][T14858] veth1_vlan: entered promiscuous mode [ 744.042383][T14792] veth0_macvtap: entered promiscuous mode [ 744.133773][T14792] veth1_macvtap: entered promiscuous mode [ 744.158981][ T12] bridge_slave_1: left allmulticast mode [ 744.164658][ T12] bridge_slave_1: left promiscuous mode [ 744.173715][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.187795][ T12] bridge_slave_0: left allmulticast mode [ 744.198273][ T12] bridge_slave_0: left promiscuous mode [ 744.204144][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.217266][ T12] bridge_slave_1: left allmulticast mode [ 744.224192][ T12] bridge_slave_1: left promiscuous mode [ 744.230136][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.250262][ T12] bridge_slave_0: left allmulticast mode [ 744.257194][ T12] bridge_slave_0: left promiscuous mode [ 744.264483][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.505569][ T12] ip6gretap0 (unregistering): left allmulticast mode [ 744.638624][T14326] Bluetooth: hci0: command tx timeout [ 745.172927][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 745.196541][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 745.223756][ T12] bond0 (unregistering): Released all slaves [ 745.392138][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 745.404405][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 745.416576][ T12] bond0 (unregistering): Released all slaves [ 745.531626][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 745.561561][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.588024][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 745.616605][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.626679][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 745.637323][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.689605][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 745.708143][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.738986][T14792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 745.849089][T14858] veth0_macvtap: entered promiscuous mode [ 745.862323][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 745.884690][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.899216][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 745.909800][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.920004][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 745.930766][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.942946][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 745.953864][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.975522][T14792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 746.016120][T14858] veth1_macvtap: entered promiscuous mode [ 746.047839][T14792] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.060221][T14792] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.070649][T14792] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.080022][T14792] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.111736][T14858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 746.128521][T14858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.138548][T14858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 746.149120][T14858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.159995][T14858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 746.171766][T14858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.181682][T14858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 746.192361][T14858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.203036][T14858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 746.213840][T14858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.225963][T14858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 746.260420][T14900] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 746.321787][T14858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 746.341495][T14858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.351630][T14858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 746.372280][T14858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.384009][T14858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 746.407459][T14858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.417534][T14858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 746.428593][T14858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.439160][T14858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 746.450321][T14858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.469773][T14858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 746.602841][T14858] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.623846][T14858] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.633248][T14858] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.642836][T14858] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.867255][T14900] veth0_vlan: entered promiscuous mode [ 746.981329][T14999] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 747.005135][T14999] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 747.041649][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 747.058233][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 747.099352][T14999] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 747.205252][T14900] veth1_vlan: entered promiscuous mode [ 747.224261][T14999] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 747.253626][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 747.266776][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 747.378451][T11511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 747.386491][T11511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 747.550084][ T12] hsr_slave_0: left promiscuous mode [ 747.559702][ T12] hsr_slave_1: left promiscuous mode [ 747.580213][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 747.592552][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.629455][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 747.637677][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 747.671173][ T12] hsr_slave_0: left promiscuous mode [ 747.689967][ T12] hsr_slave_1: left promiscuous mode [ 747.696245][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 747.706337][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.715700][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 747.723326][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 747.790529][ T12] veth1_macvtap: left promiscuous mode [ 747.796224][ T12] veth0_macvtap: left promiscuous mode [ 747.802179][ T12] veth1_vlan: left promiscuous mode [ 747.807611][ T12] veth0_vlan: left promiscuous mode [ 747.817810][ T12] veth1_macvtap: left promiscuous mode [ 747.823582][ T12] veth0_macvtap: left promiscuous mode [ 747.829413][ T12] veth1_vlan: left promiscuous mode [ 747.834850][ T12] veth0_vlan: left promiscuous mode [ 747.921129][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.927498][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.260567][ T12] pim6reg (unregistering): left allmulticast mode [ 748.281112][ T12] pimreg (unregistering): left allmulticast mode [ 748.996699][ T12] team0 (unregistering): Port device team_slave_1 removed [ 749.096812][ T12] team0 (unregistering): Port device team_slave_0 removed [ 750.543156][ T12] team0 (unregistering): Port device team_slave_1 removed [ 750.646434][ T12] team0 (unregistering): Port device team_slave_0 removed [ 751.536034][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 751.548223][T14900] veth0_macvtap: entered promiscuous mode [ 751.548680][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 751.651997][T14900] veth1_macvtap: entered promiscuous mode [ 751.733352][T14900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 751.757621][T14900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.778510][T14900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 751.798523][T14900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.819402][T14900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 751.847970][T14900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.857988][T14900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 751.878340][T14900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 751.909280][T14900] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 751.937878][T14900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 752.082880][T14900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.128532][T14900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 752.168154][T14900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.194000][T14900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 752.207911][T14900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.218110][T14900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 752.427507][T14900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.638939][T14900] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 752.780525][T15052] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 752.790212][T15052] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 752.832107][T14900] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 752.883485][T14900] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 752.918392][T14900] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 752.927120][T14900] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.082566][T14996] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 753.130320][T14996] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 753.165857][T14996] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 753.190643][T15054] loop4: detected capacity change from 0 to 1024 [ 753.196970][T14996] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 753.197106][T15056] program syz.1.2975 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 753.331874][T15054] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 753.418870][T14999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 753.548824][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 753.556672][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 753.579094][T14858] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 753.639338][T14999] 8021q: adding VLAN 0 to HW filter on device team0 [ 753.664342][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 753.693030][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.699694][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 753.700211][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 753.733010][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.740204][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 753.902851][T14999] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 753.992930][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 753.992948][ T29] audit: type=1326 audit(1720340977.154:2297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15069 comm="syz.4.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3cd75bd9 code=0x7ffc0000 [ 754.102632][ T29] audit: type=1326 audit(1720340977.214:2298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15069 comm="syz.4.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3cd75bd9 code=0x7ffc0000 [ 754.195250][ T29] audit: type=1326 audit(1720340977.214:2299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15069 comm="syz.4.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5c3cd75bd9 code=0x7ffc0000 [ 754.274461][ T29] audit: type=1326 audit(1720340977.214:2300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15069 comm="syz.4.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3cd75bd9 code=0x7ffc0000 [ 754.277372][T14996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 754.354541][ T29] audit: type=1326 audit(1720340977.214:2301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15069 comm="syz.4.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3cd75bd9 code=0x7ffc0000 [ 754.451116][ T29] audit: type=1326 audit(1720340977.224:2302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15069 comm="syz.4.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5c3cd75bd9 code=0x7ffc0000 [ 754.486575][T14996] 8021q: adding VLAN 0 to HW filter on device team0 [ 754.510029][ T29] audit: type=1326 audit(1720340977.224:2303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15069 comm="syz.4.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3cd75bd9 code=0x7ffc0000 [ 754.545457][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 754.552648][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 754.577502][T15079] loop4: detected capacity change from 0 to 1024 [ 754.587491][ T29] audit: type=1326 audit(1720340977.224:2304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15069 comm="syz.4.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5c3cd6cc27 code=0x7ffc0000 [ 754.612927][T15079] EXT4-fs: Ignoring removed oldalloc option [ 754.614473][T14999] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 754.644078][T15079] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 754.664365][T11705] bridge0: port 2(bridge_slave_1) entered blocking state [ 754.671578][T11705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 754.671926][ T29] audit: type=1326 audit(1720340977.224:2305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15069 comm="syz.4.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5c3cd115c9 code=0x7ffc0000 [ 754.738883][ T29] audit: type=1326 audit(1720340977.224:2306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15069 comm="syz.4.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5c3cd6cc27 code=0x7ffc0000 [ 754.793651][T15079] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 755.010802][T14858] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 755.029983][T14999] veth0_vlan: entered promiscuous mode [ 755.054486][T14999] veth1_vlan: entered promiscuous mode [ 755.147101][T14999] veth0_macvtap: entered promiscuous mode [ 755.201782][T14999] veth1_macvtap: entered promiscuous mode [ 755.313896][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 755.346810][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 755.368418][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 755.399977][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 755.428879][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 755.458563][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 755.488454][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 755.509405][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 755.528525][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 755.550281][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 755.590718][T14999] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 755.669408][T14996] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 755.676938][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 755.719646][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 755.758845][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 755.789488][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 755.828603][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 755.848523][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 755.868470][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 755.898464][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 755.919251][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 755.941036][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 755.966637][T14999] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 756.016631][T14999] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 756.045836][T14999] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 756.060066][T14999] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 756.083476][T14999] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 756.336888][T14996] veth0_vlan: entered promiscuous mode [ 756.452581][T14996] veth1_vlan: entered promiscuous mode [ 756.487193][T15101] loop3: detected capacity change from 0 to 1024 [ 756.534548][T15101] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 756.621235][T15105] program syz.1.2984 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 756.642304][T11511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 756.656450][T11511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 756.780310][T14996] veth0_macvtap: entered promiscuous mode [ 756.785305][T11511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 756.793460][T14900] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 756.806853][T11511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 756.828761][T14996] veth1_macvtap: entered promiscuous mode [ 756.919896][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 756.964557][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 756.984636][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 756.998955][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 757.818600][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 757.829161][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 757.846666][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 757.866406][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 757.897519][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 757.913648][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 757.924419][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 757.935061][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 757.957314][T14996] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 758.031644][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 758.064288][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 758.066068][T15118] loop3: detected capacity change from 0 to 1024 [ 758.093744][T15118] EXT4-fs: Ignoring removed oldalloc option [ 758.104369][T15118] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 758.105346][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 758.144729][T15118] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 758.145953][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 758.169186][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 758.179681][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 758.191167][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 758.201929][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 758.211882][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 758.222462][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 758.233369][T14996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 758.245820][T14996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 758.257816][T14996] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 758.290438][T14996] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 758.311650][T14996] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 758.320817][T14996] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 758.330017][T14996] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 758.486156][T14900] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 759.038438][T11510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 759.160270][T11510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 759.432064][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 759.478964][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 760.684705][T15157] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2964'. [ 760.899700][T15160] program syz.2.2999 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 761.465710][T15169] loop2: detected capacity change from 0 to 16 [ 761.539499][T15169] erofs: (device loop2): z_erofs_load_lz4_config: too large lz4 pclusterblks 16832 [ 761.752049][T15171] loop2: detected capacity change from 0 to 1024 [ 761.789639][T15171] EXT4-fs: Ignoring removed oldalloc option [ 761.818924][T15171] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 761.903536][T15171] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 762.044519][ T29] kauditd_printk_skb: 43 callbacks suppressed [ 762.044537][ T29] audit: type=1804 audit(1720340985.204:2350): pid=15180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3001" name="/newroot/3/file1/file1" dev="loop2" ino=15 res=1 errno=0 [ 762.081509][ T29] audit: type=1804 audit(1720340985.234:2351): pid=15180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3001" name="/newroot/3/file1/file1" dev="loop2" ino=15 res=1 errno=0 [ 762.126324][T15179] loop3: detected capacity change from 0 to 1024 [ 762.148359][ T29] audit: type=1804 audit(1720340985.234:2352): pid=15180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3001" name="/newroot/3/file1/file1" dev="loop2" ino=15 res=1 errno=0 [ 762.210878][T14996] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 762.262690][T15179] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 762.411182][T14900] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 762.800809][T15199] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3009'. [ 762.918922][T11705] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 763.122208][T11705] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 763.139443][T15201] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3010'. [ 763.160129][T11705] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 763.180959][T11705] usb 4-1: config 0 descriptor?? [ 763.595313][T11705] usb 4-1: Cannot read MAC address [ 763.600950][T11705] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61 [ 763.804948][ T25] usb 4-1: USB disconnect, device number 36 [ 763.936405][T15212] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3013'. [ 764.681371][T15224] loop3: detected capacity change from 0 to 1024 [ 764.728322][T15231] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3020'. [ 764.801230][T15224] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 765.481253][T14900] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 765.738967][T15253] loop3: detected capacity change from 0 to 128 [ 765.793201][T15253] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 765.969278][T15253] ext4 filesystem being mounted at /11/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 766.153265][T15262] netlink: 176 bytes leftover after parsing attributes in process `syz.0.3030'. [ 766.154580][T14900] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 766.184074][T15262] ip6gretap0: entered promiscuous mode [ 766.195687][T15262] netlink: 176 bytes leftover after parsing attributes in process `syz.0.3030'. [ 766.352202][T15270] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3033'. [ 766.655618][T15272] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] PREEMPT SMP KASAN PTI [ 766.655647][T15272] KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] [ 766.655666][T15272] CPU: 0 UID: 0 PID: 15272 Comm: syz.3.3032 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 766.655692][T15272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 766.655706][T15272] RIP: 0010:dev_map_redirect+0x65/0x6a0 [ 766.655737][T15272] Code: 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 83 b3 3d 00 4c 8b 2b 4d 8d 7d 38 4c 89 fb 48 c1 eb 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 03 84 c0 0f 85 6e 04 00 00 41 8b 2f 89 ee 83 e6 02 31 ff [ 766.655766][T15272] RSP: 0018:ffffc90004507088 EFLAGS: 00010202 [ 766.655785][T15272] RAX: dffffc0000000000 RBX: 0000000000000007 RCX: 0000000000040000 [ 766.655800][T15272] RDX: ffffc90019806000 RSI: 00000000000004bc RDI: 00000000000004bd [ 766.655814][T15272] RBP: dffffc0000000000 R08: 0000000000000007 R09: ffffffff81b5ee2f [ 766.655828][T15272] R10: 0000000000000004 R11: ffff88801dc81e00 R12: 00000000045070d8 [ 766.655860][T15272] R13: 0000000000000000 R14: 0000000000000008 R15: 0000000000000038 [ 766.655873][T15272] FS: 00007f3b410a36c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 766.655892][T15272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 766.655907][T15272] CR2: 00007fff5daf5ec0 CR3: 0000000011c30000 CR4: 00000000003526f0 [ 766.655926][T15272] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 766.655939][T15272] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 766.655952][T15272] Call Trace: [ 766.655961][T15272] [ 766.655970][T15272] ? __die_body+0x88/0xe0 [ 766.656003][T15272] ? die_addr+0x108/0x140 [ 766.656035][T15272] ? exc_general_protection+0x3dd/0x5d0 [ 766.656075][T15272] ? asm_exc_general_protection+0x26/0x30 [ 766.656104][T15272] ? bpf_ringbuf_query+0x4f/0x150 [ 766.656133][T15272] ? dev_map_redirect+0x65/0x6a0 [ 766.656157][T15272] ? dev_map_redirect+0x28/0x6a0 [ 766.656183][T15272] bpf_prog_ec9efaa32d58ce69+0x56/0x5a [ 766.656203][T15272] bpf_prog_run_generic_xdp+0x679/0x14c0 [ 766.656262][T15272] do_xdp_generic+0x673/0xb90 [ 766.656289][T15272] ? __pfx_validate_chain+0x10/0x10 [ 766.656325][T15272] ? __pfx_do_xdp_generic+0x10/0x10 [ 766.656362][T15272] __netif_receive_skb_core+0x1be6/0x4570 [ 766.656394][T15272] ? mark_lock+0x9a/0x360 [ 766.656435][T15272] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 766.656468][T15272] ? mark_lock+0x9a/0x360 [ 766.656499][T15272] ? __lock_acquire+0x1359/0x2000 [ 766.656540][T15272] __netif_receive_skb+0x12f/0x650 [ 766.656571][T15272] ? __pfx_lock_acquire+0x10/0x10 [ 766.656597][T15272] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 766.656624][T15272] ? __pfx___netif_receive_skb+0x10/0x10 [ 766.656652][T15272] ? __kasan_slab_alloc+0x66/0x80 [ 766.656678][T15272] ? read_tsc+0x9/0x20 [ 766.656702][T15272] ? timekeeping_get_ns+0x2c0/0x420 [ 766.656733][T15272] ? netif_receive_skb+0x131/0x890 [ 766.656760][T15272] ? netif_receive_skb+0x131/0x890 [ 766.656789][T15272] netif_receive_skb+0x1e8/0x890 [ 766.656818][T15272] ? tun_rx_batched+0x160/0x8f0 [ 766.656858][T15272] ? __pfx_netif_receive_skb+0x10/0x10 [ 766.656895][T15272] ? tun_rx_batched+0x160/0x8f0 [ 766.656918][T15272] tun_rx_batched+0x1b7/0x8f0 [ 766.656941][T15272] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 766.656974][T15272] ? __pfx_lock_acquire+0x10/0x10 [ 766.657004][T15272] ? __pfx_tun_rx_batched+0x10/0x10 [ 766.657048][T15272] tun_get_user+0x2f3b/0x4560 [ 766.657085][T15272] ? tun_get_user+0x2a35/0x4560 [ 766.657119][T15272] ? __pfx_tun_get_user+0x10/0x10 [ 766.657143][T15272] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 766.657167][T15272] ? tun_get+0x1e/0x2f0 [ 766.657196][T15272] ? tun_get+0x1e/0x2f0 [ 766.657216][T15272] ? tun_get+0x27d/0x2f0 [ 766.657237][T15272] tun_chr_write_iter+0x113/0x1f0 [ 766.657266][T15272] vfs_write+0xa72/0xc90 [ 766.657289][T15272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 766.657311][T15272] ? __pfx_vfs_write+0x10/0x10 [ 766.657329][T15272] ? do_futex+0x392/0x560 [ 766.657368][T15272] ksys_write+0x1a0/0x2c0 [ 766.657391][T15272] ? __pfx_ksys_write+0x10/0x10 [ 766.657412][T15272] ? do_syscall_64+0x100/0x230 [ 766.657433][T15272] ? do_syscall_64+0xb6/0x230 [ 766.657454][T15272] do_syscall_64+0xf3/0x230 [ 766.657474][T15272] ? clear_bhb_loop+0x35/0x90 [ 766.657502][T15272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.657527][T15272] RIP: 0033:0x7f3b4037475f [ 766.657544][T15272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 766.657564][T15272] RSP: 002b:00007f3b410a3010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 766.657585][T15272] RAX: ffffffffffffffda RBX: 00007f3b40503f60 RCX: 00007f3b4037475f [ 766.657602][T15272] RDX: 0000000000000022 RSI: 0000000020000100 RDI: 00000000000000c8 [ 766.657616][T15272] RBP: 00007f3b403e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 766.657628][T15272] R10: 0000000000000022 R11: 0000000000000293 R12: 0000000000000000 [ 766.657641][T15272] R13: 000000000000000b R14: 00007f3b40503f60 R15: 00007ffdb5120b28 [ 766.657664][T15272] [ 766.657671][T15272] Modules linked in: [ 766.657743][T15272] ---[ end trace 0000000000000000 ]--- [ 766.695272][T15278] loop2: detected capacity change from 0 to 1024 [ 766.699414][T15272] RIP: 0010:dev_map_redirect+0x65/0x6a0 [ 766.699452][T15272] Code: 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 83 b3 3d 00 4c 8b 2b 4d 8d 7d 38 4c 89 fb 48 c1 eb 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 03 84 c0 0f 85 6e 04 00 00 41 8b 2f 89 ee 83 e6 02 31 ff [ 766.699472][T15272] RSP: 0018:ffffc90004507088 EFLAGS: 00010202 [ 766.699495][T15272] RAX: dffffc0000000000 RBX: 0000000000000007 RCX: 0000000000040000 [ 766.699513][T15272] RDX: ffffc90019806000 RSI: 00000000000004bc RDI: 00000000000004bd [ 766.699529][T15272] RBP: dffffc0000000000 R08: 0000000000000007 R09: ffffffff81b5ee2f [ 766.699557][T15272] R10: 0000000000000004 R11: ffff88801dc81e00 R12: 00000000045070d8 [ 766.699573][T15272] R13: 0000000000000000 R14: 0000000000000008 R15: 0000000000000038 [ 766.699587][T15272] FS: 00007f3b410a36c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 766.699605][T15272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 766.699620][T15272] CR2: 00007fff5daf5ec0 CR3: 0000000011c30000 CR4: 00000000003526f0 [ 766.699638][T15272] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 766.699651][T15272] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 766.699685][T15272] Kernel panic - not syncing: Fatal exception in interrupt [ 766.700059][T15272] Kernel Offset: disabled