last executing test programs: 13.900041954s ago: executing program 1 (id=2590): r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) pause() mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) inotify_init() r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_clone3(&(0x7f00000004c0)={0x400, &(0x7f0000000040), &(0x7f0000000180), &(0x7f00000001c0), {0x25}, &(0x7f0000000280)=""/102, 0x66, &(0x7f0000000340)=""/150, 0x0, 0x0, {r0}}, 0x58) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x32, 0x0, @empty, @broadcast}, @timestamp_reply={0x11}}}}}, 0x0) creat(&(0x7f0000000300)='./bus\x00', 0x0) open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) io_submit(0x0, 0x0, 0x0) 12.491392765s ago: executing program 1 (id=2595): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x0, 0x803, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001240), 0x0, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x3, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x5f]}}, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r2, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETLINK(r4, 0x400454cd, 0x301) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x30, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) r5 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x18, r5, 0xfaac4106a1b87a7, 0x0, 0x0, {0x7}, [@HEADER={0x4}]}, 0x18}}, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x60, 0x0, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x4c, 0x12, 0x1, 0x3, 0x0, {0xa, 0x0, 0x0, 0x0, {0x0, 0x4e22, [0x3, 0x0, 0x5], [], 0x0, [0x1, 0xfffffffc]}}}, 0x4c}}, 0x0) 11.175458776s ago: executing program 1 (id=2602): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 9.117603511s ago: executing program 1 (id=2612): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x0, 0x803, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001240), 0x0, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x3, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x5f]}}, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r2, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETLINK(r4, 0x400454cd, 0x301) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x30, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) r5 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x18, r5, 0xfaac4106a1b87a7, 0x0, 0x0, {0x7}, [@HEADER={0x4}]}, 0x18}}, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x60, 0x0, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x4c, 0x12, 0x1, 0x3, 0x0, {0xa, 0x0, 0x0, 0x0, {0x0, 0x4e22, [0x3, 0x0, 0x5], [], 0x0, [0x1, 0xfffffffc]}}}, 0x4c}}, 0x0) 5.858729733s ago: executing program 1 (id=2622): bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0x20, &(0x7f0000000240)={&(0x7f0000000700)=""/247, 0xf7, 0x0, &(0x7f0000000600)=""/145, 0x91}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r4, 0x40505331, &(0x7f0000000100)={{}, {0xe}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x802, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000b7d516ed51c74af45211231009237bc774e29173efd6415233b2647197d2f82c30134c0592431a9a3496e252e8c151805f17a0d074d4cbb495f4b8b2294780fd464e977998a8c6e13e0cb3cb768f3720b7cb3c37c3824c86e3c24205aa95e7c9976c1e09a761dfd6cc1e73a4d9d86a33808159db9838830b9ae4e1d6ff27b33624eb43b59706cd18406ec69f2d19e4e934a760275c6dc788676476718fe8a0926ada8391b4bf2b4b586b057b556e9be519e509158cf7cc1636508f7d9fc3ac2814adb39430a4f2649956ee7ce4d6849f3d28a99da0f498057cf83e5fb4eafcc46bbbac8dcab70171cd9f435df9312c64fae0649a4f53ab59fbe82549843a6026083301f7f47bc3cfbf4ac7a618bf62a9f2f2a84c95b4e428ea1290955d41d8b9882e01668f6e59d4fa03d975566ffba7b5812fc4e40b0d23b3449f5ced3e1a09178cfeb994dd4e0afebb853757289a7bec5e8a53f398f8e01c8a0bb48fe09a4034e8f1ddb3ddf70000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) socket$nl_generic(0x10, 0x3, 0x10) 5.262320667s ago: executing program 4 (id=2626): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r1) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r2, 0x26, 0x0, 0x0, @void, @value}, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000980)="b9", 0x1}], 0x1}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/229, 0xec1}], 0x1}, 0x0) 4.293601098s ago: executing program 4 (id=2628): r0 = socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb8500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1}, 0x18) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x7400}, 0x0) 4.293127416s ago: executing program 2 (id=2629): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={0x0, r1}}, 0x20) 4.110043977s ago: executing program 2 (id=2632): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) munmap(&(0x7f0000002000/0x800000)=nil, 0x800000) r1 = io_uring_setup(0x7af2, &(0x7f0000000680)={0x0, 0x0, 0x0, 0xffffffff}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000001880)=[{0x0}], 0x1) 4.109557805s ago: executing program 3 (id=2633): r0 = open(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) readlinkat(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = syz_open_procfs(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = fcntl$getown(r1, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f00000001c0)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) r3 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000009900)=""/102400, 0x19000) r5 = memfd_secret(0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r5, 0x0) ftruncate(r5, 0x51a9497) pipe(&(0x7f0000000080)) syz_open_procfs(r2, 0x0) r6 = syz_open_dev$MSR(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x8000) read$msr(r6, 0x0, 0x0) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x4010, r3, 0x0) 4.027535045s ago: executing program 0 (id=2634): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x70, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_flower={{0xb}, {0x40, 0x2, [@TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @broadcast}, @TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @multicast}, @TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @private2={0xfc, 0x2, '\x00', 0x1}}, @TCA_FLOWER_KEY_ENC_IPV6_SRC={0x14, 0x1f, @private2={0xfc, 0x2, '\x00', 0x1}}]}}]}, 0x70}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@newqdisc={0xdc, 0x24, 0x0, 0x10, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xf}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x5057dede}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xffffffff}, @TCA_STAB={0xa8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xf, 0x9a, 0x1, 0xf2, 0xd0f76369cdd33016, 0xfffffff8, 0xed7d, 0x7}}, {0x12, 0x2, [0x30, 0x5, 0x200, 0x0, 0x2, 0xa16, 0x5]}}, {{0x1c, 0x1, {0x4, 0x7, 0x8, 0xdd2, 0x0, 0x7fffffff, 0x9, 0x9}}, {0x16, 0x2, [0xfc00, 0x9, 0xffff, 0x81, 0x1, 0x3, 0x1, 0x6, 0x1]}}, {{0x1c, 0x1, {0xe, 0x7f, 0x1ff, 0x6, 0x1, 0x18, 0x5}}, {0x4}}, {{0x1c, 0x1, {0x7, 0xdb, 0x3, 0xd71, 0x0, 0x4, 0x6}}, {0x4}}]}]}, 0xdc}}, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 4.027298414s ago: executing program 4 (id=2635): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100008d}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x1a, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x3, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000401764530550ffeb18110000", @ANYRES16, @ANYRES64, @ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d2, 0x0) 3.975197118s ago: executing program 2 (id=2636): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000002080)={0x0, "2e8838664151f6ab323f089029fc41b4"}) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)}, 0x2101) madvise(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close(0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x14, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(0xffffffffffffffff, 0x80089419, &(0x7f00000000c0)) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, 0x0, 0x0, 0x2}, 0x20) syz_open_procfs(0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000180)=[{&(0x7f0000000400)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff000000020000", 0x56}], 0x1) r5 = epoll_create1(0x0) r6 = socket$packet(0x11, 0x3, 0x300) pipe2$9p(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, 0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000180)) syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00') 3.728745036s ago: executing program 0 (id=2637): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 3.040312087s ago: executing program 3 (id=2638): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0) 2.991771029s ago: executing program 0 (id=2639): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r1) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r2, 0x26, 0x0, 0x0, @void, @value}, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000980)="b9", 0x1}], 0x1}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/229, 0xec1}], 0x1}, 0x0) 2.922005628s ago: executing program 2 (id=2640): r0 = socket(0x840000000002, 0x3, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r3, 0x8982, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000001300007b8af8ff00000000bfa20000000000000702010000f5feffb703000008000000b7048000f600000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94) r4 = socket$nl_audit(0x10, 0x3, 0x9) fchown(r4, 0xffffffffffffffff, 0xffffffffffffffff) fchown(r4, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r5}, 0x10) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300), 0x2e) setsockopt$inet_pktinfo(r0, 0x0, 0x31, &(0x7f0000000540)={0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty}, 0xc) 2.817201485s ago: executing program 3 (id=2641): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x38, 0x3, 0x8, 0x5, 0x0, 0x0, {}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_REPLIED={0xc}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x38}}, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f00000001c0)=0x4f9e) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, 0x0) r2 = gettid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000400)={{0x1009, 0x0, 0x401, 0x0, 'syz1\x00', 0x1}, 0x5, 0x40, 0x1, r2, 0x0, 0x0, 'syz0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) pipe(&(0x7f0000000080)={0xffffffffffffffff}) socket$netlink(0x10, 0x3, 0xa) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_PORTS(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r7, 0x5, 0x0, 0x0, {{}, {0x0, 0x410c}}}, 0x1c}}, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r5, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x30, r7, 0x8, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0x14, 0x18, {0x4, @bearer=@l2={'eth', 0x3a, 'caif0\x00'}}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x8080) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) sendmsg$netlink(r3, &(0x7f0000001a80)={0x0, 0x0, &(0x7f0000000580)}, 0x0) r8 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r9, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r9, &(0x7f0000006380)={0x2020}, 0x2020) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r9}}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) dup2(r3, r1) 2.747484124s ago: executing program 0 (id=2642): socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000100200000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) close(0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x2, 0x0, 0x0, 0x0) 1.928070702s ago: executing program 2 (id=2643): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) 1.736713244s ago: executing program 3 (id=2644): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in=@dev, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x60, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x40}}}, 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001300eb990000000000000000fc000000000000000000000000000000ac1e000100"/56], 0xb8}}, 0x0) 1.376416031s ago: executing program 0 (id=2645): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000000000040000000000000000850000000e000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='io_uring_cqe_overflow\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x5078, &(0x7f0000000300)={0x0, 0x0, 0x10100}, 0x0, &(0x7f0000000000)) io_uring_enter(r1, 0xb15, 0x0, 0x0, 0x0, 0xfffffd45) 1.355549026s ago: executing program 3 (id=2646): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xf, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x7, 0x24, &(0x7f00000004c0)=""/36, 0x41000, 0x5f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x5}, 0x8, 0x10, &(0x7f0000000540)={0x0, 0x2}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000580)=[{0x0, 0x1}, {0x0, 0x4, 0x10}], 0x10, 0x8, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f00000001c0)='track_foreign_dirty\x00', r4}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$vsock_stream(0x28, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffffed7a000008003950323030302e4c"], 0x15) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) ftruncate(r5, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r7, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r6, r5, 0x0, 0x578410e9) 1.287566402s ago: executing program 4 (id=2647): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@getqdisc={0x28, 0x26, 0x200, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0x8}, {0xfff2, 0x3}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040}, 0x404c001) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}}, 0x24}}, 0x810) 980.813932ms ago: executing program 1 (id=2648): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f00000001c0), &(0x7f0000000200)=r1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 343.180168ms ago: executing program 2 (id=2649): r0 = open(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) readlinkat(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = syz_open_procfs(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = fcntl$getown(r1, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f00000001c0)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) r3 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000009900)=""/102400, 0x19000) r5 = memfd_secret(0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r5, 0x0) ftruncate(r5, 0x51a9497) pipe(&(0x7f0000000080)) syz_open_procfs(r2, &(0x7f0000000040)='auxv\x00') r6 = syz_open_dev$MSR(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8000) read$msr(r6, 0x0, 0x0) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x4010, r3, 0x0) 247.232629ms ago: executing program 0 (id=2650): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000002080)={0x0, "2e8838664151f6ab323f089029fc41b4"}) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)}, 0x2101) madvise(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close(0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x14, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(0xffffffffffffffff, 0x80089419, &(0x7f00000000c0)) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, 0x0, 0x0, 0x2}, 0x20) syz_open_procfs(0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000180)=[{&(0x7f0000000400)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff000000020000", 0x56}], 0x1) r5 = epoll_create1(0x0) r6 = socket$packet(0x11, 0x3, 0x300) pipe2$9p(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, 0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000180)) syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00') 246.802462ms ago: executing program 4 (id=2651): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 156.899564ms ago: executing program 3 (id=2652): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x6}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x6c}}, 0x0) 0s ago: executing program 4 (id=2653): r0 = socket(0x840000000002, 0x3, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r3, 0x8982, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000001300007b8af8ff00000000bfa20000000000000702010000f5feffb703000008000000b7048000f600000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94) r4 = socket$nl_audit(0x10, 0x3, 0x9) fchown(r4, 0xffffffffffffffff, 0xffffffffffffffff) fchown(r4, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r5}, 0x10) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300), 0x2e) setsockopt$inet_pktinfo(r0, 0x0, 0x31, &(0x7f0000000540)={0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty}, 0xc) kernel console output (not intermixed with test programs): 582.685953][ T9797] usb usb8: usbfs: process 9797 (syz.4.1146) did not claim interface 0 before use [ 582.991340][ T5219] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 583.708404][ T9803] coredump: 331(syz.3.1150): written to core: VMAs: 37, size 97550336; core: 71779482 bytes, pos 97558528 [ 584.072888][ T5219] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 584.124461][ T5219] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 584.138386][ T5219] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 584.147858][ T5219] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.192787][ T5219] usb 3-1: config 0 descriptor?? [ 584.215474][ T5219] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 584.330876][ T5308] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 584.493851][ T5308] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 584.690789][ T5308] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 584.723279][ T5308] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 584.740980][ T5308] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 584.749041][ T5308] usb 2-1: SerialNumber: syz [ 585.105691][ T5308] cdc_acm 2-1:1.0: Zero length descriptor references [ 585.112766][ T5308] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22 [ 585.153760][ T5308] usb 2-1: USB disconnect, device number 15 [ 586.069736][ T5269] usb 3-1: USB disconnect, device number 15 [ 589.524119][ T9843] coredump: 343(syz.3.1162): written to core: VMAs: 35, size 97419264; core: 71771178 bytes, pos 97427456 [ 591.378070][ T9853] usb usb8: usbfs: process 9853 (syz.4.1164) did not claim interface 0 before use [ 592.878296][ T5219] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 593.242863][ T5219] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 593.280785][ T5219] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 593.568862][ T5219] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 594.376502][ T5219] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 594.384720][ T5219] usb 3-1: SerialNumber: syz [ 594.681796][ T5219] cdc_acm 3-1:1.0: Zero length descriptor references [ 594.741091][ T5219] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -22 [ 594.787824][ T5219] usb 3-1: USB disconnect, device number 16 [ 600.981657][ T9930] syz.1.1191 (9930) used greatest stack depth: 17392 bytes left [ 604.920454][ T9972] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1204'. [ 604.940973][ T9972] xt_hashlimit: size too large, truncated to 1048576 [ 609.160701][ T5219] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 609.345210][ T5219] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 609.361048][ T5219] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 609.382980][ T5219] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 609.392759][ T5219] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 609.402388][ T5219] usb 2-1: SerialNumber: syz [ 609.626710][ T5219] cdc_acm 2-1:1.0: Zero length descriptor references [ 609.647073][ T5219] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22 [ 609.689041][ T5219] usb 2-1: USB disconnect, device number 16 [ 611.414834][ T6634] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 612.221982][T10039] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1227'. [ 612.241623][T10039] xt_hashlimit: size too large, truncated to 1048576 [ 613.043262][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 613.043296][ T29] audit: type=1326 audit(1727164115.980:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10030 comm="syz.3.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 613.097454][ T29] audit: type=1326 audit(1727164115.980:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10030 comm="syz.3.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 613.119371][ T29] audit: type=1326 audit(1727164115.980:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10030 comm="syz.3.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 613.141451][ T29] audit: type=1326 audit(1727164116.000:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10030 comm="syz.3.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 613.163166][ T29] audit: type=1326 audit(1727164116.010:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10030 comm="syz.3.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 613.185351][ T29] audit: type=1326 audit(1727164116.010:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10030 comm="syz.3.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 613.207790][ T29] audit: type=1326 audit(1727164116.010:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10030 comm="syz.3.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 613.229980][ T29] audit: type=1326 audit(1727164116.010:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10030 comm="syz.3.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 613.252310][ T29] audit: type=1326 audit(1727164116.050:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10030 comm="syz.3.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f66c0d7c890 code=0x7ffc0000 [ 613.274060][ T29] audit: type=1326 audit(1727164116.050:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10030 comm="syz.3.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f66c0d7f727 code=0x7ffc0000 [ 615.394536][T10055] coredump: 383(syz.3.1231): written to core: VMAs: 37, size 97550336; core: 71779482 bytes, pos 97558528 [ 617.186446][T10071] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.222554][T10077] netlink: 'syz.2.1239': attribute type 2 has an invalid length. [ 617.230332][T10077] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1239'. [ 618.018051][T10071] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.209912][T10071] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.434348][T10071] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.547234][T10071] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.084955][T10071] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.108252][T10071] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.147833][T10071] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.646365][T10117] macvlan2: entered promiscuous mode [ 619.707413][T10117] macvlan2: entered allmulticast mode [ 619.922790][ T5269] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 620.084042][ T5269] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 620.129465][ T5269] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 620.201398][ T5269] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 620.223473][ T5269] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 620.248791][ T5269] usb 3-1: SerialNumber: syz [ 620.576062][ T5269] cdc_acm 3-1:1.0: Zero length descriptor references [ 620.584126][ T5269] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -22 [ 620.594830][ T5269] usb 3-1: USB disconnect, device number 17 [ 621.974359][T10153] netlink: 'syz.3.1261': attribute type 2 has an invalid length. [ 622.028217][T10153] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1261'. [ 622.047327][T10145] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.100445][T10158] Invalid ELF header magic: != ELF [ 622.217112][T10145] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.377539][T10145] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.491929][T10145] bond0: (slave netdevsim0): Releasing backup interface [ 623.004827][T10145] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.451199][T10173] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1272'. [ 623.460464][T10173] openvswitch: netlink: Flow key attr not present in new flow. [ 624.053002][T10145] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.089111][T10145] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.110804][ T5297] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 624.294731][T10145] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.335932][T10145] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.615632][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.622123][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.878968][ T5297] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 624.889546][ T5297] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 625.266201][ T5297] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 625.287036][ T5297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 625.311207][ T5297] usb 5-1: SerialNumber: syz [ 625.417422][T10196] Invalid ELF header magic: != ELF [ 625.446198][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 625.446220][ T29] audit: type=1107 audit(1727164128.420:439): pid=10193 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 625.559900][ T5297] cdc_acm 5-1:1.0: Zero length descriptor references [ 625.586366][ T5297] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22 [ 625.627369][ T5297] usb 5-1: USB disconnect, device number 12 [ 625.969269][T10210] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1287'. [ 626.958585][T10229] Invalid ELF header magic: != ELF [ 627.769271][T10244] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1300'. [ 629.888391][ T29] audit: type=1326 audit(1727164132.860:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10279 comm="syz.1.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 629.937807][T10283] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1311'. [ 629.947153][ T29] audit: type=1326 audit(1727164132.890:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10279 comm="syz.1.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 630.004389][ T29] audit: type=1326 audit(1727164132.890:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10279 comm="syz.1.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 630.134541][ T29] audit: type=1326 audit(1727164132.890:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10279 comm="syz.1.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 632.638890][T10317] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1323'. [ 633.217663][T10317] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1323'. [ 636.305287][T10359] Invalid ELF header magic: != ELF [ 636.485580][ T29] audit: type=1326 audit(1727164139.460:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10360 comm="syz.4.1338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 636.574171][ T29] audit: type=1326 audit(1727164139.490:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10360 comm="syz.4.1338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 636.596169][ T29] audit: type=1326 audit(1727164139.490:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10360 comm="syz.4.1338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 636.618128][ T29] audit: type=1326 audit(1727164139.490:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10360 comm="syz.4.1338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 636.640092][ T29] audit: type=1326 audit(1727164139.500:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10360 comm="syz.4.1338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 636.811184][ T29] audit: type=1326 audit(1727164139.680:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10360 comm="syz.4.1338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 636.885593][ T29] audit: type=1326 audit(1727164139.680:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10360 comm="syz.4.1338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 636.913604][ T29] audit: type=1326 audit(1727164139.690:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10360 comm="syz.4.1338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f396d17c890 code=0x7ffc0000 [ 636.935538][ T29] audit: type=1326 audit(1727164139.740:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10360 comm="syz.4.1338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f396d17f727 code=0x7ffc0000 [ 636.957942][ T29] audit: type=1326 audit(1727164139.740:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10360 comm="syz.4.1338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 638.683342][T10403] 9pnet_fd: Insufficient options for proto=fd [ 640.303677][T10415] coredump: 447(syz.0.1357): written to core: VMAs: 37, size 97550336; core: 71771290 bytes, pos 97558528 [ 641.647016][T10408] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1356'. [ 642.049408][ T29] kauditd_printk_skb: 33 callbacks suppressed [ 642.049427][ T29] audit: type=1326 audit(1727164145.020:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10437 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 642.146566][ T29] audit: type=1326 audit(1727164145.020:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10437 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 642.211633][ T29] audit: type=1326 audit(1727164145.030:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10437 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 642.258589][ T29] audit: type=1326 audit(1727164145.030:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10437 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 642.318715][ T29] audit: type=1326 audit(1727164145.030:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10437 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 642.371475][ T29] audit: type=1326 audit(1727164145.030:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10437 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 642.445430][T10450] 9pnet_fd: Insufficient options for proto=fd [ 642.457652][ T29] audit: type=1326 audit(1727164145.060:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10437 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 642.523662][ T29] audit: type=1326 audit(1727164145.060:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10437 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 642.596534][ T29] audit: type=1326 audit(1727164145.060:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10437 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f66c0d7c890 code=0x7ffc0000 [ 642.643369][ T29] audit: type=1326 audit(1727164145.060:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10437 comm="syz.3.1365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f66c0d7f727 code=0x7ffc0000 [ 643.516858][T10468] smc: net device bond0 applied user defined pnetid SYZ0 [ 643.568197][T10468] smc: net device bond0 erased user defined pnetid SYZ0 [ 644.417570][ T5826] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 645.492974][T10488] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 645.990961][ T5269] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 646.015232][T10518] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1391'. [ 646.142612][ T5269] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 646.163285][ T5269] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 646.207751][ T5269] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.234278][ T5269] usb 4-1: config 0 descriptor?? [ 646.258295][ T5269] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 647.174016][ T5235] Bluetooth: hci1: command 0x0406 tx timeout [ 648.846987][ T5301] usb 4-1: USB disconnect, device number 18 [ 648.924457][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 648.924476][ T29] audit: type=1326 audit(1727164151.900:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10586 comm="syz.3.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 648.960445][ T29] audit: type=1326 audit(1727164151.900:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10586 comm="syz.3.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 648.989254][ T29] audit: type=1326 audit(1727164151.930:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10586 comm="syz.3.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 649.019378][ T29] audit: type=1326 audit(1727164151.930:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10586 comm="syz.3.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 649.057070][ T29] audit: type=1326 audit(1727164151.930:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10586 comm="syz.3.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 649.116087][ T29] audit: type=1326 audit(1727164152.090:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10588 comm="syz.2.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f733357def9 code=0x7ffc0000 [ 649.148471][ T29] audit: type=1326 audit(1727164152.120:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10588 comm="syz.2.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f733357def9 code=0x7ffc0000 [ 649.181067][ T29] audit: type=1326 audit(1727164152.120:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10588 comm="syz.2.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f733357def9 code=0x7ffc0000 [ 649.205523][ T29] audit: type=1326 audit(1727164152.120:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10588 comm="syz.2.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f733357def9 code=0x7ffc0000 [ 649.230244][ T29] audit: type=1326 audit(1727164152.120:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10588 comm="syz.2.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f733357def9 code=0x7ffc0000 [ 650.220776][ T5301] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 650.542479][ T5301] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.600815][ T5301] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 650.609968][ T5301] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.622918][ T5301] usb 5-1: config 0 descriptor?? [ 650.634170][ T5301] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 650.809902][T10636] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1427'. [ 653.296940][ T5309] usb 5-1: USB disconnect, device number 13 [ 653.462430][T10656] macvlan2: entered promiscuous mode [ 653.468066][T10656] macvlan2: entered allmulticast mode [ 655.267190][T10689] syz.4.1446[10689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 655.267296][T10689] syz.4.1446[10689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 655.280349][T10690] usb usb1: usbfs: process 10690 (syz.0.1445) did not claim interface 0 before use [ 655.315780][T10689] syz.4.1446[10689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 655.569052][T10697] sg_write: data in/out 28/14 bytes for SCSI command 0x0-- guessing data in; [ 655.569052][T10697] program syz.0.1448 not setting count and/or reply_len properly [ 655.651541][T10702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1446'. [ 655.663339][ T29] kauditd_printk_skb: 120 callbacks suppressed [ 655.663356][ T29] audit: type=1326 audit(1727164158.640:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10700 comm="syz.1.1449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 655.736661][ T29] audit: type=1326 audit(1727164158.640:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10700 comm="syz.1.1449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 655.774818][ T29] audit: type=1326 audit(1727164158.680:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10700 comm="syz.1.1449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 655.795977][ T5269] hid (null): unknown global tag 0xc [ 655.805780][ T29] audit: type=1326 audit(1727164158.680:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10700 comm="syz.1.1449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 655.829143][ T29] audit: type=1326 audit(1727164158.680:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10700 comm="syz.1.1449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 655.835359][ T5269] hid-generic 000F:FFFF:0388.0004: unknown main item tag 0xd [ 655.859029][ T29] audit: type=1326 audit(1727164158.680:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10700 comm="syz.1.1449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 655.919058][ T29] audit: type=1326 audit(1727164158.680:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10700 comm="syz.1.1449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 655.920438][ T5269] hid-generic 000F:FFFF:0388.0004: unknown main item tag 0x4 [ 656.000798][ T5269] hid-generic 000F:FFFF:0388.0004: unknown main item tag 0x1 [ 656.008442][ T5269] hid-generic 000F:FFFF:0388.0004: unknown global tag 0xc [ 656.016279][ T5269] hid-generic 000F:FFFF:0388.0004: item 0 4 1 12 parsing failed [ 656.026841][ T5269] hid-generic 000F:FFFF:0388.0004: probe with driver hid-generic failed with error -22 [ 656.044374][ T29] audit: type=1326 audit(1727164158.680:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10700 comm="syz.1.1449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 656.096000][ T29] audit: type=1326 audit(1727164158.680:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10700 comm="syz.1.1449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 656.182208][ T29] audit: type=1326 audit(1727164158.690:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10700 comm="syz.1.1449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 657.154169][T10727] syz.2.1456[10727] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 657.154287][T10727] syz.2.1456[10727] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 657.223323][T10727] syz.2.1456[10727] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 657.531542][T10737] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 658.019769][T10742] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.119227][T10746] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1465'. [ 658.167895][T10742] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.218546][T10753] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1469'. [ 658.246293][T10753] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 658.261322][T10753] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 658.280092][T10753] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 658.299398][T10753] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 659.071441][T10742] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.477299][T10775] hub 8-0:1.0: USB hub found [ 659.485082][T10775] hub 8-0:1.0: 1 port detected [ 659.597920][T10762] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 659.632909][T10762] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 659.663879][T10762] bond0 (unregistering): Released all slaves [ 659.701184][T10742] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.892366][T10742] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.917478][T10742] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.943562][T10742] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.958877][T10742] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.304791][ T29] kauditd_printk_skb: 38 callbacks suppressed [ 661.304832][ T29] audit: type=1326 audit(1727164164.280:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10807 comm="syz.4.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 661.420008][ T29] audit: type=1326 audit(1727164164.280:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10807 comm="syz.4.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 661.802809][ T29] audit: type=1326 audit(1727164164.280:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10807 comm="syz.4.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 662.299003][ T29] audit: type=1326 audit(1727164164.290:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10811 comm="syz.4.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f396d1affe5 code=0x7ffc0000 [ 662.334682][T10818] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1489'. [ 662.379827][T10818] bridge_slave_1: left allmulticast mode [ 662.385771][ T29] audit: type=1326 audit(1727164164.290:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10807 comm="syz.4.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 662.416279][T10818] bridge_slave_1: left promiscuous mode [ 662.445937][ T29] audit: type=1326 audit(1727164164.290:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10807 comm="syz.4.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 662.460406][T10818] bridge0: port 2(bridge_slave_1) entered disabled state [ 662.568634][ T29] audit: type=1326 audit(1727164164.290:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10807 comm="syz.4.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 662.631260][T10818] bridge_slave_0: left allmulticast mode [ 662.636985][T10818] bridge_slave_0: left promiscuous mode [ 662.697836][T10818] bridge0: port 1(bridge_slave_0) entered disabled state [ 662.711266][ T29] audit: type=1326 audit(1727164164.290:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10807 comm="syz.4.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 662.800873][ T29] audit: type=1326 audit(1727164164.290:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10807 comm="syz.4.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 663.341997][ T29] audit: type=1326 audit(1727164164.440:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10811 comm="syz.4.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f396d17def9 code=0x7ffc0000 [ 665.022723][T10869] bridge: RTM_NEWNEIGH with invalid ether address [ 666.433135][T10881] coredump: 604(syz.2.1512): written to core: VMAs: 35, size 97419264; core: 71767082 bytes, pos 97427456 [ 667.234566][ T29] audit: type=1326 audit(1727164170.210:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10909 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 667.551401][ T29] audit: type=1326 audit(1727164170.310:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10909 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 667.630749][ T29] audit: type=1326 audit(1727164170.560:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10909 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 667.760664][ T29] audit: type=1326 audit(1727164170.560:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10909 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 667.849727][ T29] audit: type=1326 audit(1727164170.560:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10909 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 667.978218][ T29] audit: type=1326 audit(1727164170.560:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10909 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 668.192199][ T29] audit: type=1326 audit(1727164170.560:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10909 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 668.464741][ T29] audit: type=1326 audit(1727164170.560:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10909 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 668.580783][ T29] audit: type=1326 audit(1727164170.570:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10909 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 668.670877][ T29] audit: type=1326 audit(1727164170.570:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10909 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f66c0d7fe17 code=0x7ffc0000 [ 669.060835][T10924] netlink: 'syz.0.1528': attribute type 10 has an invalid length. [ 669.114178][T10924] veth1_macvtap: left promiscuous mode [ 670.034664][T10936] coredump: 563(syz.1.1531): written to core: VMAs: 35, size 97419264; core: 71771178 bytes, pos 97427456 [ 671.259655][T10947] can0: slcan on ttyS3. [ 671.353956][T10947] can0 (unregistered): slcan off ttyS3. [ 671.375881][T10947] Falling back ldisc for ttyS3. [ 672.966604][T10832] coredump: 531(syz.0.1493): written to core: VMAs: 37, size 97550336; core: 71771290 bytes, pos 97558528 [ 675.129534][T10991] bridge0: port 4(vlan3) entered blocking state [ 675.151917][T10994] syz.2.1549[10994] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 675.152028][T10994] syz.2.1549[10994] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 675.176334][T10991] bridge0: port 4(vlan3) entered disabled state [ 675.207005][T10994] syz.2.1549[10994] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 675.214128][T10991] vlan3: entered allmulticast mode [ 675.261998][T10991] vlan3: left allmulticast mode [ 675.556723][ T6624] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 678.757713][T11020] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 678.829581][T11038] can0: slcan on ttyS3. [ 679.819415][T11038] can0 (unregistered): slcan off ttyS3. [ 679.854436][T11050] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1571'. [ 679.863645][T11050] openvswitch: netlink: Flow key attr not present in new flow. [ 680.226853][T11056] pim6reg: entered allmulticast mode [ 680.290806][T11056] pim6reg: left allmulticast mode [ 680.526556][ T29] kauditd_printk_skb: 33 callbacks suppressed [ 680.526595][ T29] audit: type=1326 audit(1727164183.500:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11065 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 680.647118][ T29] audit: type=1326 audit(1727164183.500:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11065 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 680.686779][ T29] audit: type=1326 audit(1727164183.530:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11065 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 680.747958][ T29] audit: type=1326 audit(1727164183.530:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11065 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 680.830961][ T29] audit: type=1326 audit(1727164183.530:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11065 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 680.907430][ T29] audit: type=1326 audit(1727164183.530:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11065 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 680.911492][T11076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1584'. [ 680.964942][T11082] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1585'. [ 680.971330][ T29] audit: type=1326 audit(1727164183.530:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11065 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 681.032824][T11076] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 681.043542][ T29] audit: type=1326 audit(1727164183.540:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11065 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 681.088099][ T29] audit: type=1326 audit(1727164183.540:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11065 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=5 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 681.121216][T11076] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 681.140228][ T29] audit: type=1326 audit(1727164183.540:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11065 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 681.216987][T11076] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 681.333139][T11076] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 681.528996][T11076] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.578732][T11076] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.625432][T11076] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.678289][T11076] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.294522][T11091] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 682.302009][T11091] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 682.469534][T11091] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 682.476029][T11091] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 682.482475][T11091] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 682.488605][T11091] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 683.972268][T11126] hub 9-0:1.0: USB hub found [ 683.977292][T11126] hub 9-0:1.0: 8 ports detected [ 684.221287][ T5235] Bluetooth: hci4: command 0x0c1a tx timeout [ 684.380862][ T5235] Bluetooth: hci2: command 0x0c1a tx timeout [ 684.556228][ T5235] Bluetooth: hci1: command 0x0406 tx timeout [ 684.563040][ T5235] Bluetooth: hci3: command 0x0c1a tx timeout [ 684.571293][ T5235] Bluetooth: hci0: command 0x0c1a tx timeout [ 685.498871][T11141] coredump: 575(syz.3.1610): written to core: VMAs: 35, size 97419264; core: 71771178 bytes, pos 97427456 [ 686.068194][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.074759][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.615964][ T5230] Bluetooth: hci1: command 0x0406 tx timeout [ 687.015657][T11116] coredump: 294(syz.4.1594): interrupted: fatal signal pending [ 687.048527][T11116] coredump: 294(syz.4.1594): written to core: VMAs: 37, size 97550336; core: 12940442 bytes, pos 13520896 [ 687.647748][T11165] hub 9-0:1.0: USB hub found [ 687.655582][T11165] hub 9-0:1.0: 8 ports detected [ 688.527153][ T29] kauditd_printk_skb: 19 callbacks suppressed [ 688.527173][ T29] audit: type=1326 audit(1727164191.500:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11183 comm="syz.3.1627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 688.608446][ T29] audit: type=1326 audit(1727164191.530:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11183 comm="syz.3.1627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 688.712891][ T29] audit: type=1326 audit(1727164191.540:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11183 comm="syz.3.1627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 688.790840][ T29] audit: type=1326 audit(1727164191.540:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11183 comm="syz.3.1627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 688.868347][ T29] audit: type=1326 audit(1727164191.540:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11183 comm="syz.3.1627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 688.929845][ T29] audit: type=1326 audit(1727164191.540:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11183 comm="syz.3.1627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 689.043871][ T29] audit: type=1326 audit(1727164191.540:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11183 comm="syz.3.1627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 689.225472][ T29] audit: type=1326 audit(1727164191.540:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11183 comm="syz.3.1627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 689.360721][ T29] audit: type=1326 audit(1727164191.540:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11183 comm="syz.3.1627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 689.468354][ T29] audit: type=1326 audit(1727164191.540:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11183 comm="syz.3.1627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66c0d7def9 code=0x7ffc0000 [ 689.537586][T11210] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1633'. [ 689.702017][ T47] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 689.865127][ T47] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 689.879608][ T47] usb 4-1: New USB device found, idVendor=0421, idProduct=042f, bcdDevice=bc.fe [ 689.898818][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.925025][T11221] hub 9-0:1.0: USB hub found [ 689.930801][T11221] hub 9-0:1.0: 8 ports detected [ 689.997292][ T47] usb 4-1: config 0 descriptor?? [ 690.587949][ T5269] usb 4-1: USB disconnect, device number 19 [ 690.734682][T11226] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 691.695944][T11264] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 692.520804][ T5219] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 692.676290][ T5219] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 692.696849][ T5219] usb 2-1: New USB device found, idVendor=0421, idProduct=042f, bcdDevice=bc.fe [ 692.720640][ T5219] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 692.751226][ T5219] usb 2-1: config 0 descriptor?? [ 692.972317][ T8] usb 2-1: USB disconnect, device number 17 [ 693.149486][T11293] vhci_hcd: default hub control req: 800e v1303 i0000 l0 [ 695.153544][T11327] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1677'. [ 695.166425][T11327] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1677'. [ 695.426357][T11333] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 697.121108][T11359] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1691'. [ 697.162322][T11359] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 697.200386][T11359] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 697.222878][T11359] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 697.251939][T11359] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 697.510671][ T5309] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 697.644303][T11368] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 697.682692][ T5309] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 697.711845][ T5309] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 697.745714][ T5309] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 697.777544][ T5309] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.808596][ T5309] usb 4-1: config 0 descriptor?? [ 698.502210][T11384] netlink: 4580 bytes leftover after parsing attributes in process `syz.4.1698'. [ 698.526283][T11384] netlink: 4580 bytes leftover after parsing attributes in process `syz.4.1698'. [ 698.540883][ T5309] usbhid 4-1:0.0: can't add hid device: -71 [ 698.546952][ T5309] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 698.552074][T11384] netlink: 69 bytes leftover after parsing attributes in process `syz.4.1698'. [ 698.598173][T11380] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1698'. [ 698.632130][T11380] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1698'. [ 698.640718][ T5309] usb 4-1: USB disconnect, device number 20 [ 698.664275][T11380] macvlan2: entered promiscuous mode [ 698.669873][T11380] macvlan2: entered allmulticast mode [ 699.466423][T11397] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 700.991021][T11416] pim6reg1: entered promiscuous mode [ 701.018007][T11416] pim6reg1: entered allmulticast mode [ 702.963176][T11433] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 704.237413][T11439] coredump: 629(syz.3.1716): written to core: VMAs: 35, size 97419264; core: 71771178 bytes, pos 97427456 [ 704.864948][T11442] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1717'. [ 706.236869][T11459] block device autoloading is deprecated and will be removed. [ 706.257178][T11459] syz.0.1723: attempt to access beyond end of device [ 706.257178][T11459] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 706.308786][T11464] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 706.680443][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 707.108212][T11481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1731'. [ 709.353189][T11497] hub 9-0:1.0: USB hub found [ 709.366351][T11497] hub 9-0:1.0: 8 ports detected [ 710.988471][T11510] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 711.757906][T11485] coredump: 662(syz.0.1730): interrupted: fatal signal pending [ 711.794165][T11485] coredump: 662(syz.0.1730): written to core: VMAs: 37, size 97550336; core: 5448858 bytes, pos 6033408 [ 712.314610][T11522] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1744'. [ 718.366817][ T5235] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 718.527071][ T5235] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 718.535732][ T5235] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 718.544281][ T5235] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 718.553185][ T5235] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 718.561943][ T5235] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 721.865130][ T5235] Bluetooth: hci5: command tx timeout [ 722.481701][ T74] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 722.557309][T11569] chnl_net:caif_netlink_parms(): no params data found [ 723.437271][ T74] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 723.560059][ T74] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 723.725184][ T74] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 723.892594][ T5235] Bluetooth: hci5: command tx timeout [ 724.073166][T11569] bridge0: port 1(bridge_slave_0) entered blocking state [ 724.099571][T11569] bridge0: port 1(bridge_slave_0) entered disabled state [ 724.117986][T11569] bridge_slave_0: entered allmulticast mode [ 724.131370][T11569] bridge_slave_0: entered promiscuous mode [ 724.182065][T11569] bridge0: port 2(bridge_slave_1) entered blocking state [ 724.199564][T11569] bridge0: port 2(bridge_slave_1) entered disabled state [ 724.208719][T11569] bridge_slave_1: entered allmulticast mode [ 724.225799][T11569] bridge_slave_1: entered promiscuous mode [ 724.454280][T11569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 724.466022][ T74] bridge_slave_1: left allmulticast mode [ 724.471864][ T74] bridge_slave_1: left promiscuous mode [ 724.477866][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 724.501960][ T74] bridge_slave_0: left allmulticast mode [ 724.507627][ T74] bridge_slave_0: left promiscuous mode [ 724.535388][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.971903][ T5235] Bluetooth: hci5: command tx timeout [ 726.060518][T11614] coredump: 668(syz.3.1766): interrupted: fatal signal pending [ 726.070426][T11614] coredump: 668(syz.3.1766): written to core: VMAs: 37, size 97550336; core: 11879578 bytes, pos 12455936 [ 727.508591][ T74] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 727.519986][ T74] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 727.535504][ T74] bond0 (unregistering): Released all slaves [ 727.549674][T11569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.666117][T11569] team0: Port device team_slave_0 added [ 727.696492][T11569] team0: Port device team_slave_1 added [ 727.744271][T11569] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 727.762198][T11569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 727.816392][T11569] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 727.845879][T11569] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 727.865963][T11569] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 727.927164][T11569] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 728.013599][T11569] hsr_slave_0: entered promiscuous mode [ 728.028398][T11569] hsr_slave_1: entered promiscuous mode [ 728.045227][T11569] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 728.055378][ T5235] Bluetooth: hci5: command tx timeout [ 728.073491][T11569] Cannot create hsr debugfs directory [ 728.488511][T11569] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 728.514062][T11569] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 728.546921][T11569] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 728.568245][T11569] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 728.630141][T11569] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.637306][T11569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 728.644701][T11569] bridge0: port 1(bridge_slave_0) entered blocking state [ 728.651835][T11569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 728.791482][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 728.805993][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 728.824690][T11638] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR [ 729.842250][T11569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 729.952546][T11569] 8021q: adding VLAN 0 to HW filter on device team0 [ 730.226876][ T6634] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.234116][ T6634] bridge0: port 1(bridge_slave_0) entered forwarding state [ 732.395938][ T74] hsr_slave_0: left promiscuous mode [ 732.409601][ T74] hsr_slave_1: left promiscuous mode [ 732.425354][ T74] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 732.477596][ T74] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 732.503669][ T74] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 732.517813][ T74] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 732.570848][ T74] veth0_macvtap: left promiscuous mode [ 732.592166][ T74] veth1_vlan: left promiscuous mode [ 732.609375][ T74] veth0_vlan: left promiscuous mode [ 732.652991][ T5230] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 732.667866][ T5230] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 732.676395][ T5230] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 732.684730][ T5230] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 732.696042][ T5230] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 732.703799][ T5230] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 734.771191][ T5230] Bluetooth: hci2: command tx timeout [ 735.037513][ T5235] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 735.054688][ T5235] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 735.063301][ T5235] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 735.071831][ T5235] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 735.085936][ T5235] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 735.093590][ T5235] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 736.525140][ T74] team0 (unregistering): Port device team_slave_1 removed [ 736.646399][ T74] team0 (unregistering): Port device team_slave_0 removed [ 736.855500][ T5230] Bluetooth: hci2: command tx timeout [ 737.170972][ T5230] Bluetooth: hci6: command tx timeout [ 737.557887][ T6634] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.565014][ T6634] bridge0: port 2(bridge_slave_1) entered forwarding state [ 737.585085][T11674] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 737.603571][T11675] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1786'. [ 737.719467][T11674] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 737.920158][T11674] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.045396][T11674] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.495609][T11569] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 738.573960][ T74] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.619542][T11692] chnl_net:caif_netlink_parms(): no params data found [ 738.662768][ T74] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.701443][T11674] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.711637][T11677] chnl_net:caif_netlink_parms(): no params data found [ 738.749227][T11722] macvlan2: entered promiscuous mode [ 738.755922][T11722] macvlan2: entered allmulticast mode [ 738.776277][T11674] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.805079][T11674] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.837608][ T74] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.880412][T11674] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.976858][ T5230] Bluetooth: hci2: command tx timeout [ 739.145821][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 739.250668][ T5230] Bluetooth: hci6: command tx timeout [ 739.674236][ T74] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.834936][T11692] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.849447][T11692] bridge0: port 1(bridge_slave_0) entered disabled state [ 739.858775][T11692] bridge_slave_0: entered allmulticast mode [ 739.874448][T11692] bridge_slave_0: entered promiscuous mode [ 739.969486][T11692] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.986662][T11692] bridge0: port 2(bridge_slave_1) entered disabled state [ 740.009085][T11692] bridge_slave_1: entered allmulticast mode [ 740.016473][T11692] bridge_slave_1: entered promiscuous mode [ 740.108881][T11677] bridge0: port 1(bridge_slave_0) entered blocking state [ 740.381000][T11677] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.011312][ T5230] Bluetooth: hci2: command tx timeout [ 741.042190][T11677] bridge_slave_0: entered allmulticast mode [ 741.330844][ T5230] Bluetooth: hci6: command tx timeout [ 741.694180][T11745] coredump: 788(syz.2.1802): written to core: VMAs: 35, size 97419264; core: 71775274 bytes, pos 97427456 [ 741.774069][T11677] bridge_slave_0: entered promiscuous mode [ 741.781837][T11742] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 741.795003][T11742] Error parsing options; rc = [-22] [ 741.803549][T11677] bridge0: port 2(bridge_slave_1) entered blocking state [ 741.901449][T11677] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.909699][T11677] bridge_slave_1: entered allmulticast mode [ 741.935345][T11677] bridge_slave_1: entered promiscuous mode [ 742.133925][T11677] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 742.146131][T11677] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 742.223664][T11692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 742.236372][T11692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 742.805421][T11569] veth0_vlan: entered promiscuous mode [ 742.906629][T11677] team0: Port device team_slave_0 added [ 742.972376][ T74] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.008158][T11677] team0: Port device team_slave_1 added [ 743.038358][T11569] veth1_vlan: entered promiscuous mode [ 743.349097][ T74] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.412465][ T5230] Bluetooth: hci6: command tx timeout [ 743.535625][T11692] team0: Port device team_slave_0 added [ 743.848871][T11677] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 743.880421][T11677] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 743.922230][T11677] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 743.994427][ T74] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 744.060398][T11692] team0: Port device team_slave_1 added [ 744.111267][T11677] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 744.130765][T11677] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 744.227002][T11677] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 744.498055][ T74] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 745.042133][T11692] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 745.049262][T11692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 745.179913][T11692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 745.181298][T11770] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 745.206415][T11770] Error parsing options; rc = [-22] [ 745.316933][T11692] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 745.361616][T11692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 745.587038][T11692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 745.884915][T11677] hsr_slave_0: entered promiscuous mode [ 745.918927][T11677] hsr_slave_1: entered promiscuous mode [ 745.926513][T11677] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 745.935593][T11677] Cannot create hsr debugfs directory [ 745.985802][T11569] veth0_macvtap: entered promiscuous mode [ 746.051774][T11692] hsr_slave_0: entered promiscuous mode [ 746.060388][T11692] hsr_slave_1: entered promiscuous mode [ 746.081816][T11692] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 746.099628][T11692] Cannot create hsr debugfs directory [ 746.111121][T11569] veth1_macvtap: entered promiscuous mode [ 746.329439][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 746.353149][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.375832][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 746.400638][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.420623][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 746.648965][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.796401][T11569] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 747.285822][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 747.340687][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.367663][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 747.390769][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.400812][T11569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 747.412912][T11569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.430123][T11569] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 747.443686][T11569] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.452542][T11569] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.461321][T11569] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.470039][T11569] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.492545][ T74] bridge_slave_1: left allmulticast mode [ 747.495274][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.498238][ T74] bridge_slave_1: left promiscuous mode [ 747.510285][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 747.510476][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.546927][ T74] bridge_slave_0: left allmulticast mode [ 747.552699][ T74] bridge_slave_0: left promiscuous mode [ 747.558459][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 749.225142][T11796] coredump: 757(syz.1.1819): written to core: VMAs: 35, size 97419264; core: 71771178 bytes, pos 97427456 [ 749.255797][T11795] coredump: 805(syz.2.1820): written to core: VMAs: 35, size 97419264; core: 71775274 bytes, pos 97427456 [ 750.006279][T11793] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 750.020041][T11793] Error parsing options; rc = [-22] [ 751.147083][T11767] coredump: 794(syz.2.1808): written to core: VMAs: 37, size 97550336; core: 71783578 bytes, pos 97558528 [ 751.258583][ T74] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 751.286657][ T74] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 751.318808][ T74] bond0 (unregistering): Released all slaves [ 751.743415][ T74] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 751.762574][ T74] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 751.792356][ T74] bond0 (unregistering): Released all slaves [ 752.109934][T11772] coredump: 744(syz.1.1811): written to core: VMAs: 37, size 97550336; core: 71779482 bytes, pos 97558528 [ 752.592390][ T1123] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 752.610889][ T1123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 752.976183][ T1123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 753.000850][ T1123] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 754.438935][ T74] hsr_slave_0: left promiscuous mode [ 754.445972][ T74] hsr_slave_1: left promiscuous mode [ 754.474209][ T74] hsr_slave_0: left promiscuous mode [ 754.519958][ T74] hsr_slave_1: left promiscuous mode [ 754.731042][ T74] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 754.738550][ T74] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 754.756945][ T74] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 754.767137][ T74] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 755.434843][T11823] coredump: 13(syz.0.1828): written to core: VMAs: 34, size 97345536; core: 71762930 bytes, pos 97353728 [ 756.127894][ T74] veth1_macvtap: left promiscuous mode [ 756.134651][ T74] veth0_macvtap: left promiscuous mode [ 756.141951][ T74] veth1_vlan: left promiscuous mode [ 756.147377][ T74] veth0_vlan: left promiscuous mode [ 756.172152][ T74] veth1_macvtap: left promiscuous mode [ 756.180691][ T74] veth0_macvtap: left promiscuous mode [ 756.186331][ T74] veth1_vlan: left promiscuous mode [ 756.200815][ T74] veth0_vlan: left promiscuous mode [ 758.112144][ T74] team0 (unregistering): Port device team_slave_1 removed [ 758.346291][ T5235] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 758.384483][T11840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 758.411514][ T74] team0 (unregistering): Port device team_slave_0 removed [ 758.433624][T11840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 758.597008][T11840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 758.606075][T11840] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 758.615291][T11840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 760.056319][ T74] team0 (unregistering): Port device team_slave_1 removed [ 760.107571][ T74] team0 (unregistering): Port device team_slave_0 removed [ 760.690810][T11840] Bluetooth: hci1: command tx timeout [ 760.726264][T11692] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 761.663930][T11692] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 761.686946][T11692] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 761.716191][T11851] 9pnet: Could not find request transport: 0xffffffffffffffff [ 761.867170][T11692] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 762.098774][T11692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 762.215232][T11838] chnl_net:caif_netlink_parms(): no params data found [ 762.252926][T11692] 8021q: adding VLAN 0 to HW filter on device team0 [ 762.300333][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 762.307513][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 762.359070][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 762.366276][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 762.500073][T11838] bridge0: port 1(bridge_slave_0) entered blocking state [ 762.520883][T11838] bridge0: port 1(bridge_slave_0) entered disabled state [ 762.531671][T11838] bridge_slave_0: entered allmulticast mode [ 762.538857][T11838] bridge_slave_0: entered promiscuous mode [ 762.611167][T11838] bridge0: port 2(bridge_slave_1) entered blocking state [ 762.618433][T11838] bridge0: port 2(bridge_slave_1) entered disabled state [ 762.630891][T11838] bridge_slave_1: entered allmulticast mode [ 762.638112][T11838] bridge_slave_1: entered promiscuous mode [ 762.723068][T11677] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 762.748999][T11677] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 762.770877][T11840] Bluetooth: hci1: command tx timeout [ 762.809580][T11838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 762.834280][T11838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 762.890119][T11677] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 762.920815][T11677] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 762.965816][T11838] team0: Port device team_slave_0 added [ 763.002940][T11838] team0: Port device team_slave_1 added [ 763.096644][T11882] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 763.127656][ T74] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.167714][T11838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 763.176635][T11838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 763.216248][T11838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 763.237263][T11838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 763.247937][T11838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 763.283214][T11838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 763.317770][ T74] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.369506][T11692] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 763.404795][ T74] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.523318][ T74] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.573892][T11838] hsr_slave_0: entered promiscuous mode [ 763.580977][T11838] hsr_slave_1: entered promiscuous mode [ 763.595319][T11838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 763.603231][T11838] Cannot create hsr debugfs directory [ 764.858351][T11840] Bluetooth: hci1: command tx timeout [ 764.891068][ T74] bridge_slave_1: left allmulticast mode [ 764.896891][ T74] bridge_slave_1: left promiscuous mode [ 764.903323][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.914613][ T74] bridge_slave_0: left allmulticast mode [ 764.920299][ T74] bridge_slave_0: left promiscuous mode [ 764.926341][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 765.378373][T11912] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 765.396138][T11677] 8021q: adding VLAN 0 to HW filter on device bond0 [ 765.512832][T11677] 8021q: adding VLAN 0 to HW filter on device team0 [ 765.546675][T11692] veth0_vlan: entered promiscuous mode [ 765.555675][ T6634] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.562891][ T6634] bridge0: port 1(bridge_slave_0) entered forwarding state [ 765.591395][ T6634] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.598527][ T6634] bridge0: port 2(bridge_slave_1) entered forwarding state [ 765.668820][ T74] hsr_slave_0: left promiscuous mode [ 765.680108][ T74] hsr_slave_1: left promiscuous mode [ 765.694307][ T74] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 765.702028][ T74] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 765.709974][ T74] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 765.717762][ T74] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 765.738078][ T74] veth1_macvtap: left promiscuous mode [ 765.744485][ T74] veth0_macvtap: left promiscuous mode [ 765.750362][ T74] veth1_vlan: left promiscuous mode [ 765.755746][ T74] veth0_vlan: left promiscuous mode [ 766.266874][ T74] team0 (unregistering): Port device team_slave_1 removed [ 766.324539][ T74] team0 (unregistering): Port device team_slave_0 removed [ 766.930759][T11840] Bluetooth: hci1: command tx timeout [ 767.033504][T11692] veth1_vlan: entered promiscuous mode [ 767.142921][T11838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 767.214496][T11838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 767.260122][T11692] veth0_macvtap: entered promiscuous mode [ 767.275859][T11838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 767.301526][T11838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 767.327753][T11692] veth1_macvtap: entered promiscuous mode [ 767.388908][T11677] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 767.494528][T11692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.516562][T11692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.539279][T11692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.554030][T11692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.608139][T11692] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 767.637902][T11692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.656861][T11692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.668661][T11692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.695307][T11692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.726974][T11692] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 767.790082][T11692] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.799177][T11692] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.817293][T11692] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.827402][T11692] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 768.609818][T11838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 768.630106][T11677] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 768.804911][T11838] 8021q: adding VLAN 0 to HW filter on device team0 [ 768.846879][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 768.871269][T11949] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1857'. [ 768.873078][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 768.900178][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 768.907378][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 768.943714][T11677] veth0_vlan: entered promiscuous mode [ 768.953383][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.960574][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 768.983967][ T6634] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 768.990386][T11677] veth1_vlan: entered promiscuous mode [ 769.002057][ T6634] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 769.656859][T11677] veth0_macvtap: entered promiscuous mode [ 769.668618][T11677] veth1_macvtap: entered promiscuous mode [ 769.747015][T11677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 769.785403][T11677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.809806][T11677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 769.834218][T11677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.845285][T11961] hub 8-0:1.0: USB hub found [ 769.850171][T11961] hub 8-0:1.0: 1 port detected [ 769.864966][T11677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 769.904533][T11677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.935601][T11677] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 769.983869][T11956] tun0: tun_chr_ioctl cmd 1074025677 [ 770.010036][T11956] tun0: linktype set to 512 [ 770.192317][T11677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.209801][T11677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.233278][T11677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.258484][T11677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.285868][T11677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.309776][T11677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.336843][T11677] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 770.407884][T11677] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.439706][T11677] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.460956][T11677] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.475536][ T6634] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 770.510812][T11677] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.969372][T11974] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1863'. [ 771.115419][T11838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 771.379632][ T5826] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 771.408520][ T5826] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 772.262581][T11838] veth0_vlan: entered promiscuous mode [ 772.552305][ T6624] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 772.560923][ T6624] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 772.680172][T11838] veth1_vlan: entered promiscuous mode [ 772.705421][T11838] veth0_macvtap: entered promiscuous mode [ 772.715271][T11838] veth1_macvtap: entered promiscuous mode [ 772.734216][T11838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 772.744798][T11838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 772.754858][T11838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 772.765539][T11838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 772.775649][T11838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 772.786517][T11838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 772.796411][T11838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 772.807012][T11838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 772.818216][T11838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 772.904230][T11838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 772.915401][T11838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 772.926317][T11838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 772.939758][T11838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 772.951770][T11838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 772.994999][T11838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.027606][T11838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 773.060071][T11838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.078867][T11838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 773.098588][T11986] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1783'. [ 773.657888][T11838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.696525][T11838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.706335][T11838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.718277][T11838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.796390][T12004] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1872'. [ 775.203184][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 775.245878][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 775.296275][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 775.320757][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 775.709191][T12027] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1880'. [ 776.691218][T12039] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1883'. [ 778.616140][T12068] syz.0.1894[12068] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 778.616221][T12068] syz.0.1894[12068] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 778.647501][T12068] syz.0.1894[12068] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 779.060771][T12068] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1894'. [ 780.789757][T12100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1906'. [ 780.883755][T12100] bond1: entered promiscuous mode [ 780.899680][T12100] bond1: entered allmulticast mode [ 780.905724][T12100] 8021q: adding VLAN 0 to HW filter on device bond1 [ 782.129669][ T29] kauditd_printk_skb: 77 callbacks suppressed [ 782.129689][ T29] audit: type=1326 audit(1727164285.100:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 782.257878][ T29] audit: type=1326 audit(1727164285.180:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 783.652206][ T5219] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 784.624945][ T5219] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 784.680742][ T5219] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 784.693010][ T5219] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 784.702217][ T5219] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.587187][T12147] coredump: 38(syz.3.1920): written to core: VMAs: 35, size 97419264; core: 71767082 bytes, pos 97427456 [ 785.663312][ T5219] usb 5-1: config 0 descriptor?? [ 786.740743][ T29] audit: type=1326 audit(1727164289.700:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 786.824713][ T29] audit: type=1326 audit(1727164289.700:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 786.917820][ T29] audit: type=1326 audit(1727164289.740:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 787.053104][ T29] audit: type=1326 audit(1727164289.740:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 787.111339][ T29] audit: type=1326 audit(1727164289.740:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 787.133745][ T29] audit: type=1326 audit(1727164289.750:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 787.155582][ T29] audit: type=1326 audit(1727164289.750:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 787.372736][ T29] audit: type=1326 audit(1727164289.750:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 787.395644][ T29] audit: type=1326 audit(1727164289.750:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 787.417960][ T29] audit: type=1326 audit(1727164289.750:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 787.440588][ T29] audit: type=1326 audit(1727164289.750:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12154 comm="syz.2.1924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 790.106562][ T5219] usb 5-1: can't set config #0, error -71 [ 790.146364][ T5219] usb 5-1: USB disconnect, device number 14 [ 790.328495][T12183] program syz.1.1933 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 790.341708][T12185] syz.2.1934: attempt to access beyond end of device [ 790.341708][T12185] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 792.853209][T12231] syz.1.1951: attempt to access beyond end of device [ 792.853209][T12231] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 796.169691][T12261] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1961'. [ 796.181727][T12261] xt_hashlimit: size too large, truncated to 1048576 [ 796.350920][T12268] syz.4.1964: attempt to access beyond end of device [ 796.350920][T12268] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 802.539176][ T1123] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 803.325367][T12317] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1979'. [ 803.580835][ T5219] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 804.971075][T12338] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1984'. [ 805.129108][T12338] xt_hashlimit: size too large, truncated to 1048576 [ 805.651144][ T5219] usb 5-1: device descriptor read/all, error -71 [ 806.533454][ T29] audit: type=1326 audit(1727164309.510:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12353 comm="syz.1.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 806.640653][ T29] audit: type=1326 audit(1727164309.520:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12353 comm="syz.1.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 806.766458][ T29] audit: type=1326 audit(1727164309.520:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12353 comm="syz.1.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 806.847611][ T29] audit: type=1326 audit(1727164309.520:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12353 comm="syz.1.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 806.965983][ T29] audit: type=1326 audit(1727164309.520:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12353 comm="syz.1.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 807.047368][ T29] audit: type=1326 audit(1727164309.520:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12353 comm="syz.1.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 807.170756][ T29] audit: type=1326 audit(1727164309.520:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12353 comm="syz.1.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fa97def9 code=0x7ffc0000 [ 809.015125][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.021561][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.988883][ T29] audit: type=1326 audit(1727164313.960:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12394 comm="syz.2.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 811.069550][ T29] audit: type=1326 audit(1727164313.960:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12394 comm="syz.2.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 811.160407][ T29] audit: type=1326 audit(1727164313.990:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12394 comm="syz.2.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 813.230625][ T5297] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 814.118945][ T5297] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 814.129623][ T5297] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 814.150301][ T5297] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 814.159960][ T5297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 814.170001][ T5297] usb 5-1: SerialNumber: syz [ 814.267914][T12439] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2017'. [ 814.285432][T12439] xt_hashlimit: size too large, truncated to 1048576 [ 817.097574][T12471] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2029'. [ 817.430630][ T5308] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 817.660857][ T5308] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 817.782033][ T5308] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 817.864653][ T5308] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 817.950697][ T5308] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 818.042610][ T5308] usb 3-1: config 0 descriptor?? [ 818.286905][ T5297] usb 5-1: can't set config #1, error -71 [ 818.294583][ T5297] usb 5-1: USB disconnect, device number 17 [ 820.646773][T12511] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2041'. [ 820.887824][ T5308] usbhid 3-1:0.0: can't add hid device: -71 [ 820.894225][ T5308] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 820.906529][ T5308] usb 3-1: USB disconnect, device number 18 [ 821.121961][T12522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2047'. [ 821.586083][T12537] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2054'. [ 822.873733][T12559] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2061'. [ 823.110644][ T5308] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 823.118834][T12508] coredump: 111(syz.3.2032): interrupted: fatal signal pending [ 823.169137][T12508] coredump: 111(syz.3.2032): written to core: VMAs: 37, size 97550336; core: 12739738 bytes, pos 13320192 [ 823.277517][ T5308] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 823.320883][ T5308] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 823.343173][ T5308] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 823.383386][ T5308] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 823.438929][ T5308] usb 2-1: config 0 descriptor?? [ 824.012285][T12578] hub 9-0:1.0: USB hub found [ 824.241266][T12578] hub 9-0:1.0: 8 ports detected [ 824.540888][T12580] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2068'. [ 826.173323][T12595] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2073'. [ 826.477823][T12601] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2079'. [ 826.612497][ T5308] usbhid 2-1:0.0: can't add hid device: -71 [ 826.619101][ T5308] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 826.632749][ T5308] usb 2-1: USB disconnect, device number 18 [ 826.856838][T12613] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2083'. [ 827.347909][T12630] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2090'. [ 828.429484][T12641] hub 9-0:1.0: USB hub found [ 828.508615][T12641] hub 9-0:1.0: 8 ports detected [ 828.603486][T12650] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2096'. [ 829.760929][ T8] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 829.847634][T12667] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2103'. [ 830.914764][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 830.925738][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 830.935530][ T8] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 830.944678][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 830.954401][ T8] usb 4-1: config 0 descriptor?? [ 832.409339][ T8] usbhid 4-1:0.0: can't add hid device: -71 [ 832.437652][ T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 832.508184][T12697] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2114'. [ 832.624496][ T8] usb 4-1: USB disconnect, device number 21 [ 832.624731][T12697] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2114'. [ 832.769044][T12702] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2116'. [ 833.038205][T12697] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2114'. [ 834.284980][T12725] hub 9-0:1.0: USB hub found [ 834.373991][T12725] hub 9-0:1.0: 8 ports detected [ 834.633410][T12734] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2129'. [ 835.762624][ T53] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 836.348785][T12767] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2141'. [ 836.686399][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 836.686422][ T29] audit: type=1326 audit(1727164339.660:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12775 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 836.836306][ T29] audit: type=1326 audit(1727164339.660:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12775 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 836.974163][ T29] audit: type=1326 audit(1727164339.660:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12775 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 837.075772][ T29] audit: type=1326 audit(1727164339.660:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12775 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b197def9 code=0x7ffc0000 [ 837.601169][T12798] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2155'. [ 839.040153][T12810] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 839.358678][T12810] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 839.406147][T12810] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 839.433025][T12810] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 839.494462][T12810] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 839.540775][T12810] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 839.581374][T12810] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 839.620727][T12810] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 839.626827][T12810] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 839.668981][T12810] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 839.693253][T12810] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 839.719573][T12810] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 839.778920][T12810] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 839.873143][T12826] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2167'. [ 840.380994][T11840] Bluetooth: hci0: command 0x0c1a tx timeout [ 841.627777][ T5230] Bluetooth: hci5: command 0x0c1a tx timeout [ 841.627836][T11840] Bluetooth: hci2: command 0x0c1a tx timeout [ 841.674172][T11840] Bluetooth: hci6: command 0x0c1a tx timeout [ 841.741365][T11840] Bluetooth: hci1: command 0x0c1a tx timeout [ 842.441694][ T5297] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 842.500897][T12862] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2180'. [ 842.640693][ T5297] usb 3-1: device descriptor read/64, error -71 [ 842.965506][ T5297] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 843.140984][ T5297] usb 3-1: device descriptor read/64, error -71 [ 843.295376][ T5297] usb usb3-port1: attempt power cycle [ 843.650902][T11840] Bluetooth: hci2: command 0x0c1a tx timeout [ 843.657080][T11840] Bluetooth: hci5: command 0x0c1a tx timeout [ 843.730652][ T5230] Bluetooth: hci6: command 0x0c1a tx timeout [ 843.790784][ T5297] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 843.810712][ T5230] Bluetooth: hci1: command 0x0c1a tx timeout [ 843.926718][ T5297] usb 3-1: device descriptor read/8, error -71 [ 844.875515][ T5297] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 845.316033][T12902] syz.1.2196: attempt to access beyond end of device [ 845.316033][T12902] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 845.331855][ T5297] usb 3-1: device descriptor read/8, error -71 [ 845.729195][ T5297] usb usb3-port1: unable to enumerate USB device [ 845.735885][ T5230] Bluetooth: hci5: command 0x0c1a tx timeout [ 845.735954][ T5230] Bluetooth: hci2: command 0x0c1a tx timeout [ 846.475252][T12907] coredump: 185(syz.3.2195): written to core: VMAs: 37, size 97550336; core: 71775386 bytes, pos 97558528 [ 846.650780][ T5230] Bluetooth: hci6: command 0x0c1a tx timeout [ 846.662910][ T5230] Bluetooth: hci1: command 0x0c1a tx timeout [ 847.710755][ T47] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 848.131660][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 848.296611][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 848.620606][ T47] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 848.693883][ T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 848.790868][ T47] usb 5-1: config 0 descriptor?? [ 848.872963][ T47] usb 5-1: can't set config #0, error -71 [ 848.889285][ T47] usb 5-1: USB disconnect, device number 18 [ 848.898513][T12938] syz.2.2208: attempt to access beyond end of device [ 848.898513][T12938] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 850.225571][T12940] coredump: 199(syz.3.2209): written to core: VMAs: 37, size 97550336; core: 71775386 bytes, pos 97558528 [ 850.844987][T12943] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2210'. [ 852.476511][T12983] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2225'. [ 852.628814][T12986] IPv6: Can't replace route, no match found [ 853.138596][T13004] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 853.300410][T13009] tipc: Enabling of bearer rejected, failed to enable media [ 853.545543][T13017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2237'. [ 853.558097][T13016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2238'. [ 855.104009][T13032] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2245'. [ 855.122274][T13034] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 855.652512][T13047] syz.3.2253: attempt to access beyond end of device [ 855.652512][T13047] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 856.013929][T13056] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2251'. [ 856.845492][T13063] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2257'. [ 857.039919][T13074] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 857.930707][ T47] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 858.102508][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 858.139117][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 858.373521][ T47] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 858.382973][ T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 858.400939][ T47] usb 3-1: config 0 descriptor?? [ 861.516331][T13129] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 861.914624][ T47] usbhid 3-1:0.0: can't add hid device: -71 [ 861.950839][ T47] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 861.981367][ T47] usb 3-1: USB disconnect, device number 23 [ 862.546782][T13149] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 862.550249][T13150] syz.3.2286: attempt to access beyond end of device [ 862.550249][T13150] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 863.660968][T13162] Bluetooth: MGMT ver 1.23 [ 864.199677][T13125] coredump: 162(syz.4.2276): interrupted: fatal signal pending [ 864.231966][T13125] coredump: 162(syz.4.2276): written to core: VMAs: 37, size 97550336; core: 10220698 bytes, pos 10797056 [ 867.370188][ T6634] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 869.588409][T13226] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2313'. [ 870.372624][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.379248][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.165043][ T5297] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 872.598415][ T5297] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 872.609466][ T5297] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 872.620291][ T5297] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 872.630581][ T5297] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 872.969059][ T5297] usb 4-1: config 0 descriptor?? [ 873.417390][T13237] coredump: 315(syz.0.2310): interrupted: fatal signal pending [ 873.447011][T13266] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2325'. [ 873.464209][T13237] coredump: 315(syz.0.2310): written to core: VMAs: 37, size 97550336; core: 6616218 bytes, pos 7192576 [ 874.112802][T13270] syz.4.2327 uses obsolete (PF_INET,SOCK_PACKET) [ 874.123971][T13270] @: renamed from bond0 (while UP) [ 875.879218][ T5297] usbhid 4-1:0.0: can't add hid device: -71 [ 875.926642][ T5297] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 875.978684][ T5297] usb 4-1: USB disconnect, device number 22 [ 876.357867][T13294] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2336'. [ 878.346251][T13214] coredump: 286(syz.2.2309): written to core: VMAs: 34, size 97419264; core: 60015558 bytes, pos 97427456 [ 880.802721][T13309] coredump: 275(syz.3.2341): written to core: VMAs: 37, size 97550336; core: 71775386 bytes, pos 97558528 [ 881.154173][T13354] tipc: Failed to obtain node identity [ 881.159733][T13354] tipc: Enabling of bearer rejected, failed to enable media [ 882.001038][T13360] coredump: 192(syz.4.2359): written to core: VMAs: 35, size 97419264; core: 71771178 bytes, pos 97427456 [ 883.019521][T13310] coredump: 181(syz.4.2338): written to core: VMAs: 36, size 97550336; core: 60027958 bytes, pos 97558528 [ 883.725166][T13264] coredump: 1115(syz.1.2324): written to core: VMAs: 34, size 97419264; core: 60019654 bytes, pos 97427456 [ 884.588240][T13357] coredump: 341(syz.0.2357): interrupted: fatal signal pending [ 884.596088][T13357] coredump: 341(syz.0.2357): written to core: VMAs: 34, size 97419264; core: 10048454 bytes, pos 10502144 [ 885.905629][ T29] audit: type=1326 audit(1727164388.870:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13394 comm="syz.0.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 885.959306][ T29] audit: type=1326 audit(1727164388.870:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13394 comm="syz.0.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 886.062230][ T29] audit: type=1326 audit(1727164388.870:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13394 comm="syz.0.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 886.086930][ T29] audit: type=1326 audit(1727164388.870:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13394 comm="syz.0.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 886.218013][ T29] audit: type=1326 audit(1727164388.870:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13394 comm="syz.0.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 886.350454][ T29] audit: type=1326 audit(1727164388.870:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13394 comm="syz.0.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 886.507850][T13416] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2376'. [ 886.530627][ T29] audit: type=1326 audit(1727164388.870:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13394 comm="syz.0.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 886.585404][ T29] audit: type=1326 audit(1727164388.870:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13394 comm="syz.0.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 886.647612][ T29] audit: type=1326 audit(1727164388.880:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13394 comm="syz.0.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 886.728030][ T29] audit: type=1326 audit(1727164388.880:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13394 comm="syz.0.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 890.489974][T13478] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2396'. [ 892.240155][T13491] batadv0: entered promiscuous mode [ 892.285934][T13491] batadv_slave_0: entered promiscuous mode [ 892.320753][T13491] batadv_slave_0: left promiscuous mode [ 892.392546][T13500] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in; [ 892.392546][T13500] program syz.0.2403 not setting count and/or reply_len properly [ 892.431071][T13491] batadv0: left promiscuous mode [ 893.217531][ T29] kauditd_printk_skb: 51 callbacks suppressed [ 893.217552][ T29] audit: type=1326 audit(1727164396.190:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13510 comm="syz.4.2407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 893.360956][ T29] audit: type=1326 audit(1727164396.190:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13510 comm="syz.4.2407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 893.436472][ T29] audit: type=1326 audit(1727164396.220:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13510 comm="syz.4.2407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 893.507111][ T29] audit: type=1326 audit(1727164396.220:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13510 comm="syz.4.2407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 893.580060][ T29] audit: type=1326 audit(1727164396.220:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13510 comm="syz.4.2407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 893.640574][ T29] audit: type=1326 audit(1727164396.220:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13510 comm="syz.4.2407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 893.715180][ T29] audit: type=1326 audit(1727164396.220:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13510 comm="syz.4.2407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 893.744468][T13527] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2412'. [ 893.800739][ T29] audit: type=1326 audit(1727164396.220:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13510 comm="syz.4.2407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 893.850696][ T29] audit: type=1326 audit(1727164396.230:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13510 comm="syz.4.2407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 893.910718][ T29] audit: type=1326 audit(1727164396.230:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13510 comm="syz.4.2407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4966f7def9 code=0x7ffc0000 [ 894.891308][T13556] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2425'. [ 896.398908][T13565] coredump: 359(syz.2.2424): written to core: VMAs: 34, size 97419264; core: 60015558 bytes, pos 97427456 [ 896.568260][T13424] coredump: 204(syz.4.2379): written to core: VMAs: 34, size 97419264; core: 60019654 bytes, pos 97427456 [ 897.936901][T13579] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2432'. [ 898.142965][T13583] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2431'. [ 899.501787][ T74] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 900.379734][T13601] coredump: 396(syz.0.2439): written to core: VMAs: 37, size 97550336; core: 71779482 bytes, pos 97558528 [ 900.658578][T13609] coredump: 369(syz.2.2441): written to core: VMAs: 34, size 97419264; core: 60015558 bytes, pos 97427456 [ 901.209545][T13623] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2448'. [ 901.398937][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 901.398957][ T29] audit: type=1326 audit(1727164404.370:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 901.460829][ T29] audit: type=1326 audit(1727164404.370:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 901.493406][ T29] audit: type=1326 audit(1727164404.370:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 901.535129][ T29] audit: type=1326 audit(1727164404.370:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 901.583633][ T29] audit: type=1326 audit(1727164404.370:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 901.630545][ T29] audit: type=1326 audit(1727164404.370:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 901.679689][ T29] audit: type=1326 audit(1727164404.370:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 901.734807][ T29] audit: type=1326 audit(1727164404.370:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 901.818229][ T29] audit: type=1326 audit(1727164404.370:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 901.878658][ T29] audit: type=1326 audit(1727164404.760:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 902.423777][T13495] coredump: 315(syz.3.2401): written to core: VMAs: 34, size 97419264; core: 60015558 bytes, pos 97427456 [ 902.510408][T13637] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 902.774446][T13638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2453'. [ 903.008854][T13638] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for erspan1 [ 903.159640][T13637] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 903.176341][T13662] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2462'. [ 903.188505][T13660] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2461'. [ 903.539976][T13637] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 903.975456][T13668] coredump: 247(syz.4.2463): written to core: VMAs: 34, size 97419264; core: 60019654 bytes, pos 97427456 [ 904.154832][T13673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2465'. [ 904.314296][T13637] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 904.449783][T13637] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 904.520704][T13637] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 904.575378][T13637] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 904.614253][T13637] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.318590][T13692] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2474'. [ 906.145932][T13699] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2476'. [ 906.467739][T13701] netlink: 'syz.0.2477': attribute type 2 has an invalid length. [ 906.526657][T13703] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 906.588290][T13701] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2477'. [ 907.113125][T13696] coredump: 379(syz.2.2475): written to core: VMAs: 37, size 97550336; core: 71775386 bytes, pos 97558528 [ 907.171540][T13722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2483'. [ 907.303621][T13725] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 907.334089][T13728] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2487'. [ 907.356473][T13729] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2485'. [ 907.431639][T13725] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 907.734554][T13725] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 909.084550][T13738] coredump: 390(syz.2.2488): written to core: VMAs: 37, size 97550336; core: 71775386 bytes, pos 97558528 [ 909.599112][T13725] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 909.946844][T13725] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 909.968694][T13725] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 910.008629][T13725] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 910.087013][T13725] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 910.322846][T13762] netlink: 'syz.2.2493': attribute type 2 has an invalid length. [ 910.330929][T13762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2493'. [ 910.342352][T13762] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 910.342862][T13763] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2499'. [ 910.638569][T13776] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2502'. [ 912.013225][T13786] random: crng reseeded on system resumption [ 912.017476][T13782] coredump: 448(syz.0.2503): written to core: VMAs: 37, size 97550336; core: 71779482 bytes, pos 97558528 [ 913.759358][T13810] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2516'. [ 913.873975][T13813] netlink: 'syz.1.2515': attribute type 2 has an invalid length. [ 913.965904][T13817] hub 9-0:1.0: USB hub found [ 913.980839][T13817] hub 9-0:1.0: 8 ports detected [ 914.313147][T13813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2515'. [ 914.696577][T13821] fuse: Bad value for 'fd' [ 915.101146][T13832] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2521'. [ 916.236416][T13837] coredump: 402(syz.2.2520): written to core: VMAs: 37, size 97550336; core: 71775386 bytes, pos 97558528 [ 916.697692][T13842] syz.0.2527[13842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 916.697817][T13842] syz.0.2527[13842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 916.740305][T13842] syz.0.2527[13842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 916.771634][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 916.771657][ T29] audit: type=1326 audit(1727164419.740:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13841 comm="syz.0.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 916.826792][ T29] audit: type=1326 audit(1727164419.740:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13841 comm="syz.0.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 916.849239][T13848] 9pnet_fd: Insufficient options for proto=fd [ 916.855610][ T29] audit: type=1326 audit(1727164419.740:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13841 comm="syz.0.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 916.881836][ T29] audit: type=1326 audit(1727164419.740:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13841 comm="syz.0.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 916.903596][ T29] audit: type=1326 audit(1727164419.740:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13841 comm="syz.0.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 916.926183][ T29] audit: type=1326 audit(1727164419.740:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13841 comm="syz.0.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 916.948650][ T29] audit: type=1326 audit(1727164419.740:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13841 comm="syz.0.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 916.970445][ T29] audit: type=1326 audit(1727164419.740:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13841 comm="syz.0.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 917.000585][ T29] audit: type=1326 audit(1727164419.740:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13841 comm="syz.0.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 917.023283][ T29] audit: type=1326 audit(1727164419.740:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13841 comm="syz.0.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0fb7def9 code=0x7ffc0000 [ 918.104779][T13865] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 919.539274][T13892] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 920.032931][T13904] netlink: 'syz.4.2547': attribute type 2 has an invalid length. [ 920.040984][T13904] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2547'. [ 920.072660][T13904] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 921.755580][T13929] team0: entered promiscuous mode [ 921.760840][T13929] team_slave_0: entered promiscuous mode [ 921.773690][T13929] team_slave_1: entered promiscuous mode [ 921.778330][T13937] netlink: 'syz.0.2558': attribute type 2 has an invalid length. [ 921.788778][T13929] team0: left promiscuous mode [ 921.790708][T13937] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2558'. [ 921.800146][T13929] team_slave_0: left promiscuous mode [ 921.809837][T13929] team_slave_1: left promiscuous mode [ 921.847535][T13939] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 923.272985][T13947] lo speed is unknown, defaulting to 1000 [ 923.279092][T13947] lo speed is unknown, defaulting to 1000 [ 923.313132][T13947] lo speed is unknown, defaulting to 1000 [ 923.584103][T13947] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 923.599422][T13947] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 923.632762][T13947] lo speed is unknown, defaulting to 1000 [ 923.661438][T13947] lo speed is unknown, defaulting to 1000 [ 923.669504][T13947] lo speed is unknown, defaulting to 1000 [ 923.710807][T13947] lo speed is unknown, defaulting to 1000 [ 923.731502][T13947] lo speed is unknown, defaulting to 1000 [ 923.749002][T13947] lo speed is unknown, defaulting to 1000 [ 924.092518][T13969] netlink: 'syz.4.2570': attribute type 2 has an invalid length. [ 924.194488][T13969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2570'. [ 924.253327][T13971] lo speed is unknown, defaulting to 1000 [ 924.274741][T13969] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 927.038272][T14012] netlink: 'syz.1.2583': attribute type 2 has an invalid length. [ 927.102961][T14012] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2583'. [ 927.131686][T14014] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 927.271537][T14018] lo speed is unknown, defaulting to 1000 [ 929.322964][T14035] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 930.114151][T14049] syz.2.2596: attempt to access beyond end of device [ 930.114151][T14049] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 930.120257][T14052] netlink: 'syz.4.2597': attribute type 2 has an invalid length. [ 930.153979][T14052] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2597'. [ 930.237471][T14052] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 931.971715][ T35] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 932.632171][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.638632][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.352901][T14099] netlink: 'syz.3.2609': attribute type 2 has an invalid length. [ 933.360992][T14099] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2609'. [ 933.373384][T14099] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 933.499400][T14096] lo speed is unknown, defaulting to 1000 [ 933.727985][T14108] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 937.200214][T14142] netlink: 'syz.0.2624': attribute type 2 has an invalid length. [ 937.220909][T14142] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2624'. [ 937.275960][T14142] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 939.588082][T14040] coredump: 1246(syz.1.2590): written to core: VMAs: 38, size 97681408; core: 60036262 bytes, pos 97689600 [ 940.210936][T14188] netlink: 'syz.3.2641': attribute type 2 has an invalid length. [ 940.345232][T14188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2641'. [ 940.494727][T14191] snd_dummy snd_dummy.0: control 0:1025:0:syz1:1 is already present [ 942.806607][ C0] BUG: unable to handle page fault for address: ffff8880603bc000 [ 942.814407][ C0] #PF: supervisor write access in kernel mode [ 942.820502][ C0] #PF: error_code(0x0002) - not-present page [ 942.826499][ C0] PGD 1a801067 P4D 1a801067 PUD 6c591063 PMD 30259063 PTE 800fffff9fc43060 [ 942.835143][ C0] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 942.841243][ C0] CPU: 0 UID: 0 PID: 14210 Comm: syz.2.2649 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 942.851670][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 942.861737][ C0] RIP: 0010:clear_page_erms+0xb/0x20 [ 942.867035][ C0] Code: 48 8d 7f 40 75 d9 90 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa b9 00 10 00 00 31 c0 aa c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 [ 942.886648][ C0] RSP: 0018:ffffc90000007310 EFLAGS: 00010246 [ 942.892745][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000001000 [ 942.900740][ C0] RDX: ffff8880603bc000 RSI: 0000000000000001 RDI: ffff8880603bc000 [ 942.908717][ C0] RBP: dffffc0000000000 R08: ffffea000180ef37 R09: 0000000000000000 [ 942.916695][ C0] R10: ffffed100c077800 R11: fffff94000301de7 R12: 0000000000000001 [ 942.924673][ C0] R13: 0000000000000001 R14: ffffea000180ef00 R15: 0000000000000000 [ 942.932647][ C0] FS: 00007fa3b27206c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 942.941578][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 942.948161][ C0] CR2: ffff8880603bc000 CR3: 000000003ec82000 CR4: 00000000003506f0 [ 942.956136][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 942.964110][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 942.972084][ C0] Call Trace: [ 942.975365][ C0] [ 942.978215][ C0] ? __die_body+0x5f/0xb0 [ 942.982560][ C0] ? page_fault_oops+0x8e4/0xcc0 [ 942.987504][ C0] ? mark_lock+0x9a/0x360 [ 942.991893][ C0] ? __lock_acquire+0x1384/0x2050 [ 942.996938][ C0] ? __pfx_page_fault_oops+0x10/0x10 [ 943.002404][ C0] ? is_prefetch+0x4ed/0x780 [ 943.007002][ C0] ? __pfx_is_prefetch+0x10/0x10 [ 943.011949][ C0] ? __bad_area_nosemaphore+0x118/0x770 [ 943.017513][ C0] ? __pfx___bad_area_nosemaphore+0x10/0x10 [ 943.023424][ C0] ? spurious_kernel_fault+0x119/0x5a0 [ 943.028906][ C0] ? exc_page_fault+0x5c8/0x8c0 [ 943.033784][ C0] ? asm_exc_page_fault+0x26/0x30 [ 943.038820][ C0] ? clear_page_erms+0xb/0x20 [ 943.043500][ C0] post_alloc_hook+0xf8/0x230 [ 943.048356][ C0] get_page_from_freelist+0x3039/0x3180 [ 943.053912][ C0] ? mark_lock+0x9a/0x360 [ 943.058241][ C0] ? __lock_acquire+0x1384/0x2050 [ 943.063283][ C0] __alloc_pages_noprof+0x256/0x6c0 [ 943.068491][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 943.074221][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 943.079424][ C0] ? sched_clock+0x4a/0x70 [ 943.083878][ C0] ? napi_alloc_skb+0x1bd/0xa00 [ 943.088732][ C0] napi_alloc_skb+0x641/0xa00 [ 943.093437][ C0] ? napi_alloc_skb+0x1bd/0xa00 [ 943.098294][ C0] page_to_skb+0x276/0x9b0 [ 943.102729][ C0] receive_buf+0x3bc/0x17b0 [ 943.107246][ C0] ? __pfx_lock_release+0x10/0x10 [ 943.112280][ C0] ? __pfx_receive_buf+0x10/0x10 [ 943.117223][ C0] ? virtqueue_get_buf_ctx+0x716/0xde0 [ 943.122700][ C0] virtnet_poll+0x26b2/0x3980 [ 943.127387][ C0] ? __pfx_validate_chain+0x10/0x10 [ 943.132594][ C0] ? validate_chain+0x11e/0x5920 [ 943.137544][ C0] ? __pfx_virtnet_poll+0x10/0x10 [ 943.142576][ C0] ? validate_chain+0x11e/0x5920 [ 943.147527][ C0] ? mark_lock+0x9a/0x360 [ 943.151860][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 943.157857][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 943.164217][ C0] __napi_poll+0xcb/0x490 [ 943.168647][ C0] net_rx_action+0x89b/0x1240 [ 943.173342][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 943.178590][ C0] ? sched_clock+0x4a/0x70 [ 943.183037][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 943.189477][ C0] handle_softirqs+0x2c5/0x980 [ 943.194283][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 943.199060][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 943.204359][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 943.209773][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 943.214457][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 943.219664][ C0] irq_exit_rcu+0x9/0x30 [ 943.223914][ C0] common_interrupt+0xb9/0xd0 [ 943.228600][ C0] [ 943.231537][ C0] [ 943.234469][ C0] asm_common_interrupt+0x26/0x40 [ 943.239517][ C0] RIP: 0010:finish_task_switch+0x1ea/0x870 [ 943.245329][ C0] Code: c9 50 e8 79 fa 0b 00 48 83 c4 08 4c 89 f7 e8 4d 39 00 00 e9 de 04 00 00 4c 89 f7 e8 e0 70 60 0a e8 db 58 38 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc [ 943.264956][ C0] RSP: 0018:ffffc9000caa7228 EFLAGS: 00000282 [ 943.271194][ C0] RAX: 0b99d481b6833300 RBX: ffff888050f50000 RCX: ffffffff817088da [ 943.279168][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0aca40 RDI: ffffffff8c601bc0 [ 943.287141][ C0] RBP: ffffc9000caa7270 R08: ffffffff9422a907 R09: 1ffffffff2845520 [ 943.295114][ C0] R10: dffffc0000000000 R11: fffffbfff2845521 R12: 1ffff110170c7f0c [ 943.303086][ C0] R13: dffffc0000000000 R14: ffff8880b863ea40 R15: ffff8880b863f860 [ 943.311067][ C0] ? mark_lock+0x9a/0x360 [ 943.315400][ C0] ? finish_task_switch+0x1e5/0x870 [ 943.320603][ C0] __schedule+0x184b/0x4ae0 [ 943.325116][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 943.331118][ C0] ? __pfx___schedule+0x10/0x10 [ 943.335984][ C0] ? preempt_schedule+0xe1/0xf0 [ 943.340858][ C0] preempt_schedule_common+0x84/0xd0 [ 943.346173][ C0] preempt_schedule+0xe1/0xf0 [ 943.350868][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 943.356387][ C0] preempt_schedule_thunk+0x1a/0x30 [ 943.361605][ C0] free_unref_page+0x6b5/0xf00 [ 943.366402][ C0] __folio_put+0x2c7/0x440 [ 943.370864][ C0] ? __pfx___folio_put+0x10/0x10 [ 943.375816][ C0] ? __pfx_filemap_add_folio+0x10/0x10 [ 943.381293][ C0] secretmem_fault+0x1f9/0x430 [ 943.386070][ C0] __do_fault+0x135/0x460 [ 943.390407][ C0] handle_pte_fault+0x1105/0x6800 [ 943.395490][ C0] ? mark_lock+0x9a/0x360 [ 943.399910][ C0] ? __pfx_handle_pte_fault+0x10/0x10 [ 943.405305][ C0] ? mt_find+0x2a9/0x920 [ 943.409570][ C0] ? __pfx_lock_release+0x10/0x10 [ 943.414618][ C0] handle_mm_fault+0x1053/0x1ad0 [ 943.419569][ C0] ? __pfx_handle_mm_fault+0x10/0x10 [ 943.424871][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 943.431217][ C0] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 943.436534][ C0] exc_page_fault+0x2b9/0x8c0 [ 943.441248][ C0] asm_exc_page_fault+0x26/0x30 [ 943.446119][ C0] RIP: 0010:rep_movs_alternative+0x33/0x70 [ 943.451944][ C0] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb [ 943.471581][ C0] RSP: 0018:ffffc9000caa7df0 EFLAGS: 00050246 [ 943.477658][ C0] RAX: 0000000600000005 RBX: 0000000020000088 RCX: 0000000000000008 [ 943.485629][ C0] RDX: 0000000000000000 RSI: ffffc9000caa7e80 RDI: 0000000020000080 [ 943.493622][ C0] RBP: ffffc9000caa7ef0 R08: ffffc9000caa7e87 R09: 1ffff92001954fd0 [ 943.501597][ C0] R10: dffffc0000000000 R11: fffff52001954fd1 R12: 0000000000000008 [ 943.509571][ C0] R13: ffffc9000caa7e80 R14: 0000000020000080 R15: ffffc9000caa7e80 [ 943.517554][ C0] _copy_to_user+0x86/0xb0 [ 943.521980][ C0] do_pipe2+0x109/0x310 [ 943.526244][ C0] ? __pfx_do_pipe2+0x10/0x10 [ 943.530976][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 943.537360][ C0] ? do_syscall_64+0x100/0x230 [ 943.542154][ C0] __x64_sys_pipe+0x3a/0x50 [ 943.546681][ C0] do_syscall_64+0xf3/0x230 [ 943.551194][ C0] ? clear_bhb_loop+0x35/0x90 [ 943.555890][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.561813][ C0] RIP: 0033:0x7fa3b197def9 [ 943.566290][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 943.585991][ C0] RSP: 002b:00007fa3b2720038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 943.594419][ C0] RAX: ffffffffffffffda RBX: 00007fa3b1b36058 RCX: 00007fa3b197def9 [ 943.602407][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 943.610397][ C0] RBP: 00007fa3b19f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 943.618386][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.626362][ C0] R13: 0000000000000000 R14: 00007fa3b1b36058 R15: 00007ffd07c8ed88 [ 943.634347][ C0] [ 943.637400][ C0] Modules linked in: [ 943.641311][ C0] CR2: ffff8880603bc000 [ 943.645473][ C0] ---[ end trace 0000000000000000 ]--- [ 943.650935][ C0] RIP: 0010:clear_page_erms+0xb/0x20 [ 943.656229][ C0] Code: 48 8d 7f 40 75 d9 90 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa b9 00 10 00 00 31 c0 aa c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 [ 943.675922][ C0] RSP: 0018:ffffc90000007310 EFLAGS: 00010246 [ 943.682000][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000001000 [ 943.689996][ C0] RDX: ffff8880603bc000 RSI: 0000000000000001 RDI: ffff8880603bc000 [ 943.697970][ C0] RBP: dffffc0000000000 R08: ffffea000180ef37 R09: 0000000000000000 [ 943.705966][ C0] R10: ffffed100c077800 R11: fffff94000301de7 R12: 0000000000000001 [ 943.713939][ C0] R13: 0000000000000001 R14: ffffea000180ef00 R15: 0000000000000000 [ 943.721910][ C0] FS: 00007fa3b27206c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 943.730842][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 943.737426][ C0] CR2: ffff8880603bc000 CR3: 000000003ec82000 CR4: 00000000003506f0 [ 943.745408][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 943.753381][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 943.761356][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 943.768952][ C0] Kernel Offset: disabled [ 943.773273][ C0] Rebooting in 86400 seconds..