last executing test programs: 7m19.298445276s ago: executing program 0 (id=2054): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00003cb37a0d65fa2e5500ee000000003fbf00000000010000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00007200bfa2000000e5d436d9a8aaf31063f5843945d6cd00000007020000f8ffffffb703000008000000b70400000000000000000000000009af479b2a83dcd2b49d59d5b02e96040077d6c35c9c2cd9d0c718af84861448f77c00116b003aa3f6db72f0f4a66578000000000000000000003729a1e78edd0b4e0eae4cdc0e4569678834327c3c1e9c94f25e6df9327d3208397de2838478bb7e039971c4ba1b54a7621cfdae415051d24662390ebc77c7deebe22b8d5184cc934b92f4177ae5ff7da3a55ce8bf0fef2f4395ec10d3be89529ed09ef174da66985502dcb092f7c1ec98be702c955f16aff89b58cf54ab140fc216a33854b395479028c991ea9d77fdac88af15f98fe0d305df27d4e2d38dd83ab38d56806d67c77e545cb8be37220df05d80bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r4, 0x2000000, 0xe, 0xffffffffffffffd4, &(0x7f0000000200)="493c1300"/14, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket(0x10, 0x3, 0x0) r5 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_TRIM(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3f6, 0x20, 0x70bd29, 0x1}, 0x10}}, 0x20004010) recvmmsg(r5, &(0x7f00000021c0)=[{{&(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) r7 = socket(0x840000000002, 0x3, 0x100) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) close_range(r6, 0xffffffffffffffff, 0x0) 7m18.283049991s ago: executing program 0 (id=2058): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000006dc0), 0x0, 0x0) close(r0) r1 = socket(0x10, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000100)={0x0, 0xfffffff6, 0x2, 0x800}, 0x10) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'sit0\x00'}) sendmsg$nl_route(r6, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x0) write(r1, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r1, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) 7m15.351078498s ago: executing program 0 (id=2062): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f00000059c0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000100)='d', 0x1}], 0x1}}], 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x200}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000180), 0x4) 7m13.861009676s ago: executing program 0 (id=2068): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x2}]}}}]}, 0x50}}, 0x0) 7m13.702376427s ago: executing program 0 (id=2072): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x34, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x34}}, 0x0) 7m13.666478298s ago: executing program 0 (id=2073): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) recvmmsg(r1, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0) 6m58.219902114s ago: executing program 32 (id=2073): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) recvmmsg(r1, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0) 2m55.655072223s ago: executing program 4 (id=2832): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/if_inet6\x00') pread64(r3, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) syz_open_pts(r4, 0x141601) r5 = dup(0xffffffffffffffff) ioctl$SCSI_IOCTL_GET_IDLUN(r5, 0x5382, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r6 = socket$qrtr(0x2a, 0x2, 0x0) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) sendmsg$sock(r6, &(0x7f0000001540)={&(0x7f0000000500)=@pppoe={0x2a, 0x0, {0x0, @empty, 'nicvf0\x00'}}, 0x80, 0x0}, 0x0) 2m49.09612177s ago: executing program 4 (id=2852): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000440), 0x3, 0x2) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, 0x0) 2m48.173680905s ago: executing program 4 (id=2854): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = dup(r4) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}}) 2m46.279906915s ago: executing program 4 (id=2856): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045515, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x48080) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r8) ioctl$int_in(r9, 0x541b, 0x0) ioctl$int_in(r6, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) shutdown(r7, 0x1) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r5, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x98, 0x3, 0x8, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xfffffffd}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xfffffffa}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x3a}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x98}, 0x1, 0x0, 0x0, 0x14}, 0x0) 2m42.273018598s ago: executing program 4 (id=2865): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xbd, 0x2, 0xc4, 0x40, 0x856, 0xac31, 0x931e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xd2, 0xc8, 0x7f}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000000)={0x40, 0xe, 0xd, "6a0fd3e873ac96c152429b13da"}, 0x0, 0x0}) 2m37.160242817s ago: executing program 4 (id=2872): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_procfs(0xffffffffffffffff, 0x0) fchdir(r1) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE2(r2, 0x0, 0x0) 2m22.02633626s ago: executing program 33 (id=2872): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_procfs(0xffffffffffffffff, 0x0) fchdir(r1) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE2(r2, 0x0, 0x0) 6.692200852s ago: executing program 6 (id=3341): mkdir(0x0, 0x0) open$dir(&(0x7f00000002c0)='./control/file0\x00', 0x6040, 0x0) r0 = open(0x0, 0x0, 0x0) mkdirat(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_emit_vhci(0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/timers\x00', 0x0, 0x0) pread64(r4, &(0x7f00000007c0)=""/29, 0x1d, 0x9) getdents64(r0, 0x0, 0x0) 5.31931383s ago: executing program 6 (id=3344): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/protocols\x00') mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000180)={0x8000000000000001, 0x2}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$unix(0x1, 0x2, 0x0) r2 = socket(0x200000100000011, 0x803, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, r4}, 0x14) write$binfmt_aout(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="90020ec29ad0d72204000e21080600010800060400aae501650180b572da3e9647deffffad5135"], 0x120) io_submit(0x0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r5 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000e86000), 0x0) setsockopt$inet6_IPV6_DSTOPTS(r5, 0x29, 0x3b, &(0x7f0000000300), 0x8) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_delrule={0x28, 0x21, 0x121, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_UID_RANGE={0xc, 0x18, {0x0, 0xffffffffffffffff}}]}, 0x28}}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10) close(0x3) ioctl$vim2m_VIDIOC_G_FMT(r6, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0}}) 5.032136301s ago: executing program 3 (id=3347): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x1, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000800) 5.031871301s ago: executing program 1 (id=3348): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0cc5678, &(0x7f00000000c0)={0x2, @raw_data="923e75071c78beb2f9cba6728ce90db220d8f3f9960914edabb6a7498eab847b27d9335a29977301d67b37c73323a1dd607a84325e58c658fbc382640479e1036a6358204ef7ba429f6eb2fe8748b6022c1da855465587ff9d09b6cc918de5b9aef2e9446b7a04535d08d2e5764157a08ad7f9a8f902615ba4d46f2ca50e91e3aab39d4ddd543b7dffc8e78840b552e35599e95905d1c85aad49ffc0ea952c954f31f75e4d0163ba9ab7514d7da04a36cb3578bf5f516801a22440f1c445bfc140819daebc41f35f"}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)=@x86={0x0, 0x0, 0x8, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, '\x00', 0xfe, 0x59a}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4.946009462s ago: executing program 3 (id=3350): r0 = socket$nl_rdma(0x10, 0x3, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0) syz_emit_ethernet(0x5e, &(0x7f00000005c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xfc}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$kcm(0x10, 0x2, 0x10) socket$netlink(0x10, 0x3, 0x8000000004) mq_open(0x0, 0x2, 0x38, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001100)={0x28, 0x140b, 0x1, 0x70bd26, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x28}}, 0x0) 4.887856962s ago: executing program 1 (id=3351): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 4.883808112s ago: executing program 2 (id=3352): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045515, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x48080) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r8) ioctl$int_in(r9, 0x541b, 0x0) ioctl$int_in(r6, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) shutdown(r7, 0x1) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r5, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x9c, 0x3, 0x8, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TIMEOUT_DATA={0x4}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xfffffffa}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x3a}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x9c}, 0x1, 0x0, 0x0, 0x14}, 0x0) 4.138195126s ago: executing program 6 (id=3353): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x3c1, 0x3, 0x344, 0x0, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x27c, 0x20a, 0x278, 0x27c, 0x278, 0x3, 0x0, {[{{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@ipv6header={{0x24}, {0x8, 0x10}}, @common=@frag={{0x30}, {[0x40000000], 0x80000000, 0x2c, 0x3}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1f, 0x1, 0xfffffffd, 0x6, 'netbios-ns\x00', 'syz0\x00', {0x9}}}}, {{@uncond, 0x0, 0xf8, 0x11c, 0x0, {}, [@inet=@rpfilter={{0x24}, {0x8}}, @common=@frag={{0x30}, {[0x756, 0xff], 0x0, 0x25, 0x2}}]}, @common=@inet=@SYNPROXY={0x24, 'SYNPROXY\x00', 0x0, {0x15, 0x9, 0x6}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3a0) 4.045689717s ago: executing program 3 (id=3354): mkdir(0x0, 0x0) open$dir(&(0x7f00000002c0)='./control/file0\x00', 0x6040, 0x0) r0 = open(0x0, 0x0, 0x0) mkdirat(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_emit_vhci(0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/timers\x00', 0x0, 0x0) pread64(r4, &(0x7f00000007c0)=""/29, 0x1d, 0x9) getdents64(r0, 0x0, 0x0) 3.744078438s ago: executing program 6 (id=3355): r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x8000, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x3, 0x2, 0x3, "d52b3d00000005000000000000004700", 0x33363248}) 3.58844962s ago: executing program 2 (id=3356): socket$inet6(0xa, 0x3, 0x6) pipe(&(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x13}, 0x1c) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, 0x0, &(0x7f0000000300)) socket$nl_netfilter(0x10, 0x3, 0xc) socket$key(0xf, 0x3, 0x2) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[@ANYBLOB='-cpu'], 0x5) r3 = openat$cgroup_type(r2, &(0x7f0000000040), 0x2, 0x0) write$cgroup_type(r3, &(0x7f0000000080), 0x9) 3.43141655s ago: executing program 6 (id=3357): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x20000015}) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0) 3.196207132s ago: executing program 3 (id=3358): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x1) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, &(0x7f0000000100)={0xa, 0x0, 0x10000000, @empty, 0x0, 0x81}, 0x20) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) 3.141237572s ago: executing program 3 (id=3359): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x81) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0xffffffff, 0x0, 0x82, 0x40000009, 'syz1\x00'}, 0x4, 0x1, 0x4, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0) get_robust_list(0x0, &(0x7f0000000480)=&(0x7f0000000440)={&(0x7f00000001c0), 0x0, &(0x7f0000000400)}, &(0x7f00000004c0)=0x18) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x44}}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) r4 = accept$alg(r3, 0x0, 0x0) sendmmsg(r4, &(0x7f0000004b00)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001c00)="9c5c478864f96c0c54b0a8844d0ab62ef49bc35c05515bac1b37d2c833c1ad18f967522d7a4dea220f7137b4540d704efc27e15715e3850abc21f8c500f41189d99947e35967e83bb54c20a9", 0x4c}], 0x1}}], 0x1, 0x20000081) sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, 0x0, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x40012101, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_ro(r5, 0x0, 0x275a, 0x0) 2.612644335s ago: executing program 2 (id=3360): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c00)=@newlink={0x34, 0x10, 0x1, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, 0x220, 0x80}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x200, 0x7fff}}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x4050004) 2.480043065s ago: executing program 1 (id=3361): r0 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) 2.412763646s ago: executing program 6 (id=3362): setrlimit(0x2, &(0x7f00000002c0)={0x2, 0xfffffffe}) socket$inet_tcp(0x2, 0x1, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0x0, 0x1, 0x3}) 2.397481426s ago: executing program 2 (id=3363): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/protocols\x00') mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000180)={0x8000000000000001, 0x2}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$unix(0x1, 0x2, 0x0) r2 = socket(0x200000100000011, 0x803, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, r4}, 0x14) write$binfmt_aout(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="90020ec29ad0d72204000e21080600010800060400aae501650180b572da3e9647deffffad5135"], 0x120) io_submit(0x0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r5 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820f", 0x8c) setsockopt$inet6_IPV6_DSTOPTS(r5, 0x29, 0x3b, &(0x7f0000000300), 0x8) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_delrule={0x28, 0x21, 0x121, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_UID_RANGE={0xc, 0x18, {0x0, 0xffffffffffffffff}}]}, 0x28}}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10) close(0x3) ioctl$vim2m_VIDIOC_G_FMT(r6, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0}}) 2.340165266s ago: executing program 1 (id=3364): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) r1 = socket(0x840000000002, 0x3, 0x100) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) sendmmsg$inet(r1, &(0x7f0000005240), 0x4000095, 0x0) 2.008980628s ago: executing program 5 (id=3365): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff002) 1.893564779s ago: executing program 5 (id=3366): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) sendmmsg$inet6(r0, &(0x7f0000000ec0)=[{{&(0x7f0000000300)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000100)='k', 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x9, &(0x7f00000010c0)=""/4111, &(0x7f0000000000)=0x100f) 1.685134s ago: executing program 5 (id=3367): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x14) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x270}}, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)="286d81866e6b77fbbd308e1683", 0xd}], 0x1, &(0x7f00000002c0), 0x0, 0x24008000}, 0xc040) bind$packet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0xfdef, &(0x7f00000003c0)={@broadcast, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x500, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$autofs(0xffffff9c, &(0x7f0000000000), 0x200142, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x0) 1.583427581s ago: executing program 1 (id=3368): mkdir(0x0, 0x0) open$dir(&(0x7f00000002c0)='./control/file0\x00', 0x6040, 0x0) r0 = open(0x0, 0x0, 0x0) mkdirat(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_emit_vhci(0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/timers\x00', 0x0, 0x0) pread64(r4, &(0x7f00000007c0)=""/29, 0x1d, 0x9) getdents64(r0, 0x0, 0x0) 1.456478412s ago: executing program 2 (id=3369): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000003c0)=0x1003) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)) 628.435026ms ago: executing program 1 (id=3370): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x40000, 0x96) getdents(r1, 0x0, 0x58) 471.673267ms ago: executing program 3 (id=3371): socket$inet6(0xa, 0x3, 0x6) pipe(&(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x13}, 0x1c) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, 0x0, &(0x7f0000000300)) socket$nl_netfilter(0x10, 0x3, 0xc) socket$key(0xf, 0x3, 0x2) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[@ANYBLOB='-cpu'], 0x5) r3 = openat$cgroup_type(r2, &(0x7f0000000040), 0x2, 0x0) write$cgroup_type(r3, &(0x7f0000000080), 0x9) 280.073838ms ago: executing program 5 (id=3372): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0xfff, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9eb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3) r1 = dup(r0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) ioctl$UI_DEV_CREATE(r1, 0x5501) 169.625309ms ago: executing program 2 (id=3373): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='htcp\x00', 0x7) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x100120}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700) 160.410459ms ago: executing program 5 (id=3374): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0) 0s ago: executing program 5 (id=3375): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x880, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x98}, {0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde, 0x0, 0x0, 0x8}, {0x3fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}]}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594", 0xf}], 0x1}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000040)={{}, 'syz1\x00'}) write$input_event(0xffffffffffffffff, &(0x7f0000000140)={{}, 0x13}, 0x18) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): on usb-dummy_hcd.4-1/input0 [ 810.085575][ T2300] usb 5-1: USB disconnect, device number 9 [ 816.537081][T11749] loop3: detected capacity change from 0 to 2048 [ 816.587512][T11749] UDF-fs: bad mount option "18446744073709551615" or missing value [ 816.671504][ T4449] kernel write not supported for file /vcsa (pid: 4449 comm: kworker/0:14) [ 817.688744][T11769] device geneve2 entered promiscuous mode [ 818.421447][ T4557] Bluetooth: hci4: command 0x0405 tx timeout [ 819.949584][T11788] input: syz0 as /devices/virtual/input/input18 [ 821.986421][ T7] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 822.346613][ T7] usb 3-1: config 255 has an invalid interface number: 213 but max is 0 [ 822.365262][ T7] usb 3-1: config 255 has no interface number 0 [ 822.386264][ T7] usb 3-1: config 255 interface 213 has no altsetting 0 [ 822.505542][T11807] loop4: detected capacity change from 0 to 32768 [ 822.558951][ T7] usb 3-1: New USB device found, idVendor=050d, idProduct=0122, bcdDevice=ef.4b [ 822.578932][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 823.132600][T11807] XFS (loop4): Mounting V5 Filesystem [ 823.371063][T11807] XFS (loop4): Ending clean mount [ 823.387874][ T7] usb 3-1: Product: syz [ 823.392078][ T7] usb 3-1: Manufacturer: syz [ 823.396753][ T7] usb 3-1: SerialNumber: syz [ 823.400020][T11807] XFS (loop4): Quotacheck needed: Please wait. [ 823.661697][T11807] XFS (loop4): Quotacheck: Done. [ 823.780325][T11827] loop1: detected capacity change from 0 to 2048 [ 823.977713][T11827] UDF-fs: bad mount option "18446744073709551615" or missing value [ 824.006625][ T7] usb 3-1: can't set config #255, error -71 [ 824.016291][ T7] usb 3-1: USB disconnect, device number 11 [ 824.122364][T11807] xfs: Unknown parameter ' Z* m.Dc8'@C9G9?9S{1Jլ5 æԌqqY糔' [ 824.410158][T11833] mkiss: ax0: crc mode is auto. [ 824.527853][ T4175] XFS (loop4): Unmounting Filesystem [ 826.144832][ T23] Bluetooth: hci5: command 0x0409 tx timeout [ 826.842721][T11850] tmpfs: Unknown parameter 'grpquota' [ 827.041635][T11828] chnl_net:caif_netlink_parms(): no params data found [ 827.466704][ T4557] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 828.086763][ T4557] usb 5-1: config index 0 descriptor too short (expected 63186, got 210) [ 828.104959][ T4557] usb 5-1: config 0 has an invalid interface number: 106 but max is 0 [ 828.114173][ T4557] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 828.124694][ T4557] usb 5-1: config 0 has no interface number 0 [ 828.171701][ T4557] usb 5-1: config 0 interface 106 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 828.268383][ T4557] usb 5-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 26232, setting to 64 [ 828.444794][ T4557] usb 5-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 828.612958][ T4557] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 828.733701][ T4557] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 828.861453][ T4557] usb 5-1: config 0 descriptor?? [ 828.961620][ T23] Bluetooth: hci5: command 0x041b tx timeout [ 829.087567][ T4557] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 829.161580][T11828] bridge0: port 1(bridge_slave_0) entered blocking state [ 829.226591][ T1172] usb 5-1: Failed to submit usb control message: -71 [ 829.233861][ T1172] usb 5-1: unable to send the bmi data to the device: -71 [ 829.241289][T11392] usb 5-1: USB disconnect, device number 10 [ 829.266947][T11828] bridge0: port 1(bridge_slave_0) entered disabled state [ 829.275239][T11828] device bridge_slave_0 entered promiscuous mode [ 829.284442][T11828] bridge0: port 2(bridge_slave_1) entered blocking state [ 829.287968][ T1172] usb 5-1: unable to get target info from device [ 829.293498][T11828] bridge0: port 2(bridge_slave_1) entered disabled state [ 829.309075][T11828] device bridge_slave_1 entered promiscuous mode [ 829.328570][ T1172] usb 5-1: could not get target info (-71) [ 829.401838][T11828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 829.430340][ T1172] usb 5-1: could not probe fw (-71) [ 829.440056][T11828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 829.801897][T11828] team0: Port device team_slave_0 added [ 829.858440][T11828] team0: Port device team_slave_1 added [ 830.060656][T11828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 830.095830][T11828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 830.122580][T11828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 830.141003][T11828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 830.148972][T11828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 830.175176][T11828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 830.266045][T11828] device hsr_slave_0 entered promiscuous mode [ 830.281912][T11828] device hsr_slave_1 entered promiscuous mode [ 830.292782][T11828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 830.313128][T11828] Cannot create hsr debugfs directory [ 831.016771][ T4557] Bluetooth: hci5: command 0x040f tx timeout [ 831.681616][T11828] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 831.697955][T11914] loop3: detected capacity change from 0 to 2048 [ 831.733767][T11828] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 831.864763][T11828] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 831.915682][T11914] UDF-fs: bad mount option "18446744073709551615" or missing value [ 831.968861][T11828] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 833.063382][T11936] debugfs: Directory 'ptm1' with parent 'caif_serial' already present! [ 833.581997][T11935] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2145'. [ 833.589927][ T23] Bluetooth: hci5: command 0x0419 tx timeout [ 835.380140][T11828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 835.881401][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 835.953098][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 836.112736][T11828] 8021q: adding VLAN 0 to HW filter on device team0 [ 836.182155][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 836.202021][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 836.868156][ T1172] bridge0: port 1(bridge_slave_0) entered blocking state [ 836.875267][ T1172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 836.913814][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 836.944993][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 836.971281][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 837.005726][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state [ 837.012901][ T1172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 837.108006][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 837.178607][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 837.230737][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 837.326651][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 837.748724][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 837.781250][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 837.831335][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 837.922050][T11828] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 837.950354][T11828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 838.046899][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 838.055822][T11988] 9pnet: Insufficient options for proto=fd [ 838.067705][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 838.094888][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 838.117379][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 838.155184][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 840.774507][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 840.822847][T12019] NILFS (loop1): device size too small [ 840.831287][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 841.791565][T11828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 841.981827][T12027] loop4: detected capacity change from 0 to 2048 [ 842.256619][T12027] UDF-fs: bad mount option "18446744073709551615" or missing value [ 843.126671][T12031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 843.372849][T12031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 843.854866][T12031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 843.935282][T12031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 844.007627][T12031] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 844.025862][T12031] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 844.065860][T11828] device veth0_vlan entered promiscuous mode [ 844.118431][T11828] device veth1_vlan entered promiscuous mode [ 844.192755][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 844.716576][T12031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 844.748476][T12031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 846.892331][T11828] device veth0_macvtap entered promiscuous mode [ 847.031807][ T6348] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 847.045953][T11828] device veth1_macvtap entered promiscuous mode [ 847.148910][T11828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 847.176448][T11828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.279009][T11828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 847.313800][T11828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.327509][T12066] NILFS (loop4): device size too small [ 847.336268][T11828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 847.378047][T11828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.410550][T12068] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2177'. [ 847.448116][T11828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 847.468311][T11828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.482919][T11828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 847.496587][T11828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.535823][T11828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 847.765541][T11828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 847.912199][T11828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.956163][T11828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 847.997593][T11828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 848.033443][T11828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 848.067040][T11828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 848.096540][T11828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 848.135148][T11828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 848.168488][T11828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 848.208635][T11828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 848.243218][T11828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 848.264614][T11828] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 848.294468][T11828] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 848.321235][T11828] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 848.352160][T11828] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 848.435888][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 848.448470][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 848.507461][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 848.539827][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 850.399723][T12081] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2173'. [ 850.607679][T12031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 850.634065][T12031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 850.802947][ T4270] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 850.926105][ T4270] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 851.290769][T12091] kvm: pic: single mode not supported [ 851.291054][T12091] kvm: pic: level sensitive irq not supported [ 851.327175][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 851.409863][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 852.077509][T12101] loop1: detected capacity change from 0 to 2048 [ 852.154830][T12101] UDF-fs: bad mount option "18446744073709551615" or missing value [ 852.275430][T12113] NILFS (loop4): device size too small [ 853.006187][T12117] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2189'. [ 854.264266][T12133] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2193'. [ 854.542901][T12140] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2196'. [ 854.750684][T12144] mkiss: ax0: crc mode is auto. [ 855.258024][T12156] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2200'. [ 855.260094][T12154] NILFS (loop1): device size too small [ 856.466681][ T4169] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 856.846674][ T4169] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 856.888320][ T4169] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 856.925236][ T4169] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 59357, setting to 1024 [ 856.960113][ T4169] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 857.321989][ T4169] usb 2-1: New USB device found, idVendor=0f11, idProduct=2051, bcdDevice=79.c5 [ 857.341571][ T4169] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 857.495554][ T4169] usb 2-1: Product: syz [ 857.579763][ T4169] usb 2-1: Manufacturer: syz [ 857.663112][ T4169] usb 2-1: SerialNumber: syz [ 857.851630][ T4169] usb 2-1: config 0 descriptor?? [ 858.047098][T12166] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 858.094481][ T4169] ldusb 2-1:0.0: Interrupt in endpoint not found [ 858.372825][T12188] loop3: detected capacity change from 0 to 2048 [ 858.441427][ T4250] usb 2-1: USB disconnect, device number 11 [ 858.468348][T12188] UDF-fs: bad mount option "18446744073709551615" or missing value [ 858.484938][ T4266] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 858.519961][ T4266] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 858.587173][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 858.844370][T12200] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2213'. [ 858.889131][T12200] NILFS (loop2): device size too small [ 858.908582][T12203] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.2214'. [ 859.200891][T12203] netlink: zone id is out of range [ 859.375918][T12203] netlink: zone id is out of range [ 859.460832][T12203] netlink: del zone limit has 4 unknown bytes [ 860.183410][T12210] rdma_rxe: rxe_register_device failed with error -23 [ 860.191386][T12210] rdma_rxe: failed to add team_slave_1 [ 864.519966][T12243] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2226'. [ 864.585329][T12243] NILFS (loop2): device size too small [ 866.107369][T12256] nbd2: detected capacity change from 0 to 67108884 [ 866.120107][T12254] block nbd2: shutting down sockets [ 866.155171][ T26] audit: type=1326 audit(1731961968.507:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12265 comm="syz.5.2233" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1cb6a55719 code=0x0 [ 866.336933][ T9367] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 866.743997][ T9367] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 866.764639][ T9367] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 866.801425][ T9367] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 59357, setting to 1024 [ 866.833044][ T9367] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 866.923494][ T150] print_req_error: 2 callbacks suppressed [ 866.923510][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 866.966567][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 866.978521][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 866.989670][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 866.998357][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 867.009262][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 867.017674][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 867.028550][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 867.037245][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 867.048134][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 867.057228][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 867.068115][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 867.076497][ T9367] usb 5-1: New USB device found, idVendor=0f11, idProduct=2051, bcdDevice=79.c5 [ 867.086161][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 867.097357][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 867.105746][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 867.116638][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 867.125174][ T4264] ldm_validate_partition_table(): Disk read failed. [ 867.133220][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 867.144122][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 867.152447][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 867.163296][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 867.171356][ T9367] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 867.172331][ T4264] Dev nbd2: unable to read RDB block 0 [ 867.180012][ T9367] usb 5-1: Product: syz [ 867.189730][ T9367] usb 5-1: Manufacturer: syz [ 867.194351][ T9367] usb 5-1: SerialNumber: syz [ 867.393081][ T4264] nbd2: unable to read partition table [ 867.499732][ T9367] usb 5-1: config 0 descriptor?? [ 867.695923][T12260] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 867.820017][ T9367] ldusb 5-1:0.0: Interrupt in endpoint not found [ 868.462964][ T4264] ldm_validate_partition_table(): Disk read failed. [ 868.680538][ T4264] Dev nbd2: unable to read RDB block 0 [ 868.758889][T12284] 9pnet: Insufficient options for proto=fd [ 868.793690][ T4214] usb 5-1: USB disconnect, device number 11 [ 868.885362][ T4264] nbd2: unable to read partition table [ 868.970554][T12290] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2239'. [ 868.982297][T12290] NILFS (loop1): device size too small [ 869.347528][ T4557] Bluetooth: hci5: command 0x0405 tx timeout [ 870.077197][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.083621][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 [ 874.599161][T12335] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 874.611378][T12335] Cannot find add_set index 0 as target [ 875.425434][T12337] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2251'. [ 875.452761][T12337] NILFS (loop5): device size too small [ 876.737360][T12342] 9pnet: Insufficient options for proto=fd [ 879.596409][T12379] loop3: detected capacity change from 0 to 2048 [ 879.669181][T12379] UDF-fs: bad mount option "18446744073709551615" or missing value [ 879.981893][T12384] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2264'. [ 880.017492][T12384] NILFS (loop4): device size too small [ 880.677997][T12388] 9pnet: Insufficient options for proto=fd [ 881.376716][ T4183] Bluetooth: Wrong link type (-71) [ 883.168958][T12420] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2275'. [ 883.202881][T12420] NILFS (loop1): device size too small [ 884.683063][T12442] loop5: detected capacity change from 0 to 2048 [ 884.789325][T12442] UDF-fs: bad mount option "18446744073709551615" or missing value [ 885.112389][T12447] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2284'. [ 887.265529][T12479] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2291'. [ 887.313922][T12479] NILFS (loop3): device size too small [ 890.423811][T12506] mkiss: ax0: crc mode is auto. [ 890.729528][T12508] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2297'. [ 891.060177][T12501] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2296'. [ 891.256879][T12517] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2302'. [ 891.359178][T12517] NILFS (loop4): device size too small [ 892.100625][T12524] loop5: detected capacity change from 0 to 2048 [ 892.445577][T12530] overlayfs: failed to resolve './file0': -2 [ 892.760773][T12524] UDF-fs: bad mount option "18446744073709551615" or missing value [ 896.013207][T12560] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2314'. [ 896.420746][T12565] overlayfs: failed to resolve './file0': -2 [ 896.452705][T12560] NILFS (loop1): device size too small [ 899.987461][T12606] syz.3.2324[12606] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 899.987955][T12606] syz.3.2324[12606] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 900.317155][T12607] loop2: detected capacity change from 0 to 2048 [ 900.527805][T12607] UDF-fs: bad mount option "18446744073709551615" or missing value [ 901.559494][T12622] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2318'. [ 902.032446][T12625] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2329'. [ 902.114498][T12625] NILFS (loop4): device size too small [ 902.139902][T12627] overlayfs: failed to resolve './file0': -2 [ 905.108518][T12657] syz.5.2337[12657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 905.108916][T12657] syz.5.2337[12657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 906.219082][ T4559] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 907.308105][T12669] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2340'. [ 907.808695][T12670] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2342'. [ 907.819485][T12672] "syz.2.2341" (12672) uses obsolete ecb(arc4) skcipher [ 907.868143][T12670] NILFS (loop1): device size too small [ 907.985914][T12671] loop2: detected capacity change from 0 to 128 [ 909.133344][T12671] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,bsddf,noload,barrier,usrquota,i_version,,errors=continue. Quota mode: writeback. [ 909.312562][T12671] ext4 filesystem being mounted at /466/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 910.184442][T12694] loop1: detected capacity change from 0 to 2048 [ 910.308229][T12696] syz.3.2348[12696] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 910.308572][T12696] syz.3.2348[12696] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 910.543467][T12694] UDF-fs: bad mount option "18446744073709551615" or missing value [ 913.645190][T12731] overlayfs: failed to resolve './file0': -2 [ 915.135723][T12745] syz.1.2359[12745] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 915.135826][T12745] syz.1.2359[12745] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 915.762205][T12758] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2365'. [ 916.301545][T12758] NILFS (loop2): device size too small [ 917.293410][T12772] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2368'. [ 917.322449][ T4183] Bluetooth: Wrong link type (-71) [ 917.474892][T12776] loop1: detected capacity change from 0 to 2048 [ 917.585642][T12776] UDF-fs: bad mount option "18446744073709551615" or missing value [ 919.491459][T12799] syz.4.2376[12799] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 919.491560][T12799] syz.4.2376[12799] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 920.529082][T12811] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2381'. [ 921.753462][T12827] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2382'. [ 921.775373][T12811] NILFS (loop4): device size too small [ 923.674523][T12844] 9pnet: Insufficient options for proto=fd [ 923.680767][ T4183] Bluetooth: Wrong link type (-71) [ 925.770775][T12870] loop3: detected capacity change from 0 to 2048 [ 925.989925][T12886] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2396'. [ 926.018127][T12870] UDF-fs: bad mount option "18446744073709551615" or missing value [ 926.146768][T12890] mkiss: ax0: crc mode is auto. [ 926.167703][T12890] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2395'. [ 926.252284][T12886] NILFS (loop2): device size too small [ 927.056529][T12888] netlink: 'syz.5.2397': attribute type 72 has an invalid length. [ 927.118186][ T4554] Bluetooth: hci5: command 0x0405 tx timeout [ 927.139096][T12888] netlink: 'syz.5.2397': attribute type 1 has an invalid length. [ 927.151951][T12888] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2397'. [ 928.763609][T12910] 9pnet: Insufficient options for proto=fd [ 929.534667][T12925] mkiss: ax0: crc mode is auto. [ 930.501894][T12943] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2410'. [ 930.702285][T12943] NILFS (loop3): device size too small [ 931.535312][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.544359][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.921380][T12952] netlink: 'syz.4.2412': attribute type 72 has an invalid length. [ 932.287827][T12956] mkiss: ax0: crc mode is auto. [ 932.299710][T12956] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2411'. [ 932.725174][T12952] netlink: 'syz.4.2412': attribute type 1 has an invalid length. [ 932.737998][T12952] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2412'. [ 933.917819][T12976] 9pnet: Insufficient options for proto=fd [ 935.460367][T13002] netlink: 'syz.3.2426': attribute type 72 has an invalid length. [ 935.484213][T13004] netlink: 'syz.5.2425': attribute type 1 has an invalid length. [ 935.680934][T13008] syz.2.2424[13008] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 935.681436][T13008] syz.2.2424[13008] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 935.733111][T13002] netlink: 'syz.3.2426': attribute type 1 has an invalid length. [ 935.890754][T13002] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2426'. [ 937.269898][ T4250] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 937.543604][T13041] 9pnet: Insufficient options for proto=fd [ 939.054598][T13052] mkiss: ax0: crc mode is auto. [ 939.277363][T13056] netlink: 200 bytes leftover after parsing attributes in process `syz.2.2439'. [ 939.350028][T13058] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2438'. [ 939.756436][ T4250] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 939.764052][ T4250] usb 6-1: can't read configurations, error -71 [ 940.401396][T13068] syz.5.2440[13068] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 940.401519][T13068] syz.5.2440[13068] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 942.943847][T13087] 9pnet: Insufficient options for proto=fd [ 943.876259][T13095] netlink: 200 bytes leftover after parsing attributes in process `syz.4.2452'. [ 945.058039][T13109] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2454'. [ 945.704255][T13114] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2453'. [ 947.038499][ T4182] Bluetooth: Wrong link type (-71) [ 947.947880][T13133] overlayfs: failed to resolve './file1': -2 [ 949.285022][T13115] Bluetooth: hci5: command 0x0406 tx timeout [ 949.522282][T13150] netlink: 200 bytes leftover after parsing attributes in process `syz.2.2465'. [ 949.794647][T13156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2466'. [ 950.701160][T13162] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2469'. [ 951.466505][ T4183] Bluetooth: Wrong link type (-71) [ 953.187821][ T4247] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 954.342476][T13206] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2479'. [ 954.555119][ T4183] Bluetooth: Wrong link type (-71) [ 954.578615][T13206] NILFS (loop1): device size too small [ 954.826616][ T4247] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 955.682627][ T4247] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 956.193955][ T4247] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 59357, setting to 1024 [ 957.149491][T13217] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2484'. [ 957.150647][ T4247] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 957.357193][ T4247] usb 6-1: string descriptor 0 read error: -71 [ 957.363473][ T4247] usb 6-1: New USB device found, idVendor=0f11, idProduct=2051, bcdDevice=79.c5 [ 957.578137][ T4247] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 957.589109][ T4247] usb 6-1: config 0 descriptor?? [ 957.805572][ T26] audit: type=1800 audit(1731962060.157:43): pid=13230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2487" name="SYSV00000000" dev="hugetlbfs" ino=5 res=0 errno=0 [ 957.827776][ T4247] usb 6-1: can't set config #0, error -71 [ 957.843746][ T4247] usb 6-1: USB disconnect, device number 4 [ 959.595479][T13259] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2494'. [ 960.603992][T13259] NILFS (loop2): device size too small [ 961.917109][T13271] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2497'. [ 962.456531][ T2300] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 962.966630][ T2300] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 962.986413][ T2300] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 962.999251][ T2300] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 59357, setting to 1024 [ 963.011620][ T7] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 963.026570][ T2300] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 963.206655][ T2300] usb 4-1: New USB device found, idVendor=0f11, idProduct=2051, bcdDevice=79.c5 [ 963.222338][ T2300] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 963.245351][ T2300] usb 4-1: Product: syz [ 963.263679][ T2300] usb 4-1: Manufacturer: syz [ 963.268603][ T7] usb 5-1: Using ep0 maxpacket: 8 [ 963.281282][ T2300] usb 4-1: SerialNumber: syz [ 963.304929][ T2300] usb 4-1: config 0 descriptor?? [ 963.336684][T13272] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 963.361042][ T2300] ldusb 4-1:0.0: Interrupt in endpoint not found [ 963.387207][ T7] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 963.409778][ T7] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 963.444799][ T7] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 963.465880][ T7] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 963.476659][ T7] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 963.490194][ T7] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 963.499879][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 963.576523][ T23] usb 4-1: USB disconnect, device number 19 [ 963.776435][ T7] usb 5-1: usb_control_msg returned -32 [ 963.782059][ T7] usbtmc 5-1:16.0: can't read capabilities [ 965.033301][T13304] binder: 13303:13304 ioctl c0306201 0 returned -14 [ 965.076602][T13307] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2508'. [ 965.111391][T13307] NILFS (loop1): device size too small [ 965.117327][ T23] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 966.465999][ T4214] usb 5-1: USB disconnect, device number 12 [ 966.546390][ T23] usb 6-1: Using ep0 maxpacket: 16 [ 966.956164][ T23] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 967.786411][ T23] usb 6-1: config 0 has no interfaces? [ 967.792904][ T23] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 967.802410][ T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 967.850624][ T23] usb 6-1: config 0 descriptor?? [ 967.996649][ T23] usb 6-1: can't set config #0, error -71 [ 968.006514][ T23] usb 6-1: USB disconnect, device number 5 [ 968.408245][T13339] "syz.3.2513" (13339) uses obsolete ecb(arc4) skcipher [ 968.479223][T13339] loop3: detected capacity change from 0 to 128 [ 969.047923][T13339] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,bsddf,noload,barrier,usrquota,i_version,,errors=continue. Quota mode: writeback. [ 969.064068][T13339] ext4 filesystem being mounted at /505/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 969.296432][ T4247] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 969.373292][T13351] NILFS (loop3): device size too small [ 970.702732][T13363] syz.1.2509[13363] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 970.702830][T13363] syz.1.2509[13363] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 971.454384][ T4247] usb 3-1: device not accepting address 12, error -71 [ 973.537330][T13386] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2526'. [ 973.576569][T13386] device ip6gretap0 entered promiscuous mode [ 973.597050][T13386] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2526'. [ 973.850134][T13390] mkiss: ax0: crc mode is auto. [ 973.878782][T13390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2527'. [ 974.743923][T13397] "syz.2.2529" (13397) uses obsolete ecb(arc4) skcipher [ 974.757746][T13397] loop2: detected capacity change from 0 to 128 [ 974.973561][T13400] NILFS (loop1): device size too small [ 974.980279][T13397] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,bsddf,noload,barrier,usrquota,i_version,,errors=continue. Quota mode: writeback. [ 974.995873][T13397] ext4 filesystem being mounted at /509/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 976.813665][T13418] syz.1.2533[13418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 976.813790][T13418] syz.1.2533[13418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 980.128835][T13446] mkiss: ax0: crc mode is auto. [ 980.150237][T13446] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2541'. [ 980.235202][T13443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2539'. [ 980.487165][ T4554] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 980.833991][T13455] NILFS (loop1): device size too small [ 981.062373][ T4554] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 981.073958][ T4554] usb 4-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 981.083131][ T4554] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 981.182838][ T4554] usb 4-1: config 0 descriptor?? [ 981.236532][ T4554] usb 4-1: can't set config #0, error -71 [ 981.258523][T13462] overlayfs: missing 'lowerdir' [ 981.278019][ T4554] usb 4-1: USB disconnect, device number 20 [ 982.148711][T13476] syz.5.2548[13476] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 982.149190][T13476] syz.5.2548[13476] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 982.990419][T13482] "syz.3.2550" (13482) uses obsolete ecb(arc4) skcipher [ 983.015131][T13482] loop3: detected capacity change from 0 to 128 [ 983.654434][T13482] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,bsddf,noload,barrier,usrquota,i_version,,errors=continue. Quota mode: writeback. [ 983.670118][T13482] ext4 filesystem being mounted at /513/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 985.469422][T13506] xt_nat: multiple ranges no longer supported [ 986.757651][T13510] overlayfs: missing 'lowerdir' [ 987.663133][T13521] NILFS (loop4): device size too small [ 990.382531][T13545] overlayfs: missing 'lowerdir' [ 991.077986][T13559] syz.5.2573[13559] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 991.078322][T13559] syz.5.2573[13559] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 991.662705][T13537] "syz.1.2565" (13537) uses obsolete ecb(arc4) skcipher [ 991.765125][T13568] NILFS (loop2): device size too small [ 991.766293][T13569] loop1: detected capacity change from 0 to 128 [ 992.938910][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.945369][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.318161][T13569] EXT4-fs: error -4 creating inode table initialization thread [ 993.326114][T13569] EXT4-fs (loop1): mount failed [ 995.589629][T13115] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 996.839892][T13607] befs: (nbd1): No write support. Marking filesystem read-only [ 996.933950][ T1091] nbd_handle_cmd: 2 callbacks suppressed [ 996.934019][ T1091] block nbd1: Attempted send on invalid socket [ 996.948269][ T1091] print_req_error: 24 callbacks suppressed [ 996.948304][ T1091] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 996.967080][T13607] befs: (nbd1): unable to read superblock [ 997.639196][T13115] usb 6-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 997.693231][T13115] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 997.744657][T13612] NILFS (loop1): device size too small [ 997.753059][T13115] usb 6-1: config 0 descriptor?? [ 998.177942][T13115] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input19 [ 998.555004][T13115] usb 6-1: USB disconnect, device number 6 [ 1000.255766][T13640] overlayfs: missing 'lowerdir' [ 1000.477602][T13645] "syz.1.2591" (13645) uses obsolete ecb(arc4) skcipher [ 1000.490667][T13645] loop1: detected capacity change from 0 to 128 [ 1001.327290][T13665] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2596'. [ 1001.401229][T13645] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,bsddf,noload,barrier,usrquota,i_version,,errors=continue. Quota mode: writeback. [ 1001.416893][T13645] ext4 filesystem being mounted at /523/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1001.936923][T13670] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2599'. [ 1001.987979][T13670] NILFS (loop2): device size too small [ 1003.447691][ T4183] Bluetooth: Wrong link type (-71) [ 1003.452934][ T4183] Bluetooth: hci4: link tx timeout [ 1003.458899][ T4183] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 1003.467815][ T4183] Bluetooth: hci4: link tx timeout [ 1003.473473][ T4183] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 1004.536412][ T4559] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 1005.417505][ T4559] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 1005.633879][ T4559] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1005.686584][ T4559] usb 4-1: config 0 descriptor?? [ 1005.725529][T13115] Bluetooth: hci4: command 0x0406 tx timeout [ 1006.084133][T13722] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2616'. [ 1006.133386][T13722] NILFS (loop1): device size too small [ 1007.923285][T13735] mkiss: ax0: crc mode is auto. [ 1007.931291][T13735] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2619'. [ 1008.269721][ T4559] pegasus 4-1:0.0: can't reset MAC [ 1008.271347][ T4559] pegasus: probe of 4-1:0.0 failed with error -5 [ 1008.549970][ T4559] usb 4-1: USB disconnect, device number 21 [ 1009.035336][T13752] overlayfs: missing 'lowerdir' [ 1010.813963][ T4183] Bluetooth: Wrong link type (-71) [ 1010.821527][ T4183] Bluetooth: hci3: link tx timeout [ 1010.829404][ T4183] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 1010.946976][T13779] mkiss: ax0: crc mode is auto. [ 1010.978857][T13779] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2633'. [ 1010.993523][ T4183] Bluetooth: hci3: link tx timeout [ 1011.001138][ T4183] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 1011.736196][T13790] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1011.771399][T13790] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1013.616568][ T2300] Bluetooth: hci3: command 0x0406 tx timeout [ 1013.788774][T13821] syz.3.2648 uses old SIOCAX25GETINFO [ 1014.006601][ T4183] Bluetooth: Wrong link type (-71) [ 1014.012880][ T4183] Bluetooth: hci2: link tx timeout [ 1014.020908][ T4183] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 1014.030433][ T4183] Bluetooth: hci2: link tx timeout [ 1014.036176][ T4183] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1014.934564][T13833] mkiss: ax0: crc mode is auto. [ 1014.942804][T13833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2651'. [ 1014.959840][T13835] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1014.996417][T13835] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1015.026519][ T2300] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1015.115698][T13836] tipc: Can't bind to reserved service type 2 [ 1015.746736][ T2300] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1016.033228][ T2300] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1016.117031][ T2300] usb 4-1: New USB device found, idVendor=056a, idProduct=5131, bcdDevice=6a.a7 [ 1016.146608][ T4551] Bluetooth: hci2: command 0x0406 tx timeout [ 1016.340773][ T2300] usb 4-1: New USB device strings: Mfr=183, Product=0, SerialNumber=0 [ 1016.349464][ T2300] usb 4-1: Manufacturer: syz [ 1016.362633][ T2300] usb 4-1: config 0 descriptor?? [ 1016.616520][T13861] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1017.443551][T13865] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2660'. [ 1017.549059][ T2300] wacom 0003:056A:5131.0005: unknown main item tag 0x0 [ 1017.599096][ T2300] wacom 0003:056A:5131.0005: unknown main item tag 0x0 [ 1018.382533][ T2300] wacom 0003:056A:5131.0005: unknown main item tag 0x0 [ 1018.468616][ T2300] wacom 0003:056A:5131.0005: Unknown device_type for 'syz'. Ignoring. [ 1018.491264][T13876] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1018.581342][ T2300] usb 4-1: USB disconnect, device number 22 [ 1018.609016][T13876] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1019.258961][T13884] mkiss: ax0: crc mode is auto. [ 1019.266716][T13884] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2667'. [ 1020.692949][T13890] device veth1_macvtap left promiscuous mode [ 1020.699382][T13890] device macsec0 entered promiscuous mode [ 1020.708550][T13893] bridge0: port 3(erspan0) entered blocking state [ 1020.715110][T13893] bridge0: port 3(erspan0) entered disabled state [ 1020.725084][T13893] device erspan0 entered promiscuous mode [ 1020.735425][T13893] bridge0: port 3(erspan0) entered blocking state [ 1020.741951][T13893] bridge0: port 3(erspan0) entered forwarding state [ 1021.224285][T13897] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2672'. [ 1021.785069][T13914] overlayfs: missing 'lowerdir' [ 1021.790974][ T26] audit: type=1326 audit(1731962124.147:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13915 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb6a55719 code=0x7ffc0000 [ 1022.029024][ T26] audit: type=1326 audit(1731962124.357:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13915 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb6a55719 code=0x7ffc0000 [ 1022.588222][ T26] audit: type=1326 audit(1731962124.417:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13915 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f1cb6a55719 code=0x7ffc0000 [ 1022.611286][ T26] audit: type=1326 audit(1731962124.787:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13915 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb6a55719 code=0x7ffc0000 [ 1022.641506][ T26] audit: type=1326 audit(1731962124.787:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13915 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb6a55719 code=0x7ffc0000 [ 1022.696962][ T4250] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1023.609384][ T4250] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1023.795645][ T4250] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1023.805693][ T4250] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1023.826194][ T4250] usb 6-1: config 0 descriptor?? [ 1023.888928][ T4250] pwc: Askey VC010 type 2 USB webcam detected. [ 1024.334540][ T26] audit: type=1326 audit(1731962126.687:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13915 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1cb6a5531b code=0x7ffc0000 [ 1024.427148][ T26] audit: type=1326 audit(1731962126.787:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13915 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1cb6a5531b code=0x7ffc0000 [ 1024.457939][ T26] audit: type=1326 audit(1731962126.807:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13915 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1cb6a87805 code=0x7ffc0000 [ 1024.650213][ T26] audit: type=1326 audit(1731962127.007:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13915 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb6a55719 code=0x7ffc0000 [ 1024.681823][ T4250] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1024.682639][ T26] audit: type=1326 audit(1731962127.007:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13915 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb6a55719 code=0x7ffc0000 [ 1025.196790][ T4250] pwc: recv_control_msg error -71 req 02 val 2700 [ 1025.766447][ T4250] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1025.786559][ T4250] pwc: recv_control_msg error -71 req 04 val 1000 [ 1025.856493][ T4250] pwc: recv_control_msg error -71 req 04 val 1300 [ 1025.886740][ T4250] pwc: recv_control_msg error -71 req 04 val 1400 [ 1025.923009][ T4250] pwc: recv_control_msg error -71 req 02 val 2000 [ 1025.966435][ T4250] pwc: recv_control_msg error -71 req 02 val 2100 [ 1025.996494][ T4250] pwc: recv_control_msg error -71 req 04 val 1500 [ 1026.026734][ T4250] pwc: recv_control_msg error -71 req 02 val 2500 [ 1026.056417][ T4250] pwc: recv_control_msg error -71 req 02 val 2400 [ 1026.066201][T13965] overlayfs: missing 'lowerdir' [ 1026.076438][ T4250] pwc: recv_control_msg error -71 req 02 val 2600 [ 1026.096401][ T4250] pwc: recv_control_msg error -71 req 02 val 2900 [ 1026.116400][ T4250] pwc: recv_control_msg error -71 req 02 val 2800 [ 1026.136416][ T4250] pwc: recv_control_msg error -71 req 04 val 1100 [ 1026.156416][ T4250] pwc: recv_control_msg error -71 req 04 val 1200 [ 1026.167254][ T4250] pwc: Registered as video103. [ 1026.175844][ T4250] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input23 [ 1026.195662][ T4250] usb 6-1: USB disconnect, device number 7 [ 1026.909085][T13984] Mount JFS Failure: -22 [ 1026.926333][T13984] jfs_mount failed w/return code = -22 [ 1027.086645][ T4554] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 1027.131115][T13988] netlink: 'syz.3.2701': attribute type 17 has an invalid length. [ 1027.298582][T13994] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2705'. [ 1027.457004][ T4554] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 1027.495735][ T4554] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1027.516143][ T4554] usb 2-1: config 0 has no interface number 0 [ 1027.576607][ T4554] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 1027.601258][ T4554] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1027.619448][ T4554] usb 2-1: config 0 interface 52 has no altsetting 0 [ 1027.818327][ T4554] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 1027.842217][ T4554] usb 2-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 1027.897419][ T4554] usb 2-1: Product: syz [ 1027.906828][ T4554] usb 2-1: Manufacturer: syz [ 1027.909710][T14002] overlayfs: missing 'lowerdir' [ 1027.911877][ T4554] usb 2-1: SerialNumber: syz [ 1027.957685][ T4554] usb 2-1: config 0 descriptor?? [ 1028.161949][T14005] fuse: Unknown parameter 'fd0x0000000000000004' [ 1028.228041][T14007] capability: warning: `syz.5.2709' uses deprecated v2 capabilities in a way that may be insecure [ 1028.251632][ T4554] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.52/input/input24 [ 1028.436582][T13115] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 1028.463178][ T4554] usb 2-1: USB disconnect, device number 13 [ 1028.486303][ C1] synaptics_usb 2-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 1028.834950][T13115] usb 5-1: Using ep0 maxpacket: 32 [ 1028.867759][ T4551] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1028.986965][T13115] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1029.110769][T13115] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1029.482748][T13115] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1029.536656][ T4551] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1029.556386][ T4551] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1029.572950][T13115] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 1029.755814][ T4551] usb 4-1: New USB device found, idVendor=0c70, idProduct=f00d, bcdDevice= 0.00 [ 1029.774292][T13115] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1029.782436][ T4551] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1029.793343][T13115] usb 5-1: config 0 descriptor?? [ 1030.229529][T14027] mkiss: ax0: crc mode is auto. [ 1030.246912][T14027] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2713'. [ 1030.304456][ T4551] usb 4-1: config 0 descriptor?? [ 1030.375976][T14030] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2716'. [ 1030.562332][T14039] overlayfs: missing 'workdir' [ 1030.964828][ T4551] hid-generic 0003:0C70:F00D.0006: unknown main item tag 0x0 [ 1030.973276][ T4551] hid-generic 0003:0C70:F00D.0006: unbalanced delimiter at end of report description [ 1031.056461][T13115] usbhid 5-1:0.0: can't add hid device: -71 [ 1031.063145][T13115] usbhid: probe of 5-1:0.0 failed with error -71 [ 1031.070699][ T4551] hid-generic: probe of 0003:0C70:F00D.0006 failed with error -22 [ 1031.102337][T13115] usb 5-1: USB disconnect, device number 13 [ 1031.144641][ T4551] usb 4-1: USB disconnect, device number 23 [ 1031.182028][T14053] 9pnet: Insufficient options for proto=fd [ 1033.516718][T14082] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2728'. [ 1036.801321][T14127] 9pnet: Insufficient options for proto=fd [ 1036.944426][T14131] syz.4.2739 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1037.593348][T14140] overlayfs: unrecognized mount option "verity=on" or missing value [ 1040.533338][T14178] netlink: 'syz.1.2753': attribute type 10 has an invalid length. [ 1040.982696][T14182] 9pnet: Insufficient options for proto=fd [ 1041.014945][T14178] team0: Port device netdevsim0 added [ 1045.322628][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 1045.322644][ T26] audit: type=1326 audit(1731966242.678:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14214 comm="syz.1.2765" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f571d1ce719 code=0x0 [ 1046.616377][ T4554] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1054.282704][T14293] smc: ib device syz2 ibport 1 applied user defined pnetid SYZ0 [ 1054.355040][T14293] smc: ib device syz2 ibport 1 erased user defined pnetid SYZ0 [ 1054.378670][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.385056][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.416410][ T4250] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1054.676537][ T4250] usb 3-1: Using ep0 maxpacket: 16 [ 1054.806579][ T4250] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1054.838076][ T4250] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1054.929674][T14311] 9pnet: Insufficient options for proto=fd [ 1054.997888][ T4250] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1055.019118][ T4250] usb 3-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 1055.714884][ T4250] usb 3-1: Product: syz [ 1055.719330][ T4250] usb 3-1: Manufacturer: syz [ 1055.752789][ T4250] usb 3-1: config 0 descriptor?? [ 1056.529800][ T4250] kovaplus 0003:1E7D:2D50.0007: hidraw0: USB HID v0.07 Device [syz syz] on usb-dummy_hcd.2-1/input0 [ 1056.584027][T14334] afs: Unknown parameter ']' [ 1056.716671][ T4250] kovaplus 0003:1E7D:2D50.0007: couldn't init struct kovaplus_device [ 1057.385855][ T4250] kovaplus 0003:1E7D:2D50.0007: couldn't install mouse [ 1057.427357][ T4250] kovaplus: probe of 0003:1E7D:2D50.0007 failed with error -71 [ 1057.473563][T14342] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2806'. [ 1057.491291][ T4250] usb 3-1: USB disconnect, device number 14 [ 1057.797948][ T4449] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1058.126524][ T4449] usb 6-1: device descriptor read/64, error -71 [ 1058.436472][ T4449] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1059.266335][ T4449] usb 6-1: device descriptor read/64, error -71 [ 1059.435465][ T4449] usb usb6-port1: attempt power cycle [ 1059.505387][T14367] mkiss: ax0: crc mode is auto. [ 1059.576049][T14373] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2812'. [ 1059.879327][ T4449] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1061.188470][ T4449] usb 6-1: device descriptor read/8, error -71 [ 1062.018301][T14389] netlink: 'syz.3.2818': attribute type 1 has an invalid length. [ 1062.031707][T14389] netlink: 6536 bytes leftover after parsing attributes in process `syz.3.2818'. [ 1063.185170][T13115] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1063.692528][T13115] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1063.762123][T14386] ceph: No mds server is up or the cluster is laggy [ 1063.787958][T13115] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1064.064373][T13115] usb 4-1: New USB device found, idVendor=0c70, idProduct=f00d, bcdDevice= 0.00 [ 1064.074201][T13115] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1064.087848][ T4551] libceph: connect (1)[c::]:6789 error -101 [ 1064.096449][T13115] usb 4-1: config 0 descriptor?? [ 1064.103185][ T4551] libceph: mon0 (1)[c::]:6789 connect error [ 1064.303308][T14407] hfs: can't find a HFS filesystem on dev nullb0 [ 1064.816710][T13115] usbhid 4-1:0.0: can't add hid device: -71 [ 1064.824909][T13115] usbhid: probe of 4-1:0.0 failed with error -71 [ 1064.952005][T14418] mkiss: ax0: crc mode is auto. [ 1065.340353][T13115] usb 4-1: USB disconnect, device number 24 [ 1067.956789][T14457] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2838'. [ 1068.104967][T14457] NILFS (loop1): device size too small [ 1070.561757][T14493] mkiss: ax0: crc mode is auto. [ 1070.824228][T14496] sp0: Synchronizing with TNC [ 1075.195375][T14525] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2855'. [ 1075.240901][T14526] NILFS (loop3): device size too small [ 1080.078870][T14557] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 1082.280297][T14573] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2869'. [ 1082.458176][T14573] NILFS (loop2): device size too small [ 1083.502762][ T2300] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1083.876943][T14581] sp0: Synchronizing with TNC [ 1084.276704][ T2300] usb 5-1: unable to read config index 0 descriptor/all [ 1084.296573][ T2300] usb 5-1: can't read configurations, error -71 [ 1089.311122][T14620] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 1089.746891][T14624] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2881'. [ 1089.795584][T14624] NILFS (loop2): device size too small [ 1090.503475][T14631] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2883'. [ 1095.599988][T14660] syz.1.2890[14660] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1095.600071][T14660] syz.1.2890[14660] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1096.562765][T14674] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2894'. [ 1096.638358][T14676] NILFS (loop3): device size too small [ 1096.726384][T14678] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 1099.303353][T14690] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2897'. [ 1103.189670][T14702] chnl_net:caif_netlink_parms(): no params data found [ 1103.197091][T13115] Bluetooth: hci1: command 0x0409 tx timeout [ 1103.504930][T14729] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 1103.781745][T14702] bridge0: port 1(bridge_slave_0) entered blocking state [ 1103.789131][T14702] bridge0: port 1(bridge_slave_0) entered disabled state [ 1103.798170][T14702] device bridge_slave_0 entered promiscuous mode [ 1104.046757][T14702] bridge0: port 2(bridge_slave_1) entered blocking state [ 1104.096436][T14702] bridge0: port 2(bridge_slave_1) entered disabled state [ 1104.147669][T14702] device bridge_slave_1 entered promiscuous mode [ 1104.335630][T14702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1104.370269][T14702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1105.297822][ T4554] Bluetooth: hci1: command 0x041b tx timeout [ 1105.490691][T14702] team0: Port device team_slave_0 added [ 1105.522851][T14702] team0: Port device team_slave_1 added [ 1105.713248][T14702] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1105.733566][T14702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1106.625963][T14702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1106.692847][T14702] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1106.755881][T14702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1106.782078][T14702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1107.767168][ T4557] Bluetooth: hci1: command 0x040f tx timeout [ 1108.385499][T12572] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.816987][ T4551] Bluetooth: hci1: command 0x0419 tx timeout [ 1110.319455][T12572] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1110.387503][T14702] device hsr_slave_0 entered promiscuous mode [ 1110.427015][T14702] device hsr_slave_1 entered promiscuous mode [ 1110.474039][T14702] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1110.483228][T14702] Cannot create hsr debugfs directory [ 1110.534597][T12572] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1110.712181][T12572] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.644329][T14702] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1111.708925][T14702] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1111.761707][T14702] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1111.862867][T14702] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1112.316062][T14702] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1112.316363][T13115] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1112.377465][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1112.404386][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1112.441673][T14702] 8021q: adding VLAN 0 to HW filter on device team0 [ 1112.532384][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1112.558710][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1112.597506][ T1172] bridge0: port 1(bridge_slave_0) entered blocking state [ 1112.604653][ T1172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1112.708567][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1112.721376][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1112.766632][T13115] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1112.767901][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1112.796677][T13115] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1112.815178][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state [ 1112.822481][ T1172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1112.847493][T13115] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1112.882197][T13115] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1113.079918][T13115] usb 6-1: config 0 descriptor?? [ 1113.120603][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1113.424879][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1113.635747][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1113.803696][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1113.874991][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1113.884328][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1113.893383][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1113.935723][T14702] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1114.006471][T14702] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1115.837067][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.843387][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.036617][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1116.060567][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1116.082656][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1116.101791][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1116.115373][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1116.219740][T13115] usb 6-1: string descriptor 0 read error: -71 [ 1116.253238][T14851] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2936'. [ 1116.266301][T13115] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #200: -71 [ 1116.276766][T14851] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2936'. [ 1116.294136][T13115] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71 [ 1116.310966][T13115] uclogic 0003:256C:006D.0008: failed probing pen v2 parameters: -71 [ 1116.358065][T13115] uclogic 0003:256C:006D.0008: failed probing parameters: -71 [ 1116.403346][T13115] uclogic: probe of 0003:256C:006D.0008 failed with error -71 [ 1116.558981][T13115] usb 6-1: USB disconnect, device number 13 [ 1116.793104][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1116.837032][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1116.865708][T14702] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1117.267049][T12572] device hsr_slave_0 left promiscuous mode [ 1117.293471][T12572] device hsr_slave_1 left promiscuous mode [ 1117.454330][T12572] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1117.486584][T12572] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1117.579564][T12572] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1117.629597][T12572] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1119.011747][T12572] device bridge_slave_1 left promiscuous mode [ 1119.052041][T12572] bridge0: port 2(bridge_slave_1) entered disabled state [ 1119.975899][T12572] device bridge_slave_0 left promiscuous mode [ 1120.021839][T12572] bridge0: port 1(bridge_slave_0) entered disabled state [ 1120.297890][T12572] device veth1_macvtap left promiscuous mode [ 1120.408885][T12572] device veth0_macvtap left promiscuous mode [ 1120.434218][T12572] device veth1_vlan left promiscuous mode [ 1120.459247][T12572] device veth0_vlan left promiscuous mode [ 1120.819851][T14912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2947'. [ 1121.914845][T12572] bond1 (unregistering): Released all slaves [ 1122.595277][T12572] team0 (unregistering): Port device team_slave_1 removed [ 1123.631577][T12572] team0 (unregistering): Port device team_slave_0 removed [ 1123.682799][T12572] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1123.702226][T14931] NILFS (loop3): device size too small [ 1123.744053][T12572] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1125.211164][T12572] bond0 (unregistering): Released all slaves [ 1126.486792][T14946] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 1126.493986][T14946] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1127.514015][T14930] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2952'. [ 1127.524548][T14946] vhci_hcd vhci_hcd.0: Device attached [ 1127.666438][ T4449] usb 2-1: new low-speed USB device number 14 using dummy_hcd [ 1127.681163][T14957] 9pnet: Insufficient options for proto=fd [ 1127.946572][T13115] vhci_hcd: vhci_device speed not set [ 1128.003847][ T4219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1128.023467][ T4219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1128.032385][T13115] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 1128.036746][ T4449] usb 2-1: config 0 has no interfaces? [ 1128.052909][ T4449] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1128.090235][ T4449] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1128.108490][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1128.137203][ T4449] usb 2-1: config 0 descriptor?? [ 1128.148323][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1128.198057][T14702] device veth0_vlan entered promiscuous mode [ 1128.226498][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1128.249156][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1128.271284][T14702] device veth1_vlan entered promiscuous mode [ 1128.355916][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1128.377640][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1128.405645][T14948] usb 35-1: recv xbuf, -104 [ 1128.412403][ T4557] usb 2-1: USB disconnect, device number 14 [ 1128.422775][ T4266] vhci_hcd: stop threads [ 1128.428206][ T4266] vhci_hcd: release socket [ 1128.457631][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1128.460185][ T4266] vhci_hcd: disconnect device [ 1128.477564][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1128.496753][T13115] vhci_hcd: vhci_device speed not set [ 1128.530740][T14702] device veth0_macvtap entered promiscuous mode [ 1128.550090][T14702] device veth1_macvtap entered promiscuous mode [ 1128.680405][T14702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1128.725455][T14702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.767609][T14702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1128.816283][T14702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.826139][T14702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1128.875083][T14702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.929012][T14702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1128.965983][T14702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.996270][T14702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.190743][T14702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.228889][T14702] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1129.906513][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1129.934075][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1130.027326][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1130.037258][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1130.052861][T14702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.106282][T14702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.134708][T14702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.166358][T14702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.195951][T14702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.250718][T14702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.301715][T14702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.344057][T14702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.378905][T14702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.419972][T14702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.471930][T14702] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1130.505506][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1130.528958][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1130.564491][T14702] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.584589][T14702] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.650610][T14702] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.685362][T14702] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.959593][ T1172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1130.995382][ T1172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1131.093905][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1131.748163][ T4266] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1131.766435][ T4266] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1131.802052][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1132.083448][T15014] "syz.5.2966" (15014) uses obsolete ecb(arc4) skcipher [ 1132.295873][T15014] loop5: detected capacity change from 0 to 128 [ 1134.223395][T15014] EXT4-fs (loop5): mounted filesystem without journal. Opts: nombcache,bsddf,noload,barrier,usrquota,i_version,,errors=continue. Quota mode: writeback. [ 1134.239634][T15014] ext4 filesystem being mounted at /151/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1134.333083][T15020] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2967'. [ 1134.518930][T15020] NILFS (loop1): device size too small [ 1134.589096][T15024] syz.6.2902[15024] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1134.589172][T15024] syz.6.2902[15024] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1135.674517][T15034] 9pnet: Insufficient options for proto=fd [ 1136.876823][T15049] tipc: Failed to obtain node identity [ 1136.903443][T15049] tipc: Enabling of bearer rejected, failed to enable media [ 1138.088701][T15073] fuse: Unknown parameter '0x0000000000000009' [ 1139.447222][T15082] syz.2.2978[15082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1139.447326][T15082] syz.2.2978[15082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1139.731766][ T7] Bluetooth: hci4: command 0x0409 tx timeout [ 1140.256472][T15089] "syz.6.2979" (15089) uses obsolete ecb(arc4) skcipher [ 1140.672233][T15089] loop6: detected capacity change from 0 to 128 [ 1142.218331][ T7] Bluetooth: hci4: command 0x041b tx timeout [ 1142.230114][T15093] 9pnet: Insufficient options for proto=fd [ 1142.617349][T15089] EXT4-fs (loop6): mounted filesystem without journal. Opts: nombcache,bsddf,noload,barrier,usrquota,i_version,,errors=continue. Quota mode: writeback. [ 1142.633160][T15089] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1143.301068][T15106] mkiss: ax0: crc mode is auto. [ 1143.420465][T15108] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2982'. [ 1143.613761][T15051] chnl_net:caif_netlink_parms(): no params data found [ 1143.869809][ T4219] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1144.298234][ T4250] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1144.384880][ T7] Bluetooth: hci4: command 0x040f tx timeout [ 1144.595816][ T4219] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1144.656532][ T4250] usb 3-1: Using ep0 maxpacket: 8 [ 1144.776482][ T4250] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1144.805640][ T4250] usb 3-1: config 0 has no interface number 0 [ 1144.829347][ T4250] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1144.840611][ T4250] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1144.850065][ T4250] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1144.881469][ T4250] usb 3-1: config 0 descriptor?? [ 1144.919199][ T4219] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1144.941763][ T4250] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1145.110905][ T4219] team0: Port device netdevsim0 removed [ 1145.121834][ T4219] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1145.157698][ T4554] usb 3-1: USB disconnect, device number 15 [ 1145.198005][ T4554] iowarrior 3-1:0.1: I/O-Warror #0 now disconnected [ 1145.354079][T15051] bridge0: port 1(bridge_slave_0) entered blocking state [ 1145.361488][T15051] bridge0: port 1(bridge_slave_0) entered disabled state [ 1145.381012][T15051] device bridge_slave_0 entered promiscuous mode [ 1145.570615][T15051] bridge0: port 2(bridge_slave_1) entered blocking state [ 1145.589945][T15051] bridge0: port 2(bridge_slave_1) entered disabled state [ 1145.598196][T15145] syz.6.2989[15145] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1145.598296][T15145] syz.6.2989[15145] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1145.622402][T15051] device bridge_slave_1 entered promiscuous mode [ 1145.686377][T15051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1145.732003][T15051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1146.016274][T15153] "syz.3.2991" (15153) uses obsolete ecb(arc4) skcipher [ 1146.712182][T15153] loop3: detected capacity change from 0 to 128 [ 1146.916318][ T7] Bluetooth: hci4: command 0x0419 tx timeout [ 1148.449105][T15155] 9pnet: Insufficient options for proto=fd [ 1148.527291][T15153] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,bsddf,noload,barrier,usrquota,i_version,,errors=continue. Quota mode: writeback. [ 1148.542969][T15153] ext4 filesystem being mounted at /603/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1148.562183][T15051] team0: Port device team_slave_0 added [ 1148.571928][T15051] team0: Port device team_slave_1 added [ 1150.132601][T15051] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1150.162325][T15051] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1150.319845][T15051] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1150.365166][T15051] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1150.383555][T15051] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1150.680803][T15051] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1151.098500][T15051] device hsr_slave_0 entered promiscuous mode [ 1151.108258][T15051] device hsr_slave_1 entered promiscuous mode [ 1153.436157][T15236] netlink: 412 bytes leftover after parsing attributes in process `syz.3.3012'. [ 1153.728337][T15051] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1153.869034][T15051] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1153.939661][T15051] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1154.203857][T15051] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1154.546150][ T4219] device hsr_slave_0 left promiscuous mode [ 1154.552938][ T4219] device hsr_slave_1 left promiscuous mode [ 1154.566127][ T4219] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1154.577996][ T4219] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1154.598987][ T4219] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1154.615282][ T4219] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1154.663751][ T4219] device hsr0 left promiscuous mode [ 1154.672470][ T4219] bridge0: port 3(hsr0) entered disabled state [ 1154.785724][ T4219] device bridge_slave_1 left promiscuous mode [ 1154.836459][ T4219] bridge0: port 2(bridge_slave_1) entered disabled state [ 1154.892595][ T4219] device bridge_slave_0 left promiscuous mode [ 1154.908929][ T4219] bridge0: port 1(bridge_slave_0) entered disabled state [ 1154.978177][T15266] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3019'. [ 1154.990316][ T4219] device veth1_macvtap left promiscuous mode [ 1155.016432][ T4219] device veth0_macvtap left promiscuous mode [ 1155.030649][ T4219] device veth1_vlan left promiscuous mode [ 1155.051456][ T4219] device veth0_vlan left promiscuous mode [ 1156.913168][ T4219] team0 (unregistering): Port device bridge1 removed [ 1157.150317][ T4269] smc: removing ib device syz2 [ 1158.257178][T15289] "syz.5.3027" (15289) uses obsolete ecb(arc4) skcipher [ 1158.514924][T15289] loop5: detected capacity change from 0 to 128 [ 1159.196979][ T4219] team0 (unregistering): Port device team_slave_1 removed [ 1159.554002][ T4219] team0 (unregistering): Port device team_slave_0 removed [ 1159.836126][T15289] EXT4-fs (loop5): mounted filesystem without journal. Opts: nombcache,bsddf,noload,barrier,usrquota,i_version,,errors=continue. Quota mode: writeback. [ 1159.852050][T15289] ext4 filesystem being mounted at /168/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1160.252463][ T4219] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1160.292370][ T4219] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1160.709862][ T4219] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1160.875203][ T4219] bond0 (unregistering): Released all slaves [ 1161.234130][T15051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1161.334711][T15051] 8021q: adding VLAN 0 to HW filter on device team0 [ 1161.356108][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1161.375031][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1161.409116][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1161.466367][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1161.501523][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 1161.508655][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1161.563432][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1161.768802][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1161.784057][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1161.948325][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 1161.955486][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1162.277245][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1162.476162][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1162.527076][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1162.599899][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1162.652763][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1162.673035][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1162.684407][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1162.702639][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1162.719428][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1162.734034][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1162.757547][T15051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1162.856460][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1163.751138][ T6348] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1163.762589][ T6348] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1163.798322][T15051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1163.889818][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1163.923325][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1164.085081][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1164.138182][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1164.198840][T15051] device veth0_vlan entered promiscuous mode [ 1164.218844][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1164.239288][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1164.381554][T15051] device veth1_vlan entered promiscuous mode [ 1164.935653][T13127] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1165.062348][T13127] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1165.380800][T15051] device veth0_macvtap entered promiscuous mode [ 1165.455480][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1165.508087][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1165.875444][T15051] device veth1_macvtap entered promiscuous mode [ 1165.978313][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1166.028951][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1166.102915][T15051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1166.134782][T15051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1166.166422][T15051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1166.199729][T15051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1166.251493][T15051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1166.282936][T15051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1166.416379][T15051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1166.523961][T15051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1166.617811][T15051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1166.718688][T15051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1166.830950][T15051] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1167.147504][T15051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1167.198920][T15051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1167.236474][T15051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1167.315517][T15051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1167.343754][T15051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1167.403387][T15051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1167.414919][T15051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1167.433758][T15051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1167.444558][T15051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1167.469461][T15051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1167.511663][T15051] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1167.534447][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1167.574663][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1167.647142][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1167.667342][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1167.705785][T15051] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.730381][T15051] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.740709][T15051] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.752148][T15051] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.763071][T15390] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1167.991444][T13127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1168.019688][T13127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1168.680950][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1168.688871][T13127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1168.752402][T13127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1168.836890][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1170.286211][T15424] ALSA: seq fatal error: cannot create timer (-22) [ 1173.408244][T15478] overlayfs: overlapping lowerdir path [ 1175.026505][ T4551] Bluetooth: hci0: command 0x0409 tx timeout [ 1175.064775][T15463] chnl_net:caif_netlink_parms(): no params data found [ 1175.559305][T11830] Bluetooth: Wrong link type (-71) [ 1175.679476][T15463] bridge0: port 1(bridge_slave_0) entered blocking state [ 1175.728216][T15463] bridge0: port 1(bridge_slave_0) entered disabled state [ 1175.800329][T15463] device bridge_slave_0 entered promiscuous mode [ 1175.846103][T15463] bridge0: port 2(bridge_slave_1) entered blocking state [ 1175.853835][T15463] bridge0: port 2(bridge_slave_1) entered disabled state [ 1175.863618][T15463] device bridge_slave_1 entered promiscuous mode [ 1175.930219][T15463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1175.965933][T15529] overlayfs: overlapping lowerdir path [ 1175.980286][T15463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1176.142528][T15463] team0: Port device team_slave_0 added [ 1176.266934][T15463] team0: Port device team_slave_1 added [ 1176.607752][T15463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1176.628984][T15463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1177.132584][T15463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1177.259386][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.265731][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.346408][T15463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1177.348967][T13450] Bluetooth: hci0: command 0x041b tx timeout [ 1177.353393][T15463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1177.353422][T15463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1177.553228][T15463] device hsr_slave_0 entered promiscuous mode [ 1177.599883][T15463] device hsr_slave_1 entered promiscuous mode [ 1177.636557][T15463] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1177.644176][T15463] Cannot create hsr debugfs directory [ 1178.188930][T15463] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.479826][T15463] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.564556][T15570] "syz.6.3097" (15570) uses obsolete ecb(arc4) skcipher [ 1178.719862][T15570] loop6: detected capacity change from 0 to 128 [ 1179.506676][ T23] Bluetooth: hci0: command 0x040f tx timeout [ 1181.795985][T15570] EXT4-fs: failed to create workqueue [ 1181.802389][T15570] EXT4-fs (loop6): mount failed [ 1181.806015][T13450] Bluetooth: hci0: command 0x0419 tx timeout [ 1182.019355][T15463] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1182.272151][T15594] IPv6: addrconf: prefix option has invalid lifetime [ 1182.278917][T15594] IPv6: addrconf: prefix option has invalid lifetime [ 1182.468806][T15463] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1182.537908][T15606] overlayfs: overlapping lowerdir path [ 1182.767418][T15463] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1182.788102][T15463] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1182.829373][ T4219] bridge0: port 3(erspan0) entered disabled state [ 1182.849291][ T4219] device erspan0 left promiscuous mode [ 1182.861421][ T4219] bridge0: port 3(erspan0) entered disabled state [ 1182.884975][T15463] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1182.906011][T15463] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1184.317474][T15463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1184.426326][T15643] netlink: 'syz.5.3116': attribute type 10 has an invalid length. [ 1184.592653][T15643] team0: Port device netdevsim0 added [ 1184.676410][T15463] 8021q: adding VLAN 0 to HW filter on device team0 [ 1184.773268][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1184.795185][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1184.908902][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1185.057040][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1185.086228][ T4270] bridge0: port 1(bridge_slave_0) entered blocking state [ 1185.093319][ T4270] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1185.156345][T15643] syz.5.3116 (15643) used greatest stack depth: 18624 bytes left [ 1185.165719][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1185.216628][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1185.270343][ T4270] bridge0: port 2(bridge_slave_1) entered blocking state [ 1185.277501][ T4270] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1185.357204][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1185.387704][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1185.477179][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1185.538506][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1185.579390][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1185.592775][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1185.645982][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1185.718325][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1185.738912][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1185.774296][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1185.844766][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1185.867478][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1185.907378][T15463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1185.926694][T15668] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3122'. [ 1185.970605][ T4219] device hsr_slave_0 left promiscuous mode [ 1185.999745][ T4219] device hsr_slave_1 left promiscuous mode [ 1186.009153][ T4219] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1186.026285][ T4219] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1186.040043][ T4219] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1186.076347][ T4219] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1186.104819][ T4219] device bridge_slave_1 left promiscuous mode [ 1186.122185][ T4219] bridge0: port 2(bridge_slave_1) entered disabled state [ 1186.144709][ T4219] device bridge_slave_0 left promiscuous mode [ 1186.163081][ T4219] bridge0: port 1(bridge_slave_0) entered disabled state [ 1186.204317][ T4219] device veth0_macvtap left promiscuous mode [ 1186.217249][ T4219] device veth1_vlan left promiscuous mode [ 1186.235753][ T4219] device veth0_vlan left promiscuous mode [ 1187.334320][ T4219] team0 (unregistering): Port device team_slave_1 removed [ 1187.492937][ T4219] team0 (unregistering): Port device team_slave_0 removed [ 1188.140912][ T4219] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1188.676542][ T4219] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1188.826078][ T4219] bond0 (unregistering): Released all slaves [ 1189.347700][T15712] netlink: 67 bytes leftover after parsing attributes in process `syz.5.3133'. [ 1189.435390][T15463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1189.455453][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1189.485382][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1189.576953][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1189.599485][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1189.664981][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1189.685452][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1189.730913][T15463] device veth0_vlan entered promiscuous mode [ 1189.752080][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1189.824192][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1189.933155][T15463] device veth1_vlan entered promiscuous mode [ 1190.267461][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1190.310043][T15737] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3140'. [ 1190.423153][T15739] device vti0 entered promiscuous mode [ 1190.504962][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1190.536341][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1190.558332][T15463] device veth0_macvtap entered promiscuous mode [ 1190.606126][T15463] device veth1_macvtap entered promiscuous mode [ 1190.703067][T15463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1190.806507][T15463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.945028][T15463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1191.091163][T15463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1191.126439][T15463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1191.176645][T15463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1191.225889][T15463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1191.261908][T15463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1191.338666][T15463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1191.378189][T15463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1191.398885][T15463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1191.586521][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1191.605227][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1191.663121][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1191.706926][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1191.744684][T15463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1191.795511][T15463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1191.823935][T15463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1191.849115][T15463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1191.867275][T15463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1191.897691][T15463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1191.908336][T15463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1191.919825][T15463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1191.930053][T15463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1191.940967][T15463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1191.973105][T15463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1192.026368][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1192.051243][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1192.098963][T15463] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1192.148429][T15463] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1192.189150][T15463] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1192.218654][T15463] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1192.811268][T15791] device team_slave_0 entered promiscuous mode [ 1192.818276][T15791] device team_slave_1 entered promiscuous mode [ 1192.846454][T15791] device macsec1 entered promiscuous mode [ 1192.867097][T15791] device team0 entered promiscuous mode [ 1192.887012][T15791] team0: Device macsec1 is already an upper device of the team interface [ 1192.912112][T15791] device team0 left promiscuous mode [ 1192.929137][T15791] device team_slave_0 left promiscuous mode [ 1192.935244][T15791] device team_slave_1 left promiscuous mode [ 1193.289093][ T4470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1193.319697][ T4470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1193.395567][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1193.493608][T15811] smc: net device wlan1 applied user defined pnetid SYZ2 [ 1193.528475][ T1172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1193.871841][ T1172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1194.206911][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1195.801394][T15840] syz.1.3160[15840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1195.807182][T15840] syz.1.3160[15840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1196.763945][T15862] netlink: 'syz.2.3166': attribute type 4 has an invalid length. [ 1196.846323][T15863] netlink: 'syz.6.3165': attribute type 1 has an invalid length. [ 1197.034603][T15865] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 1197.165271][T15865] bond1: (slave veth5): Enslaving as a backup interface with a down link [ 1197.212492][T15870] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3167'. [ 1197.263184][T15870] NILFS (loop2): device size too small [ 1197.973548][T15857] chnl_net:caif_netlink_parms(): no params data found [ 1198.267450][T15886] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3173'. [ 1198.455217][T15857] bridge0: port 1(bridge_slave_0) entered blocking state [ 1198.476954][T15857] bridge0: port 1(bridge_slave_0) entered disabled state [ 1198.515079][T15857] device bridge_slave_0 entered promiscuous mode [ 1198.533860][T15857] bridge0: port 2(bridge_slave_1) entered blocking state [ 1198.606575][T15857] bridge0: port 2(bridge_slave_1) entered disabled state [ 1198.655334][T15857] device bridge_slave_1 entered promiscuous mode [ 1199.273932][ T2300] Bluetooth: hci2: command 0x0409 tx timeout [ 1199.355495][T15857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1199.431265][T15857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1199.584672][T15857] team0: Port device team_slave_0 added [ 1199.615494][T15904] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3178'. [ 1199.631966][T15905] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3180'. [ 1199.649112][T15857] team0: Port device team_slave_1 added [ 1199.662358][T15905] NILFS (loop2): device size too small [ 1200.377508][T15857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1200.598780][T15857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1201.645359][T15857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1201.674132][T15926] 9pnet: Insufficient options for proto=fd [ 1201.735839][T15857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1201.753255][ T4250] Bluetooth: hci2: command 0x041b tx timeout [ 1201.864667][T15857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1201.997247][T15857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1202.491169][T15857] device hsr_slave_0 entered promiscuous mode [ 1202.531413][T15857] device hsr_slave_1 entered promiscuous mode [ 1202.556508][T15857] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1202.593836][T15857] Cannot create hsr debugfs directory [ 1202.878752][T15944] syz.1.3189[15944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1202.878847][T15944] syz.1.3189[15944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1202.925725][T15945] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3192'. [ 1202.994248][T15946] NILFS (loop5): device size too small [ 1203.905958][T15857] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1204.025538][ T2300] Bluetooth: hci2: command 0x040f tx timeout [ 1204.192158][T15857] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1204.380147][T15857] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1204.464421][T15857] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1205.688107][T15966] 9pnet: Insufficient options for proto=fd [ 1205.814422][T15857] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1205.947156][T15857] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1205.975873][T15857] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1206.024428][T15857] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1206.056938][ T2300] Bluetooth: hci2: command 0x0419 tx timeout [ 1206.270582][T15857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1206.346602][T13127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1206.357908][T13127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1206.372612][T15857] 8021q: adding VLAN 0 to HW filter on device team0 [ 1206.415436][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1206.434330][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1206.446191][ T4576] bridge0: port 1(bridge_slave_0) entered blocking state [ 1206.453322][ T4576] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1206.466351][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1206.488019][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1206.521600][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1206.543974][ T4470] bridge0: port 2(bridge_slave_1) entered blocking state [ 1206.551133][ T4470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1206.639830][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1206.656883][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1206.709924][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1206.850472][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1206.893335][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1206.905798][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1206.914684][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1206.951914][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1207.121765][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1207.640343][T15857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1207.677559][T15857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1207.725672][T16002] netlink: 'syz.2.3209': attribute type 6 has an invalid length. [ 1207.735220][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1207.753008][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1207.903630][ T4219] device hsr_slave_0 left promiscuous mode [ 1207.928537][ T4219] device hsr_slave_1 left promiscuous mode [ 1207.941537][ T4219] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1207.956700][ T4219] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1207.973040][ T4219] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1207.990703][ T4219] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1208.021568][ T4219] device bridge_slave_1 left promiscuous mode [ 1208.044310][ T4219] bridge0: port 2(bridge_slave_1) entered disabled state [ 1208.081200][ T4219] device bridge_slave_0 left promiscuous mode [ 1208.097702][ T4219] bridge0: port 1(bridge_slave_0) entered disabled state [ 1208.183154][ T4219] device veth1_macvtap left promiscuous mode [ 1208.189680][ T4219] device veth0_macvtap left promiscuous mode [ 1208.196854][ T4219] device veth1_vlan left promiscuous mode [ 1208.202844][ T4219] device veth0_vlan left promiscuous mode [ 1208.225430][T16020] NILFS (loop6): device size too small [ 1208.721265][ T4219] team0 (unregistering): Port device team_slave_1 removed [ 1208.770371][ T4219] team0 (unregistering): Port device team_slave_0 removed [ 1209.180004][T16019] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3215'. [ 1209.692854][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1209.707283][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1209.754036][T15857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1209.828212][T16044] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3222'. [ 1209.862562][T16044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3222'. [ 1210.009284][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1210.028064][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1210.091316][T13127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1210.124932][T13127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1210.262227][T13127] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1210.305468][T13127] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1210.342564][T15857] device veth0_vlan entered promiscuous mode [ 1210.459834][T15857] device veth1_vlan entered promiscuous mode [ 1210.533086][T13127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1210.574315][T13127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1210.610948][T15857] device veth0_macvtap entered promiscuous mode [ 1210.648667][T15857] device veth1_macvtap entered promiscuous mode [ 1210.717123][T15857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1210.760672][T15857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1210.806249][T15857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1210.846296][T15857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1210.896214][T15857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1210.946203][T15857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1210.996758][T15857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1211.016315][T15857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1211.059352][T15857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1211.100860][T15857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1211.173883][T15857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1211.239798][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1211.267212][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1211.319364][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1211.352847][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1211.382877][T15857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1211.405578][T15857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1211.420011][T15857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1211.465002][T15857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1211.498596][T15857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1211.524263][T15857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1211.572512][T15857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1211.618554][T15857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1211.666517][T15857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1211.692053][T15857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1211.745986][T15857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1211.839288][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1211.898843][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1212.027843][T15857] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1212.056265][T15857] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1212.065442][T15857] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1212.077648][T15857] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1212.320893][T13127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1212.361928][T13127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1212.445434][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1212.478811][ T4269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1212.516072][ T4269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1212.567004][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1212.801209][T16096] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3159'. [ 1212.922335][T16096] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1214.393661][T16149] syz.6.3259[16149] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1214.393770][T16149] syz.6.3259[16149] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1215.006737][T16157] fuse: Unknown parameter '0x0000000000000009' [ 1215.656697][ T23] Bluetooth: hci2: command 0x0405 tx timeout [ 1216.515409][T16166] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1217.111763][T16166] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1217.271406][T16166] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1217.376265][T13450] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1217.484149][T16166] team0: Port device netdevsim0 removed [ 1217.493636][T16166] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1217.659903][T16166] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1217.711059][T16166] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1217.814300][T16166] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1217.866931][T16166] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1217.882500][ T4247] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 1218.246493][ T4247] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1218.286076][ T4247] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1218.514414][ T4247] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1218.551484][ T4247] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1218.986325][T11830] Bluetooth: Wrong link type (-71) [ 1219.016869][T13450] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 1219.036007][T13450] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1219.062272][T13450] usb 4-1: Product: syz [ 1219.074177][T13450] usb 4-1: Manufacturer: syz [ 1219.088384][T13450] usb 4-1: SerialNumber: syz [ 1219.096017][T13450] usb 4-1: config 0 descriptor?? [ 1219.204062][T16201] 9pnet: Insufficient options for proto=fd [ 1219.233833][ T4247] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1219.243133][ T4247] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1219.255318][ T4247] usb 7-1: Manufacturer: syz [ 1219.274151][ T4247] usb 7-1: config 0 descriptor?? [ 1219.382082][T13450] usb 4-1: USB disconnect, device number 25 [ 1219.758084][ T4247] appleir 0003:05AC:8243.0009: unknown main item tag 0x0 [ 1219.765792][ T4247] appleir 0003:05AC:8243.0009: No inputs registered, leaving [ 1219.861773][ T4247] appleir 0003:05AC:8243.0009: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0 [ 1220.052007][ T2300] usb 7-1: USB disconnect, device number 2 [ 1221.172741][T16232] 9pnet: Insufficient options for proto=fd [ 1222.310564][T16251] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 1222.516381][ T4557] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 1222.941150][ T4557] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 1222.997442][ T4557] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1223.338842][ T4557] usb 7-1: config 0 descriptor?? [ 1223.508805][ T4557] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 1223.567303][T16264] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3305'. [ 1223.667955][T16267] bridge0: port 2(bridge_slave_1) entered disabled state [ 1223.751828][T16267] device bridge_slave_1 left promiscuous mode [ 1223.759405][T16274] 9pnet: Insufficient options for proto=fd [ 1223.777576][T16267] bridge0: port 2(bridge_slave_1) entered disabled state [ 1223.946664][ T4557] cpia1 7-1:0.0: unexpected state after lo power cmd: 00 [ 1224.416819][ T4557] gspca_cpia1: usb_control_msg 02, error -71 [ 1224.470201][ T4557] gspca_cpia1: usb_control_msg 05, error -71 [ 1224.568844][ T4557] cpia1 7-1:0.0: unexpected systemstate: 00 [ 1224.987246][ T4557] usb 7-1: USB disconnect, device number 3 [ 1225.426415][ T23] Bluetooth: hci1: command 0x0406 tx timeout [ 1226.526624][T16297] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3315'. [ 1227.012411][T16305] 9pnet: Insufficient options for proto=fd [ 1231.196984][T16348] 9pnet: Insufficient options for proto=fd [ 1231.456235][T13450] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1232.611997][T16361] syz.3.3329[16361] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1232.612101][T16361] syz.3.3329[16361] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1232.816296][T13450] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1233.016322][T13450] usb 2-1: config 0 has no interfaces? [ 1233.216349][T13450] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1233.225601][T13450] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1233.236847][T13450] usb 2-1: Product: syz [ 1233.244729][T13450] usb 2-1: Manufacturer: syz [ 1233.249884][T13450] usb 2-1: SerialNumber: syz [ 1233.261215][T13450] usb 2-1: config 0 descriptor?? [ 1234.828294][T13450] usb 2-1: can't set config #0, error -71 [ 1234.840072][T13450] usb 2-1: USB disconnect, device number 15 [ 1236.298135][T16396] 9pnet: Insufficient options for proto=fd [ 1237.878766][T16430] syz.5.3346[16430] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1237.878868][T16430] syz.5.3346[16430] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1238.700250][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.726914][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.012928][T16448] IPv6: ADDRCONF(NETDEV_CHANGE): netdevsim0: link becomes ready [ 1239.183125][T16455] 9pnet: Insufficient options for proto=fd [ 1239.433054][ T4554] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 1239.723401][ T4554] usb 7-1: Using ep0 maxpacket: 16 [ 1239.866641][ T4554] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1239.886956][ T4554] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1239.953841][ T4554] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1240.000584][ T4554] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1240.016479][ T4554] usb 7-1: config 0 descriptor?? [ 1240.976640][ T26] audit: type=1326 audit(1731966438.338:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16474 comm="syz.1.3370" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efe1604f719 code=0x0 [ 1241.203191][T16483] input: syz1 as /devices/virtual/input/input26 [ 1241.346383][ T4554] usbhid 7-1:0.0: can't add hid device: -71 [ 1241.354816][ T4554] usbhid: probe of 7-1:0.0 failed with error -71 [ 1241.379094][T16487] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1241.411800][ T4554] usb 7-1: USB disconnect, device number 4 [ 1241.557245][ T4449] [ 1241.559606][ T4449] ====================================================== [ 1241.566629][ T4449] WARNING: possible circular locking dependency detected [ 1241.573650][ T4449] 5.15.173-syzkaller #0 Not tainted [ 1241.578849][ T4449] ------------------------------------------------------ [ 1241.585869][ T4449] kworker/0:14/4449 is trying to acquire lock: [ 1241.592029][ T4449] ffff88805ae50c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 1241.603092][ T4449] [ 1241.603092][ T4449] but task is already holding lock: [ 1241.610447][ T4449] ffffffff8dcbe668 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x47/0x180 [ 1241.619538][ T4449] [ 1241.619538][ T4449] which lock already depends on the new lock. [ 1241.619538][ T4449] [ 1241.629972][ T4449] [ 1241.629972][ T4449] the existing dependency chain (in reverse order) is: [ 1241.638988][ T4449] [ 1241.638988][ T4449] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 1241.646987][ T4449] lock_acquire+0x1db/0x4f0 [ 1241.652064][ T4449] __mutex_lock_common+0x1da/0x25a0 [ 1241.657817][ T4449] mutex_lock_nested+0x17/0x20 [ 1241.663129][ T4449] rfkill_register+0x30/0x880 [ 1241.668349][ T4449] hci_register_dev+0x4dd/0xa50 [ 1241.673733][ T4449] vhci_create_device+0x310/0x590 [ 1241.679298][ T4449] vhci_write+0x382/0x430 [ 1241.684164][ T4449] vfs_write+0xacd/0xe50 [ 1241.688938][ T4449] ksys_write+0x1a2/0x2c0 [ 1241.693797][ T4449] do_syscall_64+0x3b/0xb0 [ 1241.698744][ T4449] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1241.705173][ T4449] [ 1241.705173][ T4449] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 1241.713007][ T4449] lock_acquire+0x1db/0x4f0 [ 1241.718043][ T4449] __mutex_lock_common+0x1da/0x25a0 [ 1241.723775][ T4449] mutex_lock_nested+0x17/0x20 [ 1241.729119][ T4449] vhci_send_frame+0x8a/0xf0 [ 1241.734270][ T4449] hci_send_frame+0x1af/0x2f0 [ 1241.739480][ T4449] hci_tx_work+0xb2e/0x1a30 [ 1241.744517][ T4449] process_one_work+0x8a1/0x10c0 [ 1241.750007][ T4449] worker_thread+0xaca/0x1280 [ 1241.755222][ T4449] kthread+0x3f6/0x4f0 [ 1241.759849][ T4449] ret_from_fork+0x1f/0x30 [ 1241.764807][ T4449] [ 1241.764807][ T4449] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 1241.774027][ T4449] lock_acquire+0x1db/0x4f0 [ 1241.779069][ T4449] __flush_work+0xeb/0x1a0 [ 1241.784017][ T4449] hci_dev_do_close+0x20a/0x1070 [ 1241.789487][ T4449] hci_error_reset+0x106/0x2d0 [ 1241.794784][ T4449] process_one_work+0x8a1/0x10c0 [ 1241.800258][ T4449] worker_thread+0xaca/0x1280 [ 1241.805468][ T4449] kthread+0x3f6/0x4f0 [ 1241.810068][ T4449] ret_from_fork+0x1f/0x30 [ 1241.815019][ T4449] [ 1241.815019][ T4449] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 1241.822671][ T4449] lock_acquire+0x1db/0x4f0 [ 1241.827706][ T4449] __mutex_lock_common+0x1da/0x25a0 [ 1241.833438][ T4449] mutex_lock_nested+0x17/0x20 [ 1241.838738][ T4449] bg_scan_update+0xa1/0x4a0 [ 1241.843864][ T4449] process_one_work+0x8a1/0x10c0 [ 1241.849342][ T4449] worker_thread+0xaca/0x1280 [ 1241.854591][ T4449] kthread+0x3f6/0x4f0 [ 1241.859197][ T4449] ret_from_fork+0x1f/0x30 [ 1241.864156][ T4449] [ 1241.864156][ T4449] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 1241.873986][ T4449] validate_chain+0x1649/0x5930 [ 1241.879395][ T4449] __lock_acquire+0x1295/0x1ff0 [ 1241.884780][ T4449] lock_acquire+0x1db/0x4f0 [ 1241.889799][ T4449] __flush_work+0xeb/0x1a0 [ 1241.894733][ T4449] __cancel_work_timer+0x519/0x6a0 [ 1241.900359][ T4449] hci_request_cancel_all+0xcb/0x300 [ 1241.906161][ T4449] hci_dev_do_close+0x51/0x1070 [ 1241.911525][ T4449] hci_rfkill_set_block+0x114/0x1a0 [ 1241.917238][ T4449] rfkill_set_block+0x1e7/0x430 [ 1241.922603][ T4449] rfkill_epo+0x7c/0x180 [ 1241.927371][ T4449] rfkill_op_handler+0x7e/0x260 [ 1241.932762][ T4449] process_one_work+0x8a1/0x10c0 [ 1241.938215][ T4449] worker_thread+0xaca/0x1280 [ 1241.943404][ T4449] kthread+0x3f6/0x4f0 [ 1241.947983][ T4449] ret_from_fork+0x1f/0x30 [ 1241.952913][ T4449] [ 1241.952913][ T4449] other info that might help us debug this: [ 1241.952913][ T4449] [ 1241.963215][ T4449] Chain exists of: [ 1241.963215][ T4449] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 1241.963215][ T4449] [ 1241.978930][ T4449] Possible unsafe locking scenario: [ 1241.978930][ T4449] [ 1241.986364][ T4449] CPU0 CPU1 [ 1241.991714][ T4449] ---- ---- [ 1241.997063][ T4449] lock(rfkill_global_mutex); [ 1242.001816][ T4449] lock(&data->open_mutex); [ 1242.008910][ T4449] lock(rfkill_global_mutex); [ 1242.016178][ T4449] lock((work_completion)(&hdev->bg_scan_update)); [ 1242.022780][ T4449] [ 1242.022780][ T4449] *** DEADLOCK *** [ 1242.022780][ T4449] [ 1242.030910][ T4449] 3 locks held by kworker/0:14/4449: [ 1242.036183][ T4449] #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 1242.046534][ T4449] #1: ffffc90002f77d20 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 1242.056888][ T4449] #2: ffffffff8dcbe668 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x47/0x180 [ 1242.066362][ T4449] [ 1242.066362][ T4449] stack backtrace: [ 1242.072322][ T4449] CPU: 0 PID: 4449 Comm: kworker/0:14 Not tainted 5.15.173-syzkaller #0 [ 1242.080639][ T4449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 1242.090692][ T4449] Workqueue: events rfkill_op_handler [ 1242.096066][ T4449] Call Trace: [ 1242.099340][ T4449] [ 1242.102262][ T4449] dump_stack_lvl+0x1e3/0x2d0 [ 1242.106938][ T4449] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1242.112568][ T4449] ? print_circular_bug+0x12b/0x1a0 [ 1242.117760][ T4449] check_noncircular+0x2f8/0x3b0 [ 1242.122695][ T4449] ? add_chain_block+0x850/0x850 [ 1242.127626][ T4449] ? lockdep_lock+0x11f/0x2a0 [ 1242.132299][ T4449] validate_chain+0x1649/0x5930 [ 1242.137151][ T4449] ? reacquire_held_locks+0x660/0x660 [ 1242.142517][ T4449] ? validate_chain+0x112/0x5930 [ 1242.147446][ T4449] ? mark_lock+0x98/0x340 [ 1242.151768][ T4449] ? look_up_lock_class+0x77/0x120 [ 1242.156916][ T4449] ? register_lock_class+0x100/0x9a0 [ 1242.162195][ T4449] ? mark_lock+0x98/0x340 [ 1242.166516][ T4449] ? is_dynamic_key+0x1f0/0x1f0 [ 1242.171358][ T4449] ? __lock_acquire+0x1295/0x1ff0 [ 1242.176374][ T4449] ? mark_lock+0x98/0x340 [ 1242.180696][ T4449] __lock_acquire+0x1295/0x1ff0 [ 1242.185546][ T4449] lock_acquire+0x1db/0x4f0 [ 1242.190045][ T4449] ? __flush_work+0xcf/0x1a0 [ 1242.194629][ T4449] ? rcu_lock_release+0x5/0x20 [ 1242.199389][ T4449] ? read_lock_is_recursive+0x10/0x10 [ 1242.204759][ T4449] ? start_flush_work+0x776/0x820 [ 1242.209788][ T4449] ? stack_trace_snprint+0xe0/0xe0 [ 1242.214893][ T4449] __flush_work+0xeb/0x1a0 [ 1242.219305][ T4449] ? __flush_work+0xcf/0x1a0 [ 1242.223886][ T4449] ? flush_work+0x20/0x20 [ 1242.228217][ T4449] ? print_irqtrace_events+0x210/0x210 [ 1242.233680][ T4449] ? lock_timer_base+0x260/0x260 [ 1242.238628][ T4449] ? __cancel_work_timer+0x467/0x6a0 [ 1242.243912][ T4449] __cancel_work_timer+0x519/0x6a0 [ 1242.249026][ T4449] ? cancel_work_sync+0x20/0x20 [ 1242.253880][ T4449] ? lockdep_hardirqs_on+0x94/0x130 [ 1242.259091][ T4449] ? __cancel_work+0x2ef/0x380 [ 1242.263855][ T4449] ? cancel_work+0x20/0x20 [ 1242.268271][ T4449] ? print_irqtrace_events+0x210/0x210 [ 1242.273727][ T4449] hci_request_cancel_all+0xcb/0x300 [ 1242.279014][ T4449] hci_dev_do_close+0x51/0x1070 [ 1242.283859][ T4449] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 1242.289748][ T4449] ? _raw_spin_unlock+0x40/0x40 [ 1242.294714][ T4449] hci_rfkill_set_block+0x114/0x1a0 [ 1242.299931][ T4449] ? rcu_lock_release+0x20/0x20 [ 1242.304780][ T4449] rfkill_set_block+0x1e7/0x430 [ 1242.309632][ T4449] rfkill_epo+0x7c/0x180 [ 1242.313876][ T4449] rfkill_op_handler+0x7e/0x260 [ 1242.318739][ T4449] process_one_work+0x8a1/0x10c0 [ 1242.323686][ T4449] ? worker_detach_from_pool+0x260/0x260 [ 1242.329318][ T4449] ? _raw_spin_lock_irqsave+0x120/0x120 [ 1242.334864][ T4449] ? kthread_data+0x4e/0xc0 [ 1242.339362][ T4449] ? wq_worker_running+0x97/0x170 [ 1242.344383][ T4449] worker_thread+0xaca/0x1280 [ 1242.349067][ T4449] kthread+0x3f6/0x4f0 [ 1242.353134][ T4449] ? rcu_lock_release+0x20/0x20 [ 1242.357981][ T4449] ? kthread_blkcg+0xd0/0xd0 [ 1242.362565][ T4449] ret_from_fork+0x1f/0x30 [ 1242.367016][ T4449]