last executing test programs: 20m24.90004672s ago: executing program 3 (id=771): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) sendmsg$inet(r1, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000018c0)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32, @ANYBLOB="ac141424ac141427000000001c000000000000000000000008000000", @ANYRES32, @ANYBLOB="ac14143dac1e01010000000044"], 0x88}, 0x4000805) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) connect$unix(r0, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) 20m24.661587353s ago: executing program 3 (id=775): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0xb00, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0xc26080b) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0xfce1) 20m24.352141561s ago: executing program 3 (id=776): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) ftruncate(r0, 0xc17a) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) clock_gettime(0x0, &(0x7f0000000180)) 20m24.296226302s ago: executing program 3 (id=777): connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10) openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socket$nl_audit(0x10, 0x3, 0x9) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000240)=0x39be, 0x0, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="eeeaffff616d250b50c83b2a6a3400", @ANYRES32=0x0], 0x50) syz_open_dev$vim2m(0x0, 0x0, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x10b121) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000280)=0x11) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000700)="1a589880094221163118c20ba67edecc8e404446a08a220bc228fdded14097f1bccd9ad61925bf16c950493dcbfa6ab0c9b15be904473944ae117dc771d96adb8d73784dfe7e94e74e3174a167769327c0d80ba8284629876a30092ed1a239694a89b84b0e057116bce4937d0f2b278462dba4d09bef9ee19a611b9da53fc371d514278562c24ebdcef54649", 0x8c}], 0x1) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x49be, &(0x7f0000000300)={0x0, 0x37ad, 0x7dc0071a664f01a8, 0xfffffffe, 0x122}, &(0x7f00000001c0), &(0x7f00000003c0)) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x24008041}, 0x0) r4 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {0xd, 0x3}, {0xc, 0xe}, {0x8, 0xa}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x210, 0x400000a, 0x1, 0x0, 0xb}}, {0x4}}, {{0x1c, 0x1, {0x1, 0x5, 0x1c, 0x3, 0x0, 0x9, 0xb}}, {0x4}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0xc0}, 0x0) sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0) connect$llc(r2, &(0x7f00000002c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @remote}, 0x10) sendmmsg(r2, &(0x7f0000001380), 0x3fffffffffffeed, 0xf000000) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x2a, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f00000001c0)) ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000040)=0xc) accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @empty}, &(0x7f0000000040)=0x10, 0x0) 20m22.96832585s ago: executing program 3 (id=781): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4104aec6, &(0x7f0000000380)={[{0x0, 0x6, 0x7, 0x9, 0x7, 0x8, 0x4, 0xfb, 0xf4, 0xff, 0x0, 0x36, 0xfffffffffffffffc}, {0x31, 0x4, 0x7, 0x9, 0x6, 0xb, 0x4, 0x6, 0x9, 0x4, 0xe3, 0x10, 0xfffffffffffffffa}, {0x1, 0x8, 0x5a, 0x0, 0x2, 0x3, 0xaf, 0x7, 0xff, 0x6, 0x2, 0x5, 0xe}], 0x3}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0x5, 0x9, 0x7f}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x0, 0x180, 0x4, 0x10, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x5, 0x0, 0xbdb], 0x1, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20m22.859859917s ago: executing program 3 (id=782): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000340), &(0x7f0000000380)=0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1f5d02, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {0xffff, 0xffff}, {0xfff0, 0xa}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048845}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@deltfilter={0x24, 0x2d, 0x5, 0x70bd2a, 0x25dfdbf9, {0x0, 0x0, 0x0, r2, {0xfff3, 0x9}, {0x2, 0xf}, {0x1, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x8000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x78, 0x30, 0x1, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x34, 0x2, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e22}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x910ec27568a00e35, 0x40000002, 0x0) r6 = socket(0x10, 0x80002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x40d, 0x70bd23, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x6}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg$alg(r6, &(0x7f00000000c0), 0x492492492492627, 0x0) 20m6.858965842s ago: executing program 32 (id=782): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000340), &(0x7f0000000380)=0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1f5d02, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {0xffff, 0xffff}, {0xfff0, 0xa}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048845}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@deltfilter={0x24, 0x2d, 0x5, 0x70bd2a, 0x25dfdbf9, {0x0, 0x0, 0x0, r2, {0xfff3, 0x9}, {0x2, 0xf}, {0x1, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x8000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x78, 0x30, 0x1, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x34, 0x2, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e22}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x910ec27568a00e35, 0x40000002, 0x0) r6 = socket(0x10, 0x80002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x40d, 0x70bd23, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x6}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg$alg(r6, &(0x7f00000000c0), 0x492492492492627, 0x0) 11m3.726708763s ago: executing program 0 (id=2700): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f00000003c0)=@buf) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'macvtap0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000010000305fcffff070000000000000000", @ANYRES32=0x0, @ANYBLOB="05030200157e0000140012800c0001006d61637674617000040002800800", @ANYRES32=r4, @ANYBLOB="080004004400"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x48094) 10m58.496075757s ago: executing program 0 (id=2720): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0xfffff000) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file4\x00', 0x1, 0x20) openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', &(0x7f00000000c0)={0x8a001, 0x0, 0x20}, 0x18) 10m56.432528555s ago: executing program 0 (id=2727): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$netlink(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002d0021"], 0x1c}], 0x1}, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 10m55.114792503s ago: executing program 0 (id=2730): r0 = gettid() timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000380)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x102) readv(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/56, 0x38}], 0x1) 10m54.923618615s ago: executing program 0 (id=2731): ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021e}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r2, 0x47fa, 0xfffffffe, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x22, 0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) 10m48.641515199s ago: executing program 0 (id=2751): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) poll(0x0, 0x0, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x20, 0x7ffc1ffb}]}) unshare(0x60000600) socket$netlink(0x10, 0x3, 0x0) 10m33.350732157s ago: executing program 33 (id=2751): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) poll(0x0, 0x0, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x20, 0x7ffc1ffb}]}) unshare(0x60000600) socket$netlink(0x10, 0x3, 0x0) 11.702066747s ago: executing program 4 (id=4386): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0xa4, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x7c, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "491bc0be1dc1f88092e741a88b64f6dd9218ad21b44b472e44f1d0807ee6675c"}]}, {0x4}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) 11.522129435s ago: executing program 4 (id=4390): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)=@delchain={0x174, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0xd}, {0x0, 0xfff3}, {0x0, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x8, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x130, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x8}, @TCA_BPF_ACT={0x11c, 0x1, [@m_connmark={0x7c, 0x15, 0x0, 0x0, {{0xd}, {0x4}, {0x49, 0x6, "4eebdf2408e8952792009f587075f394796b87f5e6c0508e4deec5a86d24a64dacafd73234200ce6fe5d4aea9687c8c641b998a1c77c0f725ce22b72f10b8a2d3a770951c3"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_tunnel_key={0x9c, 0x1d, 0x0, 0x0, {{0xf}, {0x4}, {0x69, 0x6, "309e7046678cfa85254c612d61e3d2c3e3b6590ca2f3e70c7fcdf5868b95845dfa60edad38b3b8c47659e35d235cfa416f9d81db4b5bb82e527e794cf9c32a539860aa592d929cecb48c76df399b49231fc0de0b4c4b5e510bd82e77a2a017326f355f49b6"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x174}, 0x1, 0x0, 0x0, 0x80}, 0x2000) r0 = socket(0x10, 0x803, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000711227000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) 11.248106931s ago: executing program 4 (id=4393): bpf$MAP_CREATE(0x0, 0x0, 0x48) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x3) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000009, 0x8012, r3, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r4, 0xc0384707, &(0x7f0000000040)={0x1, 0x2, 0x0, 0x800000, 0x4, "3eccd8f9d20000000000001000000200000500"}) 7.171419255s ago: executing program 4 (id=4402): syz_usb_connect(0x5, 0x3f, &(0x7f0000000680)=ANY=[@ANYBLOB="12010002f638d408f01002204ddc0102030109022d00010b06800809045f40030a00004009050d02000202040c09050808400001c60d09058213aa"], 0x0) 6.945497529s ago: executing program 2 (id=4404): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) read$FUSE(r1, &(0x7f0000000bc0)={0x2020}, 0x2020) 6.756895379s ago: executing program 1 (id=4406): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x6f, &(0x7f0000001c00)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x4d, 0x0, @wg=@data={0x4, 0x7407, 0xfffdfffffffffffd, "9c67524ed6ed152d4f775bbc411126513b67aa2818e6f3aeb55bee6ae1049f195705bc8bd9b1085cd41af77353267df8a1d4cecdb0"}}}}}}, 0x0) readv(r0, &(0x7f0000001780)=[{&(0x7f0000000380)=""/4090, 0xffa}], 0x1) 6.611947039s ago: executing program 1 (id=4407): syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000500)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) recvmsg$unix(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/18, 0x12}], 0x1}, 0x0) 5.764389983s ago: executing program 2 (id=4408): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000000c0)) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800"], 0x50) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000019c0)=ANY=[@ANYRES8=r0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x10, 0x1c, &(0x7f0000000580)=ANY=[@ANYBLOB="180800000000000000000000ffffff", @ANYRES32=r2, @ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b705006e190000000000000076000000bf9100000000000076080000010000008500000084000000b700000000000000950000000000000015e3da6a8684e7597ef464a098813fe73f358bb51b01bcd7c4ba8de8731aaeb65635982c0e09a64bf16b8c1af2fdb685332e82d93a8043a5f8354f2e45e10c8f2537985ce8ca0c48f6bd8b256cd640c951067056d1718a7b9b3c1717ee6a3aa72df5bb05a7b351846599b029fb580796d3ab5811e4f8f3323090516be102f4725d2c06997f9842cde53bac32d5842056f103ea54a6ccb8a6f0cd2c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002"], 0x44}}, 0x0) socket(0x10, 0x3, 0x0) unshare(0x2c060000) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000180)={0xfffffffd, {{0x2, 0x4e24, @multicast1}}, {{0x2, 0x4e20, @remote}}}, 0x108) unshare(0x24020400) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup.cpu/syz1\x00', 0x1ff) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r7 = socket$netlink(0x10, 0x3, 0xc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000010000000000000000"], 0x3}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)=ANY=[], 0x7c}}, 0x20000050) splice(r5, 0x0, r7, 0x0, 0x10d00, 0xf) 5.743770644s ago: executing program 6 (id=4410): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x10, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r1, 0x107, 0x7, 0x0, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000000)={'ip6_vti0\x00', 0x0}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000080)=0x6) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) unshare(0x4000280) landlock_create_ruleset(&(0x7f0000000180)={0x100, 0x0, 0x80ffff}, 0x18, 0x0) r6 = socket$kcm(0x10, 0x5, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r7, 0x6, 0x3, &(0x7f0000000040)=0x24, 0x4) setsockopt$inet_int(r7, 0x0, 0xf, &(0x7f0000000000)=0x1001, 0x4) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x8}}) sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 5.43200767s ago: executing program 5 (id=4411): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @loopback}, 0x2, 0x4}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r2, 0x8004745a, &(0x7f0000005280)) 4.602265591s ago: executing program 2 (id=4412): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x3) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000009, 0x8012, r3, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r4, 0xc0384707, &(0x7f0000000040)={0x1, 0x2, 0x0, 0x800000, 0x4, "3eccd8f9d20000000000001000000200000500"}) 4.478061741s ago: executing program 5 (id=4413): sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, 0x0}, 0xc881) r0 = socket$netlink(0x10, 0x3, 0x4) syz_genetlink_get_family_id$nl80211(0x0, r0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x418040, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'axA\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x10c) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) connect$rose(r3, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) 4.468138575s ago: executing program 6 (id=4414): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r2, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[], 0x2c}}, 0x0) 4.261793053s ago: executing program 1 (id=4415): socketpair$unix(0x1, 0x3, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) r3 = socket$inet(0xa, 0x801, 0x84) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r3, 0x8) r4 = accept4(r3, 0x0, 0x0, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x4000050, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x4}, 0x8) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsmount(r2, 0x0, 0xf) fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f00000004c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r5, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f0000000440)={'syztnl2\x00', &(0x7f0000000600)={'tunl0\x00', 0x0, 0x10, 0x20, 0xc90, 0x81, {{0x5, 0x4, 0x3, 0x21, 0x14, 0x64, 0x0, 0x45, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback}}}}) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40060}, 0x400c044) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) cachestat(r5, &(0x7f0000000040), 0x0, 0x0) 4.131907276s ago: executing program 6 (id=4416): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000900)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@remote, 0x4e22, 0x0, 0x4e22, 0xfff, 0xa, 0x0, 0x0, 0x3a}, {0x3, 0xd4, 0x6, 0x8, 0x3, 0x3, 0x5, 0x8001}, {0x7f, 0x10000, 0x8000000000000000}, 0xc, 0x6e6bc0, 0x0, 0x0, 0x2, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x19}, 0x4d2, 0x3c}, 0x2, @in6=@mcast1, 0x34ff, 0x3, 0x3, 0x1, 0xa9, 0x8001, 0x1}}, 0xe8) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x8, 0x8, 0x8}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000090}, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@ipv4_newrule={0x2c, 0x20, 0x301, 0x0, 0x25dfdbfb, {0x2, 0x20}, [@FRA_DST={0x8, 0x1, @empty}, @FRA_FLOW={0x8}]}, 0x2c}}, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x18, 0x1404, 0x1, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x8044) 3.512585593s ago: executing program 2 (id=4417): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x101, {}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x0, "186856f3"}}) 3.449952504s ago: executing program 4 (id=4418): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x200000000000000) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) 3.196497961s ago: executing program 5 (id=4419): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0, 0x0, 0x4}, 0x18) unshare(0x2a020400) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x4000054) 3.195387704s ago: executing program 6 (id=4420): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60880, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 3.100578983s ago: executing program 4 (id=4421): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x1000000008c}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) setns(0xffffffffffffffff, 0x66020000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x9, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff62ffb702000008000000b70300000000000085000000c800000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) umount2(0x0, 0x2) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) 3.052840384s ago: executing program 5 (id=4422): ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 2.952267074s ago: executing program 2 (id=4423): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) r1 = dup(r0) write$FUSE_BMAP(r1, 0x0, 0x0) 2.695454796s ago: executing program 6 (id=4424): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x10, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r1, 0x107, 0x7, 0x0, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000000)={'ip6_vti0\x00', 0x0}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000080)=0x6) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) unshare(0x4000280) landlock_create_ruleset(&(0x7f0000000180)={0x100, 0x0, 0x80ffff}, 0x18, 0x0) r6 = socket$kcm(0x10, 0x5, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r7, 0x6, 0x3, &(0x7f0000000040)=0x24, 0x4) r8 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r8, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x8}}) sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 1.615949771s ago: executing program 2 (id=4425): syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000500)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) recvmsg$unix(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/18, 0x12}], 0x1}, 0x0) 1.535459703s ago: executing program 6 (id=4426): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$inet(0xa, 0x1, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x58}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x94) ioctl$VIDIOC_REQBUFS(r2, 0xc0585609, &(0x7f0000000040)={0x0, 0xa, 0x4, 0x0, 0x24}) 1.481802992s ago: executing program 1 (id=4427): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x3) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000009, 0x8012, r3, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r4, 0xc0384707, &(0x7f0000000040)={0x1, 0x2, 0x0, 0x800000, 0x4, "3eccd8f9d20000000000001000000200000500"}) 1.331841759s ago: executing program 5 (id=4428): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000050) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) r3 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_DELDEST(r2, 0x0, 0x488, &(0x7f0000000280)={{0x84, @remote, 0x4e20, 0x3, 'rr\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44) 305.141464ms ago: executing program 1 (id=4429): r0 = socket$pppoe(0x18, 0x1, 0x0) sendmmsg(r0, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000500)="ab", 0x5ea}], 0x1}}], 0x484, 0x24048084) 206.796624ms ago: executing program 5 (id=4430): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r1, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 0s ago: executing program 1 (id=4431): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) setsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000300)=0x1, 0x4) bind$can_j1939(r1, &(0x7f0000000380)={0x1d, r2, 0x0, {0x2, 0xf0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048001) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000580)=0x3eba, 0x4) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) listen(0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) close_range(r3, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): cuous mode [ 636.973206][T12996] 8021q: adding VLAN 0 to HW filter on device bond1 [ 640.348736][T13047] tipc: Resetting bearer [ 640.437965][T13056] xt_hashlimit: max too large, truncated to 1048576 [ 643.179808][T13088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2013'. [ 643.266112][T13088] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2013'. [ 643.384536][T13088] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2013'. [ 643.506007][T13092] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2013'. [ 643.594469][T13092] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2013'. [ 644.385708][T13100] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2015'. [ 644.634613][T13107] netlink: 'syz.1.2017': attribute type 72 has an invalid length. [ 646.137374][T13125] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2023'. [ 646.513677][T13133] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2026'. [ 646.996331][T13125] hsr_slave_1 (unregistering): left promiscuous mode [ 647.735559][T13143] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2029'. [ 648.870907][T13157] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2034'. [ 651.171830][T13178] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2041'. [ 651.452995][T13182] rdma_rxe: rxe_newlink: failed to add lo [ 654.909339][T13226] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2057'. [ 655.017448][T13233] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2057'. [ 655.027171][T13231] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 0, id = 0 [ 655.740783][T13244] tipc: Started in network mode [ 655.752659][T13244] tipc: Node identity aaaaaaaaaa41, cluster identity 4711 [ 655.796278][T13244] tipc: Enabled bearer , priority 10 [ 656.952339][ T5843] tipc: Node number set to 15444650 [ 657.018292][T13265] netlink: zone id is out of range [ 657.105438][T13265] netlink: zone id is out of range [ 657.110633][T13265] netlink: zone id is out of range [ 657.153273][T13265] netlink: zone id is out of range [ 657.159750][T13265] netlink: zone id is out of range [ 657.165027][T13265] netlink: zone id is out of range [ 657.174716][T13265] netlink: zone id is out of range [ 657.182449][T13265] netlink: zone id is out of range [ 657.222483][T13265] netlink: zone id is out of range [ 657.239835][T13265] netlink: zone id is out of range [ 657.596114][T13259] sz1: rxe_newlink: already configured on lo [ 660.122655][T13313] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2076'. [ 664.206276][T13358] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2093'. [ 664.247352][T13354] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2092'. [ 664.266995][T13354] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2092'. [ 664.287498][T13358] lo speed is unknown, defaulting to 1000 [ 664.333201][T13354] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 668.538718][T13406] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2110'. [ 668.602303][T13402] lo speed is unknown, defaulting to 1000 [ 670.210189][T13428] fuse: Bad value for 'fd' [ 670.851854][T13442] netlink: 'syz.1.2122': attribute type 10 has an invalid length. [ 674.013530][T13488] tipc: Enabling of bearer rejected, failed to enable media [ 674.252162][T13496] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2142'. [ 679.166556][ T1088] af_packet: tpacket_rcv: packet too big, clamped from 52 to 4294967272. macoff=96 [ 680.905837][T13582] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2170'. [ 681.528618][ T30] audit: type=1326 audit(1755751995.769:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.0.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9718ebe9 code=0x7ffc0000 [ 681.590768][ T30] audit: type=1326 audit(1755751995.769:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.0.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9718ebe9 code=0x7ffc0000 [ 681.619503][ T30] audit: type=1326 audit(1755751995.769:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.0.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f0d9718ebe9 code=0x7ffc0000 [ 681.860599][T13588] lo speed is unknown, defaulting to 1000 [ 683.167754][T13607] sctp: [Deprecated]: syz.5.2176 (pid 13607) Use of struct sctp_assoc_value in delayed_ack socket option. [ 683.167754][T13607] Use struct sctp_sack_info instead [ 683.445992][T13614] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2178'. [ 689.397714][T13669] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2194'. [ 691.055887][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.988179][T13688] overlayfs: failed to clone upperpath [ 692.098512][T13689] lo speed is unknown, defaulting to 1000 [ 694.598356][T13710] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2209'. [ 702.316224][T13775] net_ratelimit: 294 callbacks suppressed [ 702.316246][T13775] netlink: zone id is out of range [ 702.367484][T13775] netlink: zone id is out of range [ 702.473080][T13778] netlink: del zone limit has 4 unknown bytes [ 702.501968][T13777] overlayfs: failed to clone upperpath [ 702.507891][T13775] netlink: zone id is out of range [ 702.513102][T13775] netlink: zone id is out of range [ 702.518525][T13775] netlink: zone id is out of range [ 702.523750][T13775] netlink: zone id is out of range [ 702.529024][T13775] netlink: zone id is out of range [ 702.632300][T13775] netlink: set zone limit has 4 unknown bytes [ 703.481974][T13790] lo speed is unknown, defaulting to 1000 [ 706.713636][T13815] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2241'. [ 709.704579][T13849] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2251'. [ 709.738120][T13849] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2251'. [ 710.062252][T13855] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2253'. [ 710.317049][T13863] netlink: 'syz.5.2256': attribute type 1 has an invalid length. [ 711.116000][T13866] netlink: 3 bytes leftover after parsing attributes in process `syz.5.2256'. [ 711.272317][T13863] bond1: entered promiscuous mode [ 711.282732][T13873] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2256'. [ 711.340129][T13863] 8021q: adding VLAN 0 to HW filter on device bond1 [ 711.480134][T13866] batadv1: entered promiscuous mode [ 711.514460][T13866] batadv1: entered allmulticast mode [ 711.524858][T13866] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 711.561653][T13866] bond1: (slave batadv1): making interface the new active one [ 711.581909][T13866] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 712.722714][T13898] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2266'. [ 712.933342][T13902] lo speed is unknown, defaulting to 1000 [ 713.877366][T13907] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2268'. [ 714.479609][T13906] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2267'. [ 716.357925][T13933] lo speed is unknown, defaulting to 1000 [ 717.707460][T13953] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2285'. [ 717.903855][T13960] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2287'. [ 718.014447][T13962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2288'. [ 718.055240][T13962] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2288'. [ 721.134918][T14004] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2301'. [ 721.144259][T14004] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2301'. [ 721.212336][T13998] lo speed is unknown, defaulting to 1000 [ 724.302926][T14022] lo speed is unknown, defaulting to 1000 [ 724.310026][T14022] lo speed is unknown, defaulting to 1000 [ 724.316869][T14022] lo speed is unknown, defaulting to 1000 [ 724.466805][T14022] infiniband sz1: set down [ 724.471353][T14022] infiniband sz1: added lo [ 724.528440][T14022] RDS/IB: sz1: added [ 724.532559][T14022] smc: adding ib device sz1 with port count 1 [ 724.538968][T14022] smc: ib device sz1 port 1 has pnetid [ 724.612496][ T5843] lo speed is unknown, defaulting to 1000 [ 724.638128][T14022] lo speed is unknown, defaulting to 1000 [ 724.798487][T14022] lo speed is unknown, defaulting to 1000 [ 724.953726][T14022] lo speed is unknown, defaulting to 1000 [ 725.106883][T14022] lo speed is unknown, defaulting to 1000 [ 725.260975][T14022] lo speed is unknown, defaulting to 1000 [ 725.422588][T14022] lo speed is unknown, defaulting to 1000 [ 725.576318][ T44] lo speed is unknown, defaulting to 1000 [ 727.370856][T14057] lo speed is unknown, defaulting to 1000 [ 727.644688][T14063] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2318'. [ 728.190357][T14067] netlink: 'syz.1.2320': attribute type 10 has an invalid length. [ 728.822031][T14057] lo speed is unknown, defaulting to 1000 [ 735.552206][T14129] bridge_slave_0: left allmulticast mode [ 735.645762][T14129] bridge_slave_0: left promiscuous mode [ 735.651726][T14129] bridge0: port 1(bridge_slave_0) entered disabled state [ 735.870516][T14129] bridge_slave_1: left allmulticast mode [ 735.885912][T14129] bridge_slave_1: left promiscuous mode [ 735.903522][T14129] bridge0: port 2(bridge_slave_1) entered disabled state [ 735.933211][T14129] bond0: (slave bond_slave_0): Releasing backup interface [ 735.952252][T14129] bond0: (slave bond_slave_1): Releasing backup interface [ 736.206377][T14129] team0: Failed to send options change via netlink (err -105) [ 736.218938][T14129] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 736.234464][T14129] team0: Port device team_slave_0 removed [ 736.244678][ T30] audit: type=1326 audit(1755752050.649:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14138 comm="syz.4.2345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96d18ebe9 code=0x7ffc0000 [ 736.277895][T14129] team0: Failed to send options change via netlink (err -105) [ 736.290525][T14129] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 736.309554][ T30] audit: type=1326 audit(1755752050.649:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14138 comm="syz.4.2345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96d18ebe9 code=0x7ffc0000 [ 736.332543][T14129] team0: Port device team_slave_1 removed [ 736.346693][T14129] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 736.362458][ T30] audit: type=1326 audit(1755752050.649:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14138 comm="syz.4.2345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7ff96d18ebe9 code=0x7ffc0000 [ 736.543920][T14129] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 736.571110][T14129] bond1: (slave batadv1): Releasing active interface [ 736.617296][T14142] lo speed is unknown, defaulting to 1000 [ 737.041391][T14142] lo speed is unknown, defaulting to 1000 [ 737.959286][T14154] lo speed is unknown, defaulting to 1000 [ 738.710604][T14165] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2353'. [ 739.863677][T14175] lo speed is unknown, defaulting to 1000 [ 741.046254][T14154] lo speed is unknown, defaulting to 1000 [ 742.490728][T14209] netlink: 'syz.2.2370': attribute type 10 has an invalid length. [ 742.535472][ T4743] bond0: (slave syz_tun): interface is now down [ 742.541933][T14209] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 742.577519][ T12] bond0: (slave syz_tun): interface is now down [ 742.595567][ T12] bond0: now running without any active interface! [ 742.667773][T14175] lo speed is unknown, defaulting to 1000 [ 744.098075][T14230] overlayfs: failed to clone upperpath [ 748.640546][T14278] sz1: rxe_newlink: already configured on lo [ 752.422079][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 753.794813][T14326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2406'. [ 756.473345][T14348] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2415'. [ 758.762370][ T5827] IPVS: starting estimator thread 0... [ 759.020274][T14375] IPVS: using max 37 ests per chain, 88800 per kthread [ 759.090234][T14379] netlink: 340 bytes leftover after parsing attributes in process `syz.5.2423'. [ 759.100226][T14379] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2423'. [ 760.141108][T14385] sctp: [Deprecated]: syz.2.2426 (pid 14385) Use of struct sctp_assoc_value in delayed_ack socket option. [ 760.141108][T14385] Use struct sctp_sack_info instead [ 761.892186][T14410] netlink: 'syz.4.2436': attribute type 10 has an invalid length. [ 761.904916][T14410] team0: left allmulticast mode [ 761.913564][T14410] team_slave_0: left allmulticast mode [ 761.919662][T14410] team_slave_1: left allmulticast mode [ 761.926015][T14410] team0: left promiscuous mode [ 761.930914][T14410] team_slave_0: left promiscuous mode [ 761.948273][T14410] team_slave_1: left promiscuous mode [ 761.954381][T14410] bridge0: port 3(team0) entered disabled state [ 761.991385][T14410] 8021q: adding VLAN 0 to HW filter on device team0 [ 762.001588][T14410] bond0: (slave team0): Enslaving as an active interface with a down link [ 763.412583][T14429] team_slave_0: entered promiscuous mode [ 763.418406][T14429] team_slave_1: entered promiscuous mode [ 763.530722][T14429] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 763.566386][T14429] team0: Device macvtap2 is already an upper device of the team interface [ 763.707624][T14435] overlayfs: missing 'lowerdir' [ 763.845993][T14429] team_slave_0: left promiscuous mode [ 763.851804][T14429] team_slave_1: left promiscuous mode [ 768.523391][T14480] team_slave_0: entered promiscuous mode [ 768.530461][T14480] team_slave_1: entered promiscuous mode [ 768.606367][T14480] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 768.638167][T14485] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2464'. [ 768.653733][T14480] team0: Device macvtap1 is already an upper device of the team interface [ 770.896029][T14480] team_slave_0: left promiscuous mode [ 770.901762][T14480] team_slave_1: left promiscuous mode [ 772.413528][T14525] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2473'. [ 776.437065][T14567] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2484'. [ 782.443437][T14617] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2498'. [ 787.461718][T14687] overlayfs: missing 'lowerdir' [ 789.252856][T14712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2528'. [ 795.107711][T14768] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 795.115003][T14768] IPv6: NLM_F_CREATE should be set when creating new route [ 795.122354][T14768] IPv6: NLM_F_CREATE should be set when creating new route [ 795.129599][T14768] IPv6: NLM_F_CREATE should be set when creating new route [ 796.426908][T14781] lo speed is unknown, defaulting to 1000 [ 796.813319][T14781] lo speed is unknown, defaulting to 1000 [ 797.002680][ T30] audit: type=1326 audit(1755752110.819:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14779 comm="syz.0.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9718ebe9 code=0x7ffc0000 [ 797.085231][ T30] audit: type=1326 audit(1755752110.819:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14779 comm="syz.0.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9718ebe9 code=0x7ffc0000 [ 797.110251][ T30] audit: type=1326 audit(1755752110.819:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14779 comm="syz.0.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f0d9718ebe9 code=0x7ffc0000 [ 797.132218][ T30] audit: type=1326 audit(1755752111.439:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14779 comm="syz.0.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9718ebe9 code=0x7ffc0000 [ 797.154348][ T30] audit: type=1326 audit(1755752111.439:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14779 comm="syz.0.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9718ebe9 code=0x7ffc0000 [ 800.348728][T14820] syz1: rxe_newlink: already configured on lo [ 800.506727][T14821] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 800.575352][T14821] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 800.811582][T14831] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2570'. [ 800.861280][T14831] smc: removing ib device syz! [ 806.919779][T14871] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2582'. [ 809.845934][T14900] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2593'. [ 810.060979][T14904] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 810.686522][T14913] syz_tun: left promiscuous mode [ 811.297961][T14913] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 811.420578][ T44] lo speed is unknown, defaulting to 1000 [ 811.426504][ T44] sz1: Port: 1 Link ACTIVE [ 811.431211][ T5917] lo speed is unknown, defaulting to 1000 [ 811.708892][T14920] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2600'. [ 811.852468][T14921] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2594'. [ 813.881085][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 815.756448][T14976] rdma_rxe: rxe_newlink: failed to add lo [ 816.923090][T14983] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2615'. [ 817.077544][T14985] overlayfs: missing 'lowerdir' [ 817.256451][T14990] team_slave_0: entered promiscuous mode [ 817.262201][T14990] team_slave_1: entered promiscuous mode [ 817.270200][T14990] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 817.277725][T14990] team0: Device macvtap2 is already an upper device of the team interface [ 817.287973][T14990] team_slave_0: left promiscuous mode [ 817.293418][T14990] team_slave_1: left promiscuous mode [ 818.110892][T15000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2626'. [ 818.364634][T15006] netlink: 'syz.2.2629': attribute type 10 has an invalid length. [ 818.386946][T15006] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2629'. [ 818.423036][T15006] geneve0: entered promiscuous mode [ 818.428995][T15006] geneve0: entered allmulticast mode [ 818.804095][T15006] team0: Port device geneve0 added [ 821.318482][T15054] rdma_rxe: rxe_newlink: failed to add lo [ 821.893146][T15064] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2647'. [ 823.783632][T15089] 9pnet_virtio: no channels available for device syz [ 825.551521][ T5917] libceph: connect (1)[c::]:6789 error -101 [ 825.652621][ T5917] libceph: mon0 (1)[c::]:6789 connect error [ 825.710771][T15092] ceph: No mds server is up or the cluster is laggy [ 828.422156][T15121] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2667'. [ 828.593962][T15124] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2668'. [ 829.404668][T15132] tipc: Enabling of bearer rejected, failed to enable media [ 831.765674][T15156] overlayfs: failed to resolve './bus': -2 [ 832.827414][T15174] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2680'. [ 832.838375][T15174] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2680'. [ 837.380929][T15215] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2696'. [ 837.503981][T15219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2695'. [ 837.513024][T15219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2695'. [ 837.522091][T15219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2695'. [ 837.534321][T15219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2695'. [ 837.543429][T15219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2695'. [ 839.981807][T15241] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2703'. [ 840.000761][T15241] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2703'. [ 840.163848][T15245] bond0: (slave syz_tun): Releasing backup interface [ 840.350402][T15245] bond0: (slave bond_slave_0): Releasing backup interface [ 840.484157][T15245] bond0: (slave bond_slave_1): Releasing backup interface [ 840.590415][T15255] overlayfs: failed to clone lowerpath [ 841.114376][T15245] team0: Port device team_slave_0 removed [ 841.253020][T15245] team0: Port device team_slave_1 removed [ 841.277686][T15245] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 841.307940][T15245] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 841.406534][T15260] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2700'. [ 842.953205][T15269] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2712'. [ 843.604897][T15281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2715'. [ 845.706957][T15302] netlink: 'syz.5.2722': attribute type 4 has an invalid length. [ 846.426159][T15302] netlink: 'syz.5.2722': attribute type 4 has an invalid length. [ 846.465437][T14939] lo speed is unknown, defaulting to 1000 [ 846.580181][T14939] syz1: Port: 1 Link ACTIVE [ 846.596028][ T5827] lo speed is unknown, defaulting to 1000 [ 847.112839][T15316] netlink: 'syz.0.2727': attribute type 10 has an invalid length. [ 847.125576][T15316] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2727'. [ 847.296229][T15320] syz.4.2726: attempt to access beyond end of device [ 847.296229][T15320] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 847.309951][T15320] EXT4-fs (nbd4): unable to read superblock [ 847.947363][T15316] team0: Port device geneve0 added [ 848.297172][T15330] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2729'. [ 851.045235][T15361] fuse: Bad value for 'fd' [ 852.235328][T15370] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2740'. [ 855.304689][T15400] lo speed is unknown, defaulting to 1000 [ 855.458003][T15400] lo speed is unknown, defaulting to 1000 [ 856.224813][ T30] audit: type=1326 audit(1755752170.629:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15396 comm="syz.0.2751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9718ebe9 code=0x7ffc0000 [ 856.422558][ T30] audit: type=1326 audit(1755752170.829:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15396 comm="syz.0.2751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f0d9718ebe9 code=0x7ffc0000 [ 856.518080][T15414] vlan0: entered promiscuous mode [ 857.271259][T15412] lo speed is unknown, defaulting to 1000 [ 857.306571][T15417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2753'. [ 858.534857][T15428] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2757'. [ 862.665449][T15412] lo speed is unknown, defaulting to 1000 [ 862.756789][T15471] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2764'. [ 863.428291][T15484] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2769'. [ 867.746019][T15025] bond0: (slave syz_tun): Releasing backup interface [ 868.159127][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 868.173848][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 868.182123][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 868.192642][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 868.200656][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 868.293623][ T6368] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.516177][T15529] lo speed is unknown, defaulting to 1000 [ 868.530085][ T6368] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.669751][ T6368] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.898296][ T6368] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.135703][T15541] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2779'. [ 870.055639][T15553] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2781'. [ 870.361858][ T5844] Bluetooth: hci0: command tx timeout [ 871.102661][T15529] lo speed is unknown, defaulting to 1000 [ 872.743518][ T5844] Bluetooth: hci0: command tx timeout [ 873.069713][ T5155] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 873.080462][ T5155] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 873.088990][ T5155] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 873.099405][ T5155] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 873.107856][ T5155] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 873.389471][ T6368] geneve0 (unregistering): left allmulticast mode [ 873.413193][ T6368] team0: Port device geneve0 removed [ 873.669840][ T6368] bond0 (unregistering): left promiscuous mode [ 873.682843][ T6368] bond0 (unregistering): Released all slaves [ 873.795282][ T6368] bond1 (unregistering): Released all slaves [ 873.809423][T15572] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 873.909521][T12199] bond0: (slave syz_tun): Releasing backup interface [ 874.561584][T15595] syz_tun: left promiscuous mode [ 874.582550][T15595] macsec0: left promiscuous mode [ 874.589009][T15595] mac80211_hwsim hwsim11 syzkaller0: left promiscuous mode [ 874.660309][T15590] lo speed is unknown, defaulting to 1000 [ 874.674199][T15599] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2791'. [ 874.899038][ T5155] Bluetooth: hci0: command tx timeout [ 875.179562][ T5155] Bluetooth: hci1: command tx timeout [ 875.376595][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.901335][T15529] chnl_net:caif_netlink_parms(): no params data found [ 875.999533][ T6368] tipc: Left network mode [ 876.106520][ T6368] IPVS: stopping master sync thread 10395 ... [ 876.145014][ T6368] IPVS: stopping backup sync thread 12746 ... [ 876.450832][T15590] lo speed is unknown, defaulting to 1000 [ 876.480616][T15632] netlink: 416 bytes leftover after parsing attributes in process `syz.4.2797'. [ 876.753128][T15529] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.775320][T15529] bridge0: port 1(bridge_slave_0) entered disabled state [ 876.930410][T15529] bridge_slave_0: entered allmulticast mode [ 876.939321][T15529] bridge_slave_0: entered promiscuous mode [ 876.975397][ T5155] Bluetooth: hci0: command tx timeout [ 877.660563][ T5155] Bluetooth: hci1: command tx timeout [ 877.696500][T15529] bridge0: port 2(bridge_slave_1) entered blocking state [ 877.733411][T15529] bridge0: port 2(bridge_slave_1) entered disabled state [ 877.746537][T15529] bridge_slave_1: entered allmulticast mode [ 877.763224][T15529] bridge_slave_1: entered promiscuous mode [ 878.870538][T15529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 879.071475][T15529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 879.549840][T15677] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2810'. [ 879.612171][T15529] team0: Port device team_slave_0 added [ 879.673118][T15529] team0: Port device team_slave_1 added [ 879.695624][ T5155] Bluetooth: hci1: command tx timeout [ 879.950290][ T6368] batadv0: left promiscuous mode [ 880.055295][ T6368] hsr_slave_0: left promiscuous mode [ 880.072078][ T6368] hsr_slave_1: left promiscuous mode [ 880.212313][T15692] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2812'. [ 881.233436][ T6368] team0: left allmulticast mode [ 881.245372][ T6368] team0: left promiscuous mode [ 881.255370][ T6368] veth1_macvtap: left promiscuous mode [ 881.261003][ T6368] veth0_macvtap: left promiscuous mode [ 881.273325][ T6368] veth1_vlan: left promiscuous mode [ 881.573482][ T6368] veth0_vlan: left promiscuous mode [ 881.778708][ T5155] Bluetooth: hci1: command tx timeout [ 882.804057][T15743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2817'. [ 883.111006][T15529] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 883.120654][T15529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 883.147501][T15529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 883.466204][T15529] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 883.493381][T15529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 883.575237][T15529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 885.114837][T15529] hsr_slave_0: entered promiscuous mode [ 885.152242][T15529] hsr_slave_1: entered promiscuous mode [ 885.284878][T15779] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2822'. [ 885.297396][T15779] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2822'. [ 885.361216][T15590] chnl_net:caif_netlink_parms(): no params data found [ 885.923189][ T6368] IPVS: stop unused estimator thread 0... [ 886.622291][T15590] bridge0: port 1(bridge_slave_0) entered blocking state [ 886.652151][T15590] bridge0: port 1(bridge_slave_0) entered disabled state [ 886.680839][T15590] bridge_slave_0: entered allmulticast mode [ 886.708880][T15590] bridge_slave_0: entered promiscuous mode [ 886.924876][T15590] bridge0: port 2(bridge_slave_1) entered blocking state [ 886.938772][T15590] bridge0: port 2(bridge_slave_1) entered disabled state [ 886.959534][T15590] bridge_slave_1: entered allmulticast mode [ 886.980458][T15590] bridge_slave_1: entered promiscuous mode [ 887.029272][ T6368] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 887.278574][T15590] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 887.319885][ T6368] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 887.503996][ T30] audit: type=1326 audit(1755752201.909:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15801 comm="syz.5.2825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59d618ebe9 code=0x7fc00000 [ 887.572919][T15590] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 888.279152][ T6368] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 888.627306][ T6368] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 888.741429][T15590] team0: Port device team_slave_0 added [ 888.792576][T15590] team0: Port device team_slave_1 added [ 889.007172][T15590] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 889.014202][T15590] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 889.046068][T15590] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 889.082274][T15590] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 889.091333][T15590] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 889.205763][T15590] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 889.692516][T15590] hsr_slave_0: entered promiscuous mode [ 889.714946][T15844] netlink: 'syz.5.2832': attribute type 10 has an invalid length. [ 889.727392][T15590] hsr_slave_1: entered promiscuous mode [ 889.754650][T15844] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2832'. [ 889.773346][T15590] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 889.791509][T15590] Cannot create hsr debugfs directory [ 889.854375][T15844] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 890.014279][T15844] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 890.049547][T15844] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 890.111119][T15844] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 890.132659][T15844] team0: Port device geneve0 added [ 890.392037][ T6368] bridge_slave_1: left allmulticast mode [ 890.404937][ T6368] bridge_slave_1: left promiscuous mode [ 890.411554][ T6368] bridge0: port 2(bridge_slave_1) entered disabled state [ 890.485245][ T6368] bridge_slave_0: left allmulticast mode [ 890.490976][ T6368] bridge_slave_0: left promiscuous mode [ 890.525531][ T6368] bridge0: port 1(bridge_slave_0) entered disabled state [ 890.632404][ T6368] tipc: Resetting bearer [ 894.689214][ T6368] tipc: Disabling bearer [ 894.747941][ T6368] team0: Port device geneve0 removed [ 895.033543][ T6368] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 895.046380][ T6368] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 895.058736][ T6368] bond0 (unregistering): Released all slaves [ 895.339583][T15529] 8021q: adding VLAN 0 to HW filter on device bond0 [ 895.433858][T15529] 8021q: adding VLAN 0 to HW filter on device team0 [ 895.646801][T15707] bridge0: port 1(bridge_slave_0) entered blocking state [ 895.654025][T15707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 896.576144][T15717] bridge0: port 2(bridge_slave_1) entered blocking state [ 896.583385][T15717] bridge0: port 2(bridge_slave_1) entered forwarding state [ 896.921207][ T6368] tipc: Left network mode [ 897.978509][ T6368] IPVS: stopping backup sync thread 13231 ... [ 898.194107][T15590] 8021q: adding VLAN 0 to HW filter on device bond0 [ 898.370849][T15922] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2850'. [ 898.517775][T15590] 8021q: adding VLAN 0 to HW filter on device team0 [ 898.660574][T15717] bridge0: port 1(bridge_slave_0) entered blocking state [ 898.667862][T15717] bridge0: port 1(bridge_slave_0) entered forwarding state [ 898.808394][T15717] bridge0: port 2(bridge_slave_1) entered blocking state [ 898.815671][T15717] bridge0: port 2(bridge_slave_1) entered forwarding state [ 902.494962][T15529] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 903.181985][T15976] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2859'. [ 903.253049][ T6368] hsr_slave_0: left promiscuous mode [ 903.286971][ T6368] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 903.303009][ T6368] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 903.374730][ T6368] veth1_macvtap: left promiscuous mode [ 903.391518][ T6368] veth0_macvtap: left promiscuous mode [ 903.556581][ T6368] veth1_vlan: left promiscuous mode [ 903.562010][ T6368] veth0_vlan: left promiscuous mode [ 906.344255][ T6368] team0 (unregistering): Port device team_slave_1 removed [ 906.391540][ T6368] team0 (unregistering): Port device team_slave_0 removed [ 907.188779][T15590] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 908.398660][T15529] veth0_vlan: entered promiscuous mode [ 908.443571][T15529] veth1_vlan: entered promiscuous mode [ 908.594606][T15529] veth0_macvtap: entered promiscuous mode [ 908.638680][T15529] veth1_macvtap: entered promiscuous mode [ 908.675645][T16024] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2868'. [ 909.534035][T15529] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 909.569875][T15529] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 911.753217][T15590] veth0_vlan: entered promiscuous mode [ 911.953240][T15711] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 911.991647][T15711] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 912.099112][T15590] veth1_vlan: entered promiscuous mode [ 912.143985][T15730] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 912.160229][T15730] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 912.212189][T15590] veth0_macvtap: entered promiscuous mode [ 912.259625][T15590] veth1_macvtap: entered promiscuous mode [ 912.384938][T15590] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 912.431957][T15590] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 914.609767][T15729] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 914.679914][T15729] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 914.832634][T16083] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2878'. [ 915.048746][T15729] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 915.066791][T15729] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 916.813932][T16095] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2882'. [ 916.826103][T16095] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 916.826103][T16095] program syz.2.2882 not setting count and/or reply_len properly [ 918.681594][T16128] overlayfs: failed to clone upperpath [ 918.844668][T16132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2891'. [ 920.845176][ T5827] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 920.953144][T16166] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2900'. [ 921.735362][ T5827] usb 3-1: Using ep0 maxpacket: 16 [ 921.756813][ T5827] usb 3-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 921.820909][ T5827] usb 3-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96 [ 921.869869][ T5827] usb 3-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8 [ 921.910744][ T5827] usb 3-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 922.056194][ T5827] usb 3-1: config 1 interface 0 has no altsetting 0 [ 922.125102][ T5827] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 922.144564][ T5827] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 922.171476][ T5827] usb 3-1: SerialNumber: syz [ 922.202339][T16154] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 922.225487][T16154] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 922.611577][T16196] gtp0: entered promiscuous mode [ 922.616747][T16196] gtp0: entered allmulticast mode [ 923.660813][T16205] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 923.674574][T16205] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 925.830017][ T5827] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 925.919814][ T5827] usb 3-1: USB disconnect, device number 9 [ 926.781457][T16250] gtp0: entered promiscuous mode [ 926.786597][T16250] gtp0: entered allmulticast mode [ 934.435404][T16337] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2944'. [ 934.995301][T16355] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2950'. [ 935.378371][T16368] binder: 16367:16368 ioctl 4018620d 0 returned -22 [ 935.583927][T16374] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2956'. [ 935.625597][T16374] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2956'. [ 935.667904][T16374] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2956'. [ 935.773085][T16378] binder: 16367:16378 ioctl c0306201 0 returned -14 [ 936.636126][T16383] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2958'. [ 936.765697][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 938.493135][T16408] netlink: 'syz.4.2964': attribute type 29 has an invalid length. [ 938.688579][T16409] netlink: 'syz.4.2964': attribute type 29 has an invalid length. [ 938.697108][T16410] netlink: 'syz.4.2964': attribute type 29 has an invalid length. [ 940.196149][T16446] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2973'. [ 940.266695][T16448] netlink: 'syz.2.2975': attribute type 3 has an invalid length. [ 940.562707][T16459] team_slave_0: entered promiscuous mode [ 940.568557][T16459] team_slave_1: entered promiscuous mode [ 940.635590][T16459] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 941.214447][T16485] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2985'. [ 941.402307][T16490] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2987'. [ 942.948244][T16514] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2999'. [ 943.101180][T16527] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2998'. [ 943.301482][T16533] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 943.301482][T16533] program syz.4.2995 not setting count and/or reply_len properly [ 944.167099][T16543] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3004'. [ 947.380430][T16577] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3012'. [ 949.693811][T16617] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3024'. [ 949.998051][T16621] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 950.457203][T16630] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 950.457203][T16630] program syz.2.3028 not setting count and/or reply_len properly [ 952.220478][T16640] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3032'. [ 953.184351][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 953.189046][T16658] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3037'. [ 953.200917][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 953.209119][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 953.218375][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 953.226255][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 954.517619][ T5842] bond0: (slave syz_tun): Releasing backup interface [ 954.710691][T16651] lo speed is unknown, defaulting to 1000 [ 955.855876][ T5844] Bluetooth: hci2: command tx timeout [ 956.500219][T16695] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3051'. [ 957.536798][T16651] lo speed is unknown, defaulting to 1000 [ 957.577962][T16700] netlink: 'syz.5.3052': attribute type 10 has an invalid length. [ 957.671165][T16700] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3052'. [ 957.776154][T16708] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 957.776223][T16708] F2FS-fs (loop13): Can't find valid F2FS filesystem in 1th superblock [ 957.778153][T16708] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 957.778354][T16708] F2FS-fs (loop13): Can't find valid F2FS filesystem in 2th superblock [ 957.867822][T16700] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.868062][T16700] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.868206][T16700] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.868356][T16700] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.935274][ T5844] Bluetooth: hci2: command tx timeout [ 958.405412][ T5827] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 958.747001][ T5827] usb 3-1: config index 0 descriptor too short (expected 39, got 27) [ 958.747063][ T5827] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 958.747093][ T5827] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 958.747120][ T5827] usb 3-1: config 0 interface 0 has no altsetting 0 [ 958.749360][ T5827] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 958.749391][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 958.749414][ T5827] usb 3-1: Product: syz [ 958.749432][ T5827] usb 3-1: Manufacturer: syz [ 958.749449][ T5827] usb 3-1: SerialNumber: syz [ 958.752807][ T5827] usb 3-1: config 0 descriptor?? [ 958.755342][ T5827] hub 3-1:0.0: bad descriptor, ignoring hub [ 958.755371][ T5827] hub 3-1:0.0: probe with driver hub failed with error -5 [ 958.802254][ T5827] usb 3-1: selecting invalid altsetting 0 [ 958.914579][T16720] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3057'. [ 958.990802][T16722] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3050'. [ 959.226210][T16043] udevd[16043]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: Read-only file system [ 959.427530][T16728] lo speed is unknown, defaulting to 1000 [ 960.015211][ T5844] Bluetooth: hci2: command tx timeout [ 960.016523][T16707] usb 3-1: reset high-speed USB device number 10 using dummy_hcd [ 960.209649][T16742] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3062'. [ 960.280130][T16651] chnl_net:caif_netlink_parms(): no params data found [ 960.345685][ T5827] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 960.457176][T16728] lo speed is unknown, defaulting to 1000 [ 960.538252][ T5827] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 960.584394][ T5827] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 960.675291][ T5827] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 960.705127][ T5827] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 960.809291][T14916] usb 3-1: USB disconnect, device number 10 [ 960.995162][ T5827] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 961.021176][ T5827] usb 7-1: config 0 interface 0 has no altsetting 0 [ 961.041048][ T5827] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 961.051627][ T5827] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 961.077347][ T5827] usb 7-1: Product: syz [ 961.081595][ T5827] usb 7-1: Manufacturer: syz [ 961.095104][ T5827] usb 7-1: SerialNumber: syz [ 961.120120][ T5827] usb 7-1: config 0 descriptor?? [ 961.131234][T16737] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 961.133659][T16651] bridge0: port 1(bridge_slave_0) entered blocking state [ 961.161638][ T5827] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 961.169785][T16651] bridge0: port 1(bridge_slave_0) entered disabled state [ 961.186624][ T5827] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 961.194795][T16651] bridge_slave_0: entered allmulticast mode [ 961.207225][T16651] bridge_slave_0: entered promiscuous mode [ 961.371418][T16651] bridge0: port 2(bridge_slave_1) entered blocking state [ 961.378971][T16651] bridge0: port 2(bridge_slave_1) entered disabled state [ 961.387657][T16651] bridge_slave_1: entered allmulticast mode [ 961.405004][T16335] usb 7-1: USB disconnect, device number 2 [ 961.405664][ C0] ldusb 7-1:0.0: usb_submit_urb failed (-19) [ 961.420442][T16335] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 961.440485][T16651] bridge_slave_1: entered promiscuous mode [ 961.618996][T16763] netlink: 'syz.2.3065': attribute type 10 has an invalid length. [ 961.653123][T16763] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3065'. [ 961.766574][T16763] geneve0: entered promiscuous mode [ 961.773441][T16763] team0: Port device geneve0 added [ 962.105507][ T5844] Bluetooth: hci2: command tx timeout [ 962.619372][T16651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 962.651541][T16651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 962.693610][T16775] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3068'. [ 962.925569][ T5952] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 962.995980][T16651] team0: Port device team_slave_0 added [ 963.074001][T16651] team0: Port device team_slave_1 added [ 963.115342][ T5952] usb 3-1: Using ep0 maxpacket: 8 [ 963.131609][ T5952] usb 3-1: config 0 has an invalid interface number: 151 but max is 1 [ 963.182972][ T5952] usb 3-1: config 0 has no interface number 1 [ 963.224866][ T5952] usb 3-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 963.304797][ T5952] usb 3-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 963.369146][ T5952] usb 3-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024 [ 963.408977][ T5952] usb 3-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 963.466432][ T5952] usb 3-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 963.515833][ T5952] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF1, changing to 0x81 [ 963.707020][T16651] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 963.714045][T16651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 963.820763][T16651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 963.874347][ T5952] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12592, setting to 1024 [ 963.911827][ T5952] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024 [ 963.915916][T16651] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 963.956177][T16651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 963.965234][ T5952] usb 3-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 964.067660][T16651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 964.078501][T16335] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 964.084698][ T5952] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.098430][ T5952] usb 3-1: Product: syz [ 964.104676][ T5952] usb 3-1: Manufacturer: syz [ 964.109808][ T5952] usb 3-1: SerialNumber: syz [ 964.136551][ T5952] usb 3-1: config 0 descriptor?? [ 964.153165][T16774] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 964.229189][ T5952] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 964.252665][ T5952] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 964.430841][T16335] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 964.441264][T16335] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 964.502991][T16335] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 964.521206][T16335] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 964.532730][T16335] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 964.557408][T16335] usb 7-1: config 0 interface 0 has no altsetting 0 [ 964.578695][T16651] hsr_slave_0: entered promiscuous mode [ 964.591354][T16651] hsr_slave_1: entered promiscuous mode [ 964.611786][T16335] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 964.620007][ T5952] usb 3-1: USB disconnect, device number 11 [ 964.624735][T16651] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 964.648931][T16335] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 964.684845][T16335] usb 7-1: Product: syz [ 964.695288][T16651] Cannot create hsr debugfs directory [ 964.714727][T16335] usb 7-1: Manufacturer: syz [ 964.743280][T16335] usb 7-1: SerialNumber: syz [ 964.776521][T16335] usb 7-1: config 0 descriptor?? [ 964.835967][T16784] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 964.924955][T16796] udevd[16796]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 964.944362][T16335] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 965.000215][T16335] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 965.095547][ T1208] usb 7-1: USB disconnect, device number 3 [ 965.213836][ T1208] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 965.350661][T16804] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3072'. [ 966.629366][T16651] 8021q: adding VLAN 0 to HW filter on device bond0 [ 966.806233][T16827] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3074'. [ 966.808360][T16651] 8021q: adding VLAN 0 to HW filter on device team0 [ 966.930116][ T8159] bridge0: port 1(bridge_slave_0) entered blocking state [ 966.937305][ T8159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 966.997190][ T8159] bridge0: port 2(bridge_slave_1) entered blocking state [ 967.004454][ T8159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 968.487351][T16848] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3082'. [ 968.859947][T16852] overlayfs: failed to clone lowerpath [ 972.702577][T16651] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 973.625748][T16897] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3092'. [ 974.096383][T16901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3093'. [ 976.486459][T16926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3098'. [ 976.696371][T16651] veth0_vlan: entered promiscuous mode [ 976.832103][T16651] veth1_vlan: entered promiscuous mode [ 976.896728][T16651] veth0_macvtap: entered promiscuous mode [ 976.933081][T16651] veth1_macvtap: entered promiscuous mode [ 976.989341][T16651] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 977.061791][T16651] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 977.255389][T16941] autofs: Unknown parameter '0x0000000000000000' [ 977.549406][T15707] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 977.605682][T15707] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 977.823406][T15729] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 977.903892][T15729] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 978.563097][T16959] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3104'. [ 980.684795][ T5155] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 980.704900][ T5155] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 980.716001][ T5155] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 980.734403][ T5155] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 980.743002][ T5155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 980.913490][T16983] lo speed is unknown, defaulting to 1000 [ 982.377416][T16983] lo speed is unknown, defaulting to 1000 [ 982.815365][ T5155] Bluetooth: hci3: command tx timeout [ 985.145967][ T5155] Bluetooth: hci3: command tx timeout [ 987.215280][ T5155] Bluetooth: hci3: command tx timeout [ 989.444914][ T5155] Bluetooth: hci3: command tx timeout [ 991.250027][T16983] chnl_net:caif_netlink_parms(): no params data found [ 992.012107][T16983] bridge0: port 1(bridge_slave_0) entered blocking state [ 992.032831][T16983] bridge0: port 1(bridge_slave_0) entered disabled state [ 992.050290][T16983] bridge_slave_0: entered allmulticast mode [ 992.064649][T16983] bridge_slave_0: entered promiscuous mode [ 992.096573][T16983] bridge0: port 2(bridge_slave_1) entered blocking state [ 992.118903][T16983] bridge0: port 2(bridge_slave_1) entered disabled state [ 992.144541][T16983] bridge_slave_1: entered allmulticast mode [ 992.173075][T16983] bridge_slave_1: entered promiscuous mode [ 992.473045][T16983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 992.504897][T16983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 992.791261][T16983] team0: Port device team_slave_0 added [ 992.982215][T16983] team0: Port device team_slave_1 added [ 993.970588][T16983] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 993.993719][T16983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 994.624725][T16983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 994.695147][ T1208] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 994.717482][T16983] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 994.756977][T16983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 994.803321][T16983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 994.877873][ T1208] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 994.938251][ T1208] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 994.997504][ T1208] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 995.045174][ T1208] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 995.089163][T17142] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 995.143093][ T1208] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 995.149407][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 995.215765][T16983] hsr_slave_0: entered promiscuous mode [ 995.321968][T16983] hsr_slave_1: entered promiscuous mode [ 995.386105][T16983] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 995.406000][T16983] Cannot create hsr debugfs directory [ 995.655650][T17158] netlink: 'syz.4.3139': attribute type 10 has an invalid length. [ 995.733430][T17146] udevd[17146]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: Read-only file system [ 995.755302][T17158] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3139'. [ 997.619355][T17158] team0: Port device geneve0 added [ 998.139807][T17175] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 998.139807][T17175] program syz.6.3141 not setting count and/or reply_len properly [ 998.216153][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1000.230447][ T1208] usb 3-1: USB disconnect, device number 12 [ 1000.260745][ T5155] Bluetooth: hci1: command 0x0406 tx timeout [ 1000.308381][T17184] lo speed is unknown, defaulting to 1000 [ 1000.545068][T17171] 9pnet_virtio: no channels available for device syz [ 1001.861528][T16983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1001.898885][T16983] 8021q: adding VLAN 0 to HW filter on device team0 [ 1001.914293][T15717] bridge0: port 1(bridge_slave_0) entered blocking state [ 1001.921598][T15717] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1002.019456][T15717] bridge0: port 2(bridge_slave_1) entered blocking state [ 1002.026737][T15717] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1002.519686][T16983] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1003.455865][T17184] lo speed is unknown, defaulting to 1000 [ 1004.308403][T16983] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1006.865596][T17253] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1008.184359][T17269] : entered promiscuous mode [ 1008.747521][T16983] veth0_vlan: entered promiscuous mode [ 1008.942178][T16983] veth1_vlan: entered promiscuous mode [ 1009.077681][T16983] veth0_macvtap: entered promiscuous mode [ 1009.128280][T16983] veth1_macvtap: entered promiscuous mode [ 1009.431328][T16983] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1009.470087][T16983] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1010.214811][T15717] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1010.268078][T15717] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1010.451830][T15729] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1010.514413][T15729] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1011.033720][T17301] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3103'. [ 1012.752377][T17324] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 1012.762012][T17324] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 1012.772014][T17324] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1012.799726][ T30] audit: type=1800 audit(1755752327.159:182): pid=17324 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3165" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 1013.086604][T17330] netlink: 'syz.4.3168': attribute type 10 has an invalid length. [ 1013.147744][T17330] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3168'. [ 1013.181711][T17330] ipvlan1: entered promiscuous mode [ 1013.257750][T17330] ipvlan1: entered allmulticast mode [ 1013.280545][T17330] veth0_vlan: entered allmulticast mode [ 1013.318098][T17330] bridge0: port 3(ipvlan1) entered blocking state [ 1013.346270][T17330] bridge0: port 3(ipvlan1) entered disabled state [ 1013.401396][T17330] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1014.463495][T17353] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3173'. [ 1016.465399][T14916] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 1016.736688][T14916] usb 7-1: Using ep0 maxpacket: 8 [ 1016.935278][T14916] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1016.955181][T14916] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1016.964297][T14916] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.033824][T14916] usb 7-1: config 0 descriptor?? [ 1017.072595][T14916] iowarrior 7-1:0.0: no interrupt-in endpoint found [ 1017.102350][T17396] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3186'. [ 1018.617757][T17424] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3189'. [ 1018.642269][T17424] netlink: 'syz.1.3189': attribute type 1 has an invalid length. [ 1018.650347][T17424] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3189'. [ 1018.923551][T16335] usb 7-1: USB disconnect, device number 4 [ 1019.125562][T17436] GUP no longer grows the stack in syz.5.3195 (17436): 200000005000-200000008000 (200000004000) [ 1019.714248][T17436] CPU: 0 UID: 0 PID: 17436 Comm: syz.5.3195 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1019.714281][T17436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1019.714300][T17436] Call Trace: [ 1019.714314][T17436] [ 1019.714325][T17436] dump_stack_lvl+0x189/0x250 [ 1019.714374][T17436] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1019.714400][T17436] ? __pfx__printk+0x10/0x10 [ 1019.714427][T17436] ? find_vma+0xe7/0x160 [ 1019.714534][T17436] __get_user_pages+0x2a60/0x30b0 [ 1019.714628][T17436] ? __pfx___get_user_pages+0x10/0x10 [ 1019.714661][T17436] ? __gup_longterm_locked+0xbf7/0x15b0 [ 1019.714694][T17436] ? down_read_killable+0x1d1/0x350 [ 1019.714758][T17436] __gup_longterm_locked+0xd66/0x15b0 [ 1019.714814][T17436] ? gup_fast_fallback+0x1afc/0x2260 [ 1019.714853][T17436] gup_fast_fallback+0x1cd4/0x2260 [ 1019.714926][T17436] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1019.714964][T17436] ? futex_unqueue+0x22/0x240 [ 1019.714990][T17436] ? futex_unqueue+0x22/0x240 [ 1019.715014][T17436] ? futex_unqueue+0x22/0x240 [ 1019.715037][T17436] ? is_valid_gup_args+0x11f/0x200 [ 1019.715081][T17436] ? get_user_pages_fast+0x4d/0xb0 [ 1019.715118][T17436] get_futex_key+0x915/0x1640 [ 1019.715150][T17436] ? get_futex_key+0x880/0x1640 [ 1019.715178][T17436] ? __pfx_get_futex_key+0x10/0x10 [ 1019.715201][T17436] ? __pfx_futex_wake_mark+0x10/0x10 [ 1019.715250][T17436] futex_wake_op+0x127/0xca0 [ 1019.715294][T17436] ? __pfx_futex_wake_op+0x10/0x10 [ 1019.715332][T17436] ? __lock_acquire+0xab9/0xd20 [ 1019.715366][T17436] ? __might_fault+0xb0/0x130 [ 1019.715423][T17436] do_futex+0x3bd/0x420 [ 1019.715461][T17436] ? __pfx_do_futex+0x10/0x10 [ 1019.715490][T17436] ? rcu_is_watching+0x15/0xb0 [ 1019.715522][T17436] __se_sys_futex+0x36f/0x400 [ 1019.715561][T17436] ? __pfx___se_sys_futex+0x10/0x10 [ 1019.715591][T17436] ? rcu_is_watching+0x15/0xb0 [ 1019.715622][T17436] ? __x64_sys_futex+0x21/0xf0 [ 1019.715655][T17436] do_syscall_64+0xfa/0x3b0 [ 1019.715703][T17436] ? lockdep_hardirqs_on+0x9c/0x150 [ 1019.715750][T17436] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1019.715773][T17436] ? clear_bhb_loop+0x60/0xb0 [ 1019.715802][T17436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1019.715823][T17436] RIP: 0033:0x7f59d618ebe9 [ 1019.715851][T17436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1019.715870][T17436] RSP: 002b:00007f59d6f38038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1019.715894][T17436] RAX: ffffffffffffffda RBX: 00007f59d63b6090 RCX: 00007f59d618ebe9 [ 1019.715911][T17436] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000200000004000 [ 1019.715925][T17436] RBP: 00007f59d6211e19 R08: 0000200000004000 R09: 00000000a3020000 [ 1019.715952][T17436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1019.715965][T17436] R13: 00007f59d63b6128 R14: 00007f59d63b6090 R15: 00007ffeb5b5bb98 [ 1019.715999][T17436] [ 1020.119386][T17432] lo speed is unknown, defaulting to 1000 [ 1022.251942][T17459] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3201'. [ 1022.438336][T17432] lo speed is unknown, defaulting to 1000 [ 1028.247726][T17533] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3214'. [ 1028.375687][T17527] syz.2.3212 (17527): drop_caches: 2 [ 1030.060814][T17554] gtp1: entered promiscuous mode [ 1030.065990][T17554] gtp1: entered allmulticast mode [ 1033.701170][T17580] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3225'. [ 1035.579338][T17608] futex_wake_op: syz.2.3230 tries to shift op by 32; fix this program [ 1036.135067][T17614] gtp1: entered promiscuous mode [ 1036.140129][T17614] gtp1: entered allmulticast mode [ 1037.415243][T14939] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 1038.490336][T14939] usb 3-1: Using ep0 maxpacket: 16 [ 1038.499927][T14939] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1038.523373][T14939] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1038.554245][T14939] usb 3-1: config 1 interface 0 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1038.575301][T17642] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3237'. [ 1038.852562][T14939] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1038.874412][T14939] usb 3-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 1038.893916][T14939] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1039.098511][T17653] lo speed is unknown, defaulting to 1000 [ 1039.686830][T17653] lo speed is unknown, defaulting to 1000 [ 1040.186720][T17651] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 1041.129968][T14939] usb 3-1: Product: syz [ 1041.154605][T14939] usb 3-1: Manufacturer: syz [ 1041.159374][T14939] usb 3-1: SerialNumber: syz [ 1041.194256][T14939] usb 3-1: can't set config #1, error -71 [ 1041.237455][T14939] usb 3-1: USB disconnect, device number 13 [ 1041.439740][T17660] futex_wake_op: syz.2.3241 tries to shift op by 32; fix this program [ 1042.135430][T17665] gtp0: entered promiscuous mode [ 1042.149847][T17665] gtp0: entered allmulticast mode [ 1045.596031][T17685] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3247'. [ 1045.792108][T17669] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 1046.463175][ T5827] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 1046.496734][ T5827] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 1046.519565][T17695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1046.787352][T15730] wlan1: authenticated [ 1046.790881][T17695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1046.841520][ T6368] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 1047.029817][ T6368] wlan1: associate with 08:02:11:00:00:00 (try 2/3) [ 1047.105302][T17713] futex_wake_op: syz.5.3253 tries to shift op by 32; fix this program [ 1047.196652][T15730] wlan1: associate with 08:02:11:00:00:00 (try 3/3) [ 1047.217448][T17712] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3252'. [ 1047.336714][T15730] wlan1: association with 08:02:11:00:00:00 timed out [ 1050.879738][T17758] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3260'. [ 1052.573447][T17780] bridge_slave_0: left allmulticast mode [ 1052.579434][T17780] bridge_slave_0: left promiscuous mode [ 1052.585650][T17780] bridge0: port 1(bridge_slave_0) entered disabled state [ 1052.740682][T17782] netlink: 'syz.5.3264': attribute type 10 has an invalid length. [ 1052.788125][T17782] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3264'. [ 1052.983687][T17780] bridge_slave_1: left allmulticast mode [ 1052.989472][T17780] bridge_slave_1: left promiscuous mode [ 1052.995417][T17780] bridge0: port 2(bridge_slave_1) entered disabled state [ 1053.194680][T17780] bond0: (slave bond_slave_0): Releasing backup interface [ 1053.254240][T17780] bond0: (slave bond_slave_1): Releasing backup interface [ 1053.313326][T17780] team0: Port device team_slave_0 removed [ 1053.324648][T17780] team0: Port device team_slave_1 removed [ 1053.331961][T17780] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1053.339626][T17780] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1053.350593][T17780] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1053.358238][T17780] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1053.376364][T17782] ipvlan1: entered promiscuous mode [ 1053.405109][T17782] ipvlan1: entered allmulticast mode [ 1053.457497][T17782] veth0_vlan: entered allmulticast mode [ 1053.530881][T17782] bridge0: port 1(ipvlan1) entered blocking state [ 1053.544111][T17782] bridge0: port 1(ipvlan1) entered disabled state [ 1053.609545][T17782] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1055.198495][T17805] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1056.589983][T17818] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1056.728245][T17825] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3271'. [ 1059.655790][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1060.816442][T17852] binder: 17851:17852 ioctl 4018620d 0 returned -22 [ 1061.598382][T17861] binder: 17851:17861 ioctl c0306201 0 returned -14 [ 1066.436078][T17913] netlink: 'syz.5.3292': attribute type 10 has an invalid length. [ 1066.444086][T17913] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3292'. [ 1066.454247][T17913] bridge0: port 1(ipvlan1) entered blocking state [ 1066.461826][T17913] bridge0: port 1(ipvlan1) entered disabled state [ 1066.472097][T17913] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1069.952485][T17945] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3300'. [ 1073.213622][ T30] audit: type=1326 audit(1755752387.619:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17981 comm="syz.4.3309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba7d58ebe9 code=0x7ffc0000 [ 1073.295432][ T30] audit: type=1326 audit(1755752387.619:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17981 comm="syz.4.3309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fba7d58ebe9 code=0x7ffc0000 [ 1073.367561][ T30] audit: type=1326 audit(1755752387.619:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17981 comm="syz.4.3309" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba7d58ebe9 code=0x0 [ 1077.055253][ T5155] Bluetooth: hci2: command 0x0406 tx timeout [ 1079.987901][T18032] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3315'. [ 1080.013047][T18032] netlink: 'syz.1.3315': attribute type 1 has an invalid length. [ 1080.027098][T18032] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3315'. [ 1085.262683][T18079] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3336'. [ 1085.271761][T18079] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3336'. [ 1087.775422][ T5155] Bluetooth: hci3: command 0x0405 tx timeout [ 1087.843355][T18120] kvm: kvm [18118]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x11e) = 0x3 [ 1088.058442][T18120] kvm: kvm [18118]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x186) = 0x3 [ 1088.083510][T18120] kvm: kvm [18118]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x187) = 0x3 [ 1089.246179][T18141] tipc: Started in network mode [ 1089.254855][T18141] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 1089.276761][T18141] tipc: Enabled bearer , priority 10 [ 1090.444539][T14939] tipc: Node number set to 8432298 [ 1092.342769][T18205] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (34 ns). Using initial count to start timer. [ 1097.245743][T18247] netlink: 14 bytes leftover after parsing attributes in process `syz.5.3380'. [ 1097.413078][T18254] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc [ 1098.736676][T18247] bond0 (unregistering): Released all slaves [ 1098.756801][T18268] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3387'. [ 1099.389835][T18281] netlink: 'syz.5.3392': attribute type 10 has an invalid length. [ 1099.398278][T18281] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3392'. [ 1099.422361][T18281] bridge0: port 1(ipvlan1) entered blocking state [ 1099.429752][T18281] bridge0: port 1(ipvlan1) entered disabled state [ 1100.606971][T18281] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1103.033060][T18310] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3399'. [ 1106.382260][T18331] platform regulatory.0: loading /lib/firmware/regulatory.db.p7s failed with error -4 [ 1106.392258][ T30] audit: type=1800 audit(1755752420.789:186): pid=18331 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3406" name="regulatory.db.p7s" dev="sda1" ino=449 res=0 errno=0 [ 1107.325147][T18331] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -4 [ 1107.369950][T18331] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db.p7s [ 1107.408043][T18331] syz.5.3406 (18331) used greatest stack depth: 17992 bytes left [ 1108.075810][ T5155] Bluetooth: hci3: command 0x0405 tx timeout [ 1109.443314][T18355] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3409'. [ 1109.487899][T18357] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3410'. [ 1109.767824][T18359] netlink: 'syz.2.3411': attribute type 10 has an invalid length. [ 1109.785237][T18359] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3411'. [ 1109.794292][T18359] team0: entered promiscuous mode [ 1109.869671][T18359] team0: entered allmulticast mode [ 1109.901729][T18359] team_slave_0: entered allmulticast mode [ 1109.946110][T18359] team_slave_1: entered allmulticast mode [ 1109.963890][T18359] geneve0: entered allmulticast mode [ 1109.971826][T18359] bridge0: port 3(team0) entered blocking state [ 1109.979894][T18359] bridge0: port 3(team0) entered disabled state [ 1110.116470][T18359] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1111.147745][T18377] binder: 18376:18377 ioctl 4018620d 0 returned -22 [ 1111.259455][T18382] netlink: 'syz.6.3419': attribute type 10 has an invalid length. [ 1111.410012][T18382] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3419'. [ 1111.474015][T18382] ipvlan1: entered promiscuous mode [ 1111.505458][T18382] ipvlan1: entered allmulticast mode [ 1111.535507][T18382] veth0_vlan: entered allmulticast mode [ 1111.655673][T18382] bridge0: port 1(ipvlan1) entered blocking state [ 1111.709875][T18382] bridge0: port 1(ipvlan1) entered disabled state [ 1111.739498][T18382] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1115.620442][ T30] audit: type=1800 audit(1755752430.019:187): pid=18412 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.3427" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 1121.452689][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.819744][T18464] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3445'. [ 1129.182423][T18512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3457'. [ 1134.019294][T18543] netlink: 'syz.6.3466': attribute type 10 has an invalid length. [ 1134.105429][T18543] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3466'. [ 1134.250194][T18543] bridge0: port 1(ipvlan1) entered blocking state [ 1134.358766][T18543] bridge0: port 1(ipvlan1) entered disabled state [ 1134.548512][T18543] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1134.805941][T18551] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3469'. [ 1134.894119][T18552] syz.1.3470(18552): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1135.638316][T18550] delete_channel: no stack [ 1136.510227][T18572] syz.4.3476: attempt to access beyond end of device [ 1136.510227][T18572] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0 [ 1136.513023][T18572] syz.4.3476: attempt to access beyond end of device [ 1136.513023][T18572] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0 [ 1136.513668][T18572] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 1136.520511][T18572] syz.4.3476: attempt to access beyond end of device [ 1136.520511][T18572] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0 [ 1136.520600][T18572] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 1136.521932][T18572] syz.4.3476: attempt to access beyond end of device [ 1136.521932][T18572] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 1136.532124][T18572] syz.4.3476: attempt to access beyond end of device [ 1136.532124][T18572] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 1136.532534][T18572] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 1136.533787][T18572] syz.4.3476: attempt to access beyond end of device [ 1136.533787][T18572] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 1136.534471][T18572] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 1136.592591][T18572] syz.4.3476: attempt to access beyond end of device [ 1136.592591][T18572] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0 [ 1136.603848][T18572] syz.4.3476: attempt to access beyond end of device [ 1136.603848][T18572] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 1136.612281][T18572] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 1136.615122][T18572] syz.4.3476: attempt to access beyond end of device [ 1136.615122][T18572] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 1136.621848][T18572] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 1136.633320][T18572] syz.4.3476: attempt to access beyond end of device [ 1136.633320][T18572] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1136.636601][T18572] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 1136.637806][T18572] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 1136.637853][T18572] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1) [ 1141.644136][T18611] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3485'. [ 1143.103564][T15707] Bluetooth: hci4: Frame reassembly failed (-84) [ 1145.135126][ T5155] Bluetooth: hci4: command 0x1003 tx timeout [ 1145.139269][ T5844] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1149.934091][T18688] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3506'. [ 1151.116563][T18704] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3512'. [ 1151.136541][T18704] kAFS: No cell specified [ 1156.598056][T18736] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3522'. [ 1157.365303][ T1208] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 1157.567621][ T1208] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1157.582162][ T1208] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1157.616442][ T1208] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1157.654805][ T1208] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1157.748821][T18746] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1157.760754][ T1208] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 1158.122814][ T5155] Bluetooth: hci3: command 0x0405 tx timeout [ 1158.339189][T18761] udevd[18761]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: Read-only file system [ 1161.055253][T14939] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1161.182046][T16335] usb 7-1: USB disconnect, device number 5 [ 1161.212159][T18781] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3536'. [ 1161.246458][T14939] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1161.317673][T14939] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1161.347324][T14939] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1161.371694][T14939] usb 3-1: Product: syz [ 1161.382777][T14939] usb 3-1: Manufacturer: syz [ 1161.395916][T14939] usb 3-1: SerialNumber: syz [ 1161.697662][T14939] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1161.914888][T16335] usb 3-1: USB disconnect, device number 14 [ 1161.954302][T16335] usblp0: removed [ 1162.513936][T18798] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1162.522326][T18798] F2FS-fs (loop13): Can't find valid F2FS filesystem in 1th superblock [ 1162.531317][T18798] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1162.539198][T18798] F2FS-fs (loop13): Can't find valid F2FS filesystem in 2th superblock [ 1165.933260][T18829] Bluetooth: MGMT ver 1.23 [ 1167.067609][ T30] audit: type=1800 audit(1755752480.629:188): pid=18834 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.3553" name="bus" dev="overlay" ino=375 res=0 errno=0 [ 1167.496275][T18839] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1167.504173][T18839] F2FS-fs (loop13): Can't find valid F2FS filesystem in 1th superblock [ 1167.513522][T18839] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1167.521464][T18839] F2FS-fs (loop13): Can't find valid F2FS filesystem in 2th superblock [ 1167.717277][T18841] tipc: Started in network mode [ 1167.733018][T18841] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 1167.761056][T18841] tipc: Enabled bearer , priority 10 [ 1168.885055][T14939] tipc: Node number set to 8432298 [ 1171.051052][T18889] tipc: Enabling of bearer rejected, already enabled [ 1171.078682][T18886] fuse: root generation should be zero [ 1176.504088][ T44] usb 2-1: new low-speed USB device number 11 using dummy_hcd [ 1178.249798][ T44] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 1178.461003][ T44] usb 2-1: config 0 has no interface number 0 [ 1178.471549][ T44] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1178.485404][T18978] libceph: resolve '4' (ret=-3): failed [ 1178.554102][ T44] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 1178.569803][ T44] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1178.582159][ T44] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1178.668990][ T44] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 1178.682928][ T44] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1178.711076][ T44] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1178.721149][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1178.735404][ T44] usb 2-1: config 0 descriptor?? [ 1178.745788][T18953] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1178.769360][T18953] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1178.824194][ T44] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1179.055641][ T44] usb 2-1: USB disconnect, device number 11 [ 1179.067472][ T44] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 1182.559790][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1184.565115][ T44] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 1184.717205][ T44] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1184.882197][ T44] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1184.916671][ T44] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 1184.968631][ T44] usb 7-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1185.047322][ T44] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1185.062482][ T44] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1185.094361][ T44] usb 7-1: Product: syz [ 1185.119010][ T44] usb 7-1: Manufacturer: syz [ 1185.133315][ T44] usb 7-1: SerialNumber: syz [ 1186.268969][ T44] cdc_ncm 7-1:1.0: bind() failure [ 1186.308753][ T44] cdc_ncm 7-1:1.1: probe with driver cdc_ncm failed with error -71 [ 1186.329087][ T44] cdc_mbim 7-1:1.1: probe with driver cdc_mbim failed with error -71 [ 1186.365838][ T44] usbtest 7-1:1.1: probe with driver usbtest failed with error -71 [ 1186.432920][ T44] usb 7-1: USB disconnect, device number 6 [ 1187.050700][ T5155] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1187.068441][ T5155] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1187.078849][ T5155] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1187.100621][ T5155] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1187.117756][ T5155] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1187.439481][T19049] lo speed is unknown, defaulting to 1000 [ 1189.215272][ T5844] Bluetooth: hci4: command tx timeout [ 1191.415111][ T5844] Bluetooth: hci4: command tx timeout [ 1192.505285][T15707] team0: Port device geneve0 removed [ 1193.477317][ T5844] Bluetooth: hci4: command tx timeout [ 1193.511997][T15707] bond1 (unregistering): Released all slaves [ 1193.592883][T19049] lo speed is unknown, defaulting to 1000 [ 1195.491035][T19129] C: renamed from team_slave_0 (while UP) [ 1195.538207][ T5844] Bluetooth: hci4: command tx timeout [ 1195.656010][T19129] netlink: 'syz.2.3637': attribute type 1 has an invalid length. [ 1195.664070][T19129] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3637'. [ 1195.674268][T19129] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1200.969030][T19049] chnl_net:caif_netlink_parms(): no params data found [ 1201.525025][T15707] hsr_slave_0: left promiscuous mode [ 1201.565023][T15707] hsr_slave_1: left promiscuous mode [ 1204.107104][T19191] bio_check_eod: 2 callbacks suppressed [ 1204.107119][T19191] syz.4.3652: attempt to access beyond end of device [ 1204.107119][T19191] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0 [ 1204.126116][T19191] syz.4.3652: attempt to access beyond end of device [ 1204.126116][T19191] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0 [ 1204.139064][T19191] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 1204.775212][T19191] syz.4.3652: attempt to access beyond end of device [ 1204.775212][T19191] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0 [ 1204.788355][T19191] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 1204.798638][T19191] syz.4.3652: attempt to access beyond end of device [ 1204.798638][T19191] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 1204.811707][T19191] syz.4.3652: attempt to access beyond end of device [ 1204.811707][T19191] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 1204.824865][T19191] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 1204.834599][T19191] syz.4.3652: attempt to access beyond end of device [ 1204.834599][T19191] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 1204.847782][T19191] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 1204.857860][T19191] syz.4.3652: attempt to access beyond end of device [ 1204.857860][T19191] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0 [ 1204.870849][T19191] syz.4.3652: attempt to access beyond end of device [ 1204.870849][T19191] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 1204.883999][T19191] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 1204.893693][T19191] syz.4.3652: attempt to access beyond end of device [ 1204.893693][T19191] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 1204.906817][T19191] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 1204.916758][T19191] syz.4.3652: attempt to access beyond end of device [ 1204.916758][T19191] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1204.929807][T19191] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 1204.939476][T19191] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 1204.949027][T19191] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1) [ 1208.425053][ T5155] Bluetooth: hci4: command 0x0405 tx timeout [ 1211.326768][T15729] smc: removing ib device syz1 [ 1211.345254][T16805] lo speed is unknown, defaulting to 1000 [ 1211.351232][T16805] syz1: Port: 1 Link DOWN [ 1216.633262][T19049] bridge0: port 1(bridge_slave_0) entered blocking state [ 1216.792045][T19049] bridge0: port 1(bridge_slave_0) entered disabled state [ 1216.816575][T19049] bridge_slave_0: entered allmulticast mode [ 1216.894519][T19049] bridge_slave_0: entered promiscuous mode [ 1216.940808][T19049] bridge0: port 2(bridge_slave_1) entered blocking state [ 1216.971391][T19049] bridge0: port 2(bridge_slave_1) entered disabled state [ 1216.988695][T19049] bridge_slave_1: entered allmulticast mode [ 1217.103986][T19049] bridge_slave_1: entered promiscuous mode [ 1219.187790][T19049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1219.260318][T19049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1219.722248][T19049] team0: Port device team_slave_0 added [ 1219.842267][T19049] team0: Port device team_slave_1 added [ 1220.434162][T19319] delete_channel: no stack [ 1226.645744][T19049] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1226.652758][T19049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1226.695068][T19049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1226.765943][T19049] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1226.772970][T19049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1226.945461][T19049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1229.470363][T19049] hsr_slave_0: entered promiscuous mode [ 1229.477391][T19049] hsr_slave_1: entered promiscuous mode [ 1229.483887][T19049] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1229.492056][T19049] Cannot create hsr debugfs directory [ 1229.530049][T19375] lo speed is unknown, defaulting to 1000 [ 1229.536262][T19375] lo speed is unknown, defaulting to 1000 [ 1229.543498][T19375] lo speed is unknown, defaulting to 1000 [ 1229.554360][T19375] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1229.572798][T19375] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1229.613284][T19375] lo speed is unknown, defaulting to 1000 [ 1229.621524][T19375] lo speed is unknown, defaulting to 1000 [ 1229.629353][T19375] lo speed is unknown, defaulting to 1000 [ 1229.637517][T19375] lo speed is unknown, defaulting to 1000 [ 1229.645160][T19375] lo speed is unknown, defaulting to 1000 [ 1229.652906][T19375] lo speed is unknown, defaulting to 1000 [ 1229.660698][T19375] lo speed is unknown, defaulting to 1000 [ 1229.944443][T19382] tipc: Started in network mode [ 1229.949567][T19382] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 1229.980403][T19382] tipc: Enabled bearer , priority 10 [ 1231.205570][T14916] tipc: Node number set to 8432298 [ 1231.488020][T19049] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1232.990284][T19049] 8021q: adding VLAN 0 to HW filter on device team0 [ 1233.065702][T15707] bridge0: port 1(bridge_slave_0) entered blocking state [ 1233.072966][T15707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1234.141987][T15707] bridge0: port 2(bridge_slave_1) entered blocking state [ 1234.149210][T15707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1234.519076][T19431] syz.2.3705 (19431): drop_caches: 2 [ 1234.526983][T19431] syz.2.3705 (19431): drop_caches: 2 [ 1235.271194][T19441] "syz.6.3708" (19441) uses obsolete ecb(arc4) skcipher [ 1235.340309][T19049] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1235.415939][T19449] tipc: Enabling of bearer rejected, already enabled [ 1237.233401][T19475] fuse: Bad value for 'fd' [ 1237.321775][T19475] fuse: Bad value for 'fd' [ 1237.369392][T19049] veth0_vlan: entered promiscuous mode [ 1237.448958][T19049] veth1_vlan: entered promiscuous mode [ 1237.629257][T19049] veth0_macvtap: entered promiscuous mode [ 1237.740847][T19049] veth1_macvtap: entered promiscuous mode [ 1238.013717][T19049] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1238.180476][T19049] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1238.941726][T15707] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1238.973858][T15707] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1239.796180][T19273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1239.835082][T19273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1240.832680][T19525] hub 8-0:1.0: USB hub found [ 1240.869340][T19525] hub 8-0:1.0: 1 port detected [ 1241.482920][T19544] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3724'. [ 1243.942728][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1245.816661][T16335] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 1246.146656][T16335] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1246.171751][T16335] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1246.184538][T16335] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1246.199695][T16335] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1246.228864][T19563] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1246.241103][T16335] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 1247.553991][T17658] udevd[17658]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: Read-only file system [ 1255.638258][T19640] bridge_slave_0: left allmulticast mode [ 1255.644651][T19640] bridge_slave_0: left promiscuous mode [ 1255.733975][ T5843] usb 7-1: USB disconnect, device number 7 [ 1255.740515][T19640] bridge0: port 1(bridge_slave_0) entered disabled state [ 1256.011735][T19640] bridge_slave_1: left allmulticast mode [ 1256.148685][T19640] bridge_slave_1: left promiscuous mode [ 1256.182965][T19640] bridge0: port 2(bridge_slave_1) entered disabled state [ 1256.652390][T19640] bond0: (slave bond_slave_0): Releasing backup interface [ 1257.105556][T19640] bond0: (slave bond_slave_1): Releasing backup interface [ 1257.202223][T19640] C: left allmulticast mode [ 1257.226109][T19640] C: left promiscuous mode [ 1257.246176][T19640] team0: Port device C removed [ 1257.252568][T19640] team_slave_1: left allmulticast mode [ 1257.438908][T19640] team_slave_1: left promiscuous mode [ 1258.007942][T19640] team0: Port device team_slave_1 removed [ 1258.069794][T19640] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1258.131370][T19640] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1258.187389][T19640] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1258.225430][T19640] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1258.961339][T19640] geneve0: left allmulticast mode [ 1260.004785][T19640] geneve0: left promiscuous mode [ 1260.127314][T19640] team0: Port device geneve0 removed [ 1260.846890][T19695] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3760'. [ 1261.460343][T19711] syzkaller1: entered promiscuous mode [ 1261.481056][T19711] syzkaller1: entered allmulticast mode [ 1261.588513][T19712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3758'. [ 1261.602380][T19712] netlink: 'syz.1.3758': attribute type 1 has an invalid length. [ 1261.610291][T19712] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3758'. [ 1265.890161][T19756] fuse: Bad value for 'fd' [ 1269.375307][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 1271.048269][ T1208] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1271.228461][ T1208] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1271.270670][ T1208] usb 3-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 1271.331567][ T1208] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1271.389572][ T1208] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1276.114114][T19418] usb 3-1: USB disconnect, device number 15 [ 1276.581721][ T5155] Bluetooth: hci0: Malformed MSFT vendor event: 0x02 [ 1277.940823][T19872] siw: device registration error -23 [ 1279.060089][T19418] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 1279.874386][T19418] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1279.925196][T19418] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1280.764973][T19418] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1280.791101][T19418] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1280.908776][T19418] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1281.510888][T19895] hub 8-0:1.0: USB hub found [ 1281.516045][T19895] hub 8-0:1.0: 1 port detected [ 1283.591195][T19418] usb 3-1: can't set config #27, error -71 [ 1283.630126][T19418] usb 3-1: USB disconnect, device number 16 [ 1288.512523][T19957] lo speed is unknown, defaulting to 1000 [ 1288.567393][T19960] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 1291.520100][T19957] lo speed is unknown, defaulting to 1000 [ 1291.687081][T19990] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 1295.358945][T20019] bio_check_eod: 2 callbacks suppressed [ 1295.358962][T20019] syz.5.3819: attempt to access beyond end of device [ 1295.358962][T20019] nbd5: rw=0, sector=64, nr_sectors = 1 limit=0 [ 1295.440281][T20019] syz.5.3819: attempt to access beyond end of device [ 1295.440281][T20019] nbd5: rw=0, sector=256, nr_sectors = 1 limit=0 [ 1295.465335][T20019] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 1295.475573][T20019] syz.5.3819: attempt to access beyond end of device [ 1295.475573][T20019] nbd5: rw=0, sector=512, nr_sectors = 1 limit=0 [ 1295.645277][T20019] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 1295.816348][T20019] syz.5.3819: attempt to access beyond end of device [ 1295.816348][T20019] nbd5: rw=0, sector=64, nr_sectors = 2 limit=0 [ 1295.856685][T20019] syz.5.3819: attempt to access beyond end of device [ 1295.856685][T20019] nbd5: rw=0, sector=512, nr_sectors = 2 limit=0 [ 1295.949278][T20019] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 1295.990975][T20019] syz.5.3819: attempt to access beyond end of device [ 1295.990975][T20019] nbd5: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 1296.055130][T20019] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 1296.467886][T20029] netlink: 'syz.2.3820': attribute type 21 has an invalid length. [ 1296.475898][T20029] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3820'. [ 1296.485558][T20029] netlink: 'syz.2.3820': attribute type 5 has an invalid length. [ 1296.493377][T20029] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3820'. [ 1297.016296][T20019] syz.5.3819: attempt to access beyond end of device [ 1297.016296][T20019] nbd5: rw=0, sector=64, nr_sectors = 4 limit=0 [ 1297.077827][T20019] syz.5.3819: attempt to access beyond end of device [ 1297.077827][T20019] nbd5: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 1297.098913][T20019] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 1297.205063][T20019] syz.5.3819: attempt to access beyond end of device [ 1297.205063][T20019] nbd5: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 1297.224780][T20019] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 1297.357643][T20019] syz.5.3819: attempt to access beyond end of device [ 1297.357643][T20019] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1297.447943][T20019] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 1297.484992][T20019] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 1297.499598][T20019] UDF-fs: warning (device nbd5): udf_fill_super: No partition found (1) [ 1299.019934][T20052] hub 8-0:1.0: USB hub found [ 1299.024840][T20052] hub 8-0:1.0: 1 port detected [ 1305.279501][T20113] netlink: 256 bytes leftover after parsing attributes in process `syz.6.3838'. [ 1305.394870][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1309.048824][T20151] hub 8-0:1.0: USB hub found [ 1309.053740][T20151] hub 8-0:1.0: 1 port detected [ 1309.573262][T20162] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3849'. [ 1309.605298][T20158] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3849'. [ 1310.612242][T20170] input: syz1 as /devices/virtual/input/input17 [ 1311.157571][T20170] input: failed to attach handler evdev to device input17, error: -4 [ 1312.737163][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 1314.163682][T20229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3865'. [ 1314.835752][T20235] netlink: 'syz.1.3866': attribute type 21 has an invalid length. [ 1314.843973][T20235] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3866'. [ 1314.885460][T20235] netlink: 'syz.1.3866': attribute type 5 has an invalid length. [ 1314.893275][T20235] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3866'. [ 1319.860907][T20296] syzkaller1: entered promiscuous mode [ 1319.890764][T20296] syzkaller1: entered allmulticast mode [ 1325.709344][T14939] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1325.939630][T14939] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1325.965997][T14939] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1326.015478][T14939] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1326.024523][T14939] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1326.080687][T14939] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1326.093081][T14939] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1326.106834][T14939] usb 3-1: Product: syz [ 1326.111067][T14939] usb 3-1: Manufacturer: syz [ 1326.134053][T14939] cdc_wdm 3-1:1.0: skipping garbage [ 1326.149577][T14939] cdc_wdm 3-1:1.0: skipping garbage [ 1326.185744][T14939] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1326.235353][T14939] cdc_wdm 3-1:1.0: Unknown control protocol [ 1326.438608][ T1208] usb 3-1: USB disconnect, device number 17 [ 1327.698761][ T1208] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1329.935538][T20374] bio_check_eod: 2 callbacks suppressed [ 1329.941232][T20374] syz.2.3900: attempt to access beyond end of device [ 1329.941232][T20374] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1330.537671][T20380] tipc: Enabling of bearer rejected, already enabled [ 1331.027009][T20389] gtp1: entered promiscuous mode [ 1331.032007][T20389] gtp1: entered allmulticast mode [ 1331.198253][T20393] netlink: 'syz.5.3907': attribute type 1 has an invalid length. [ 1331.206270][T20393] NCSI netlink: No device for ifindex 0 [ 1335.647112][T20411] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3911'. [ 1337.680988][T20437] gtp2: entered promiscuous mode [ 1337.686121][T20437] gtp2: entered allmulticast mode [ 1340.588098][T20460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3928'. [ 1345.615226][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 1346.477735][T20516] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3939'. [ 1348.780115][T20528] netlink: 'syz.2.3945': attribute type 1 has an invalid length. [ 1348.788420][T20528] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3945'. [ 1348.798460][T20528] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1349.510043][T20532] gtp3: entered promiscuous mode [ 1349.515254][T20532] gtp3: entered allmulticast mode [ 1351.192247][T20561] hub 8-0:1.0: USB hub found [ 1351.209318][T20561] hub 8-0:1.0: 1 port detected [ 1352.489852][T20580] gtp2: entered promiscuous mode [ 1352.494849][T20580] gtp2: entered allmulticast mode [ 1355.777171][T20604] syzkaller1: entered promiscuous mode [ 1355.825345][T20604] syzkaller1: entered allmulticast mode [ 1356.680851][T20615] gtp2: entered promiscuous mode [ 1356.686039][T20615] gtp2: entered allmulticast mode [ 1362.360486][T20657] gtp3: entered promiscuous mode [ 1362.365994][T20657] gtp3: entered allmulticast mode [ 1363.641541][T20671] hub 8-0:1.0: USB hub found [ 1363.679576][T20671] hub 8-0:1.0: 1 port detected [ 1365.850834][T20693] gtp4: entered promiscuous mode [ 1365.856899][T20693] gtp4: entered allmulticast mode [ 1366.822443][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1375.697405][T20822] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4042'. [ 1379.199189][T20861] netlink: 'syz.5.4054': attribute type 1 has an invalid length. [ 1379.246920][T20861] NCSI netlink: No device for ifindex 0 [ 1379.976249][T20876] syz.1.4059: attempt to access beyond end of device [ 1379.976249][T20876] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 1379.996409][T20876] syz.1.4059: attempt to access beyond end of device [ 1379.996409][T20876] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 1380.506601][T20876] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1380.542097][T20876] syz.1.4059: attempt to access beyond end of device [ 1380.542097][T20876] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 1380.558667][T20876] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1380.606471][T20876] syz.1.4059: attempt to access beyond end of device [ 1380.606471][T20876] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 1380.752295][T20876] syz.1.4059: attempt to access beyond end of device [ 1380.752295][T20876] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 1380.860554][T20876] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1380.871452][T20876] syz.1.4059: attempt to access beyond end of device [ 1380.871452][T20876] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 1380.885307][T20876] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1380.899055][T20876] syz.1.4059: attempt to access beyond end of device [ 1380.899055][T20876] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 1380.923233][T20876] syz.1.4059: attempt to access beyond end of device [ 1380.923233][T20876] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 1380.975614][T20876] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1381.032771][T20876] syz.1.4059: attempt to access beyond end of device [ 1381.032771][T20876] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 1381.249534][T20876] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1381.261021][T20876] syz.1.4059: attempt to access beyond end of device [ 1381.261021][T20876] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1381.938000][T20876] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1382.055788][T20876] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1382.089562][T20876] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 1382.660058][T20908] binder: 20907:20908 ioctl 4018620d 0 returned -22 [ 1382.720821][T20911] binder: 20907:20911 ioctl c0306201 0 returned -14 [ 1384.467112][T20917] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4069'. [ 1387.759572][T20955] tipc: Started in network mode [ 1387.794992][T20955] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 1387.833095][T20955] tipc: Enabled bearer , priority 10 [ 1388.992049][T16805] tipc: Node number set to 8432298 [ 1395.355619][ T1208] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1395.641165][T21042] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4109'. [ 1395.696178][ T1208] usb 2-1: device descriptor read/64, error -71 [ 1396.697293][T14939] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 1396.995540][ T1208] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1397.078180][T14939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1397.178354][T14939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1397.189425][ T1208] usb 2-1: device descriptor read/64, error -71 [ 1397.301932][T14939] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1397.410998][ T1208] usb usb2-port1: attempt power cycle [ 1397.488705][T14939] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1397.706427][T14939] usb 3-1: config 0 descriptor?? [ 1398.220225][T14939] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 1399.706006][ T1208] usb 3-1: USB disconnect, device number 19 [ 1402.644310][T21077] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 1402.670779][T21072] fido_id[21072]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1404.994073][T21096] netlink: 'syz.1.4126': attribute type 21 has an invalid length. [ 1405.002109][T21096] netlink: 128 bytes leftover after parsing attributes in process `syz.1.4126'. [ 1405.934334][T21096] netlink: 'syz.1.4126': attribute type 5 has an invalid length. [ 1405.945018][T21096] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4126'. [ 1406.513765][T21104] IPVS: Error connecting to the multicast addr [ 1410.817721][T21139] tipc: Enabling of bearer rejected, already enabled [ 1411.918430][T21156] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 1415.189160][T21191] hub 8-0:1.0: USB hub found [ 1415.197782][T21191] hub 8-0:1.0: 1 port detected [ 1423.183824][T21249] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4170'. [ 1426.016626][ T5843] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1426.233211][ T5155] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 1426.247993][ T5155] CPU: 1 UID: 0 PID: 5155 Comm: kworker/u9:1 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1426.248025][ T5155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1426.248042][ T5155] Workqueue: hci2 hci_rx_work [ 1426.248177][ T5155] Call Trace: [ 1426.248187][ T5155] [ 1426.248198][ T5155] dump_stack_lvl+0x189/0x250 [ 1426.248228][ T5155] ? kernfs_path_from_node+0x2c/0x260 [ 1426.248310][ T5155] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1426.248336][ T5155] ? __pfx__printk+0x10/0x10 [ 1426.248369][ T5155] ? kernfs_path_from_node+0x2c/0x260 [ 1426.248394][ T5155] ? kernfs_path_from_node+0x2c/0x260 [ 1426.248423][ T5155] ? kernfs_path_from_node+0x22c/0x260 [ 1426.248449][ T5155] ? kernfs_path_from_node+0x2c/0x260 [ 1426.248482][ T5155] sysfs_create_dir_ns+0x259/0x280 [ 1426.248512][ T5155] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1426.248541][ T5155] ? do_raw_spin_unlock+0x122/0x240 [ 1426.248579][ T5155] kobject_add_internal+0x59f/0xb40 [ 1426.248668][ T5155] kobject_add+0x155/0x220 [ 1426.248702][ T5155] ? __pfx_kobject_add+0x10/0x10 [ 1426.248732][ T5155] ? _raw_spin_unlock+0x28/0x50 [ 1426.248771][ T5155] ? get_device_parent+0x366/0x3a0 [ 1426.248842][ T5155] device_add+0x408/0xb50 [ 1426.248881][ T5155] hci_conn_add_sysfs+0xd5/0x1e0 [ 1426.248968][ T5155] le_conn_complete_evt+0xc3a/0x1220 [ 1426.249054][ T5155] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1426.249086][ T5155] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1426.249111][ T5155] ? __asan_memcpy+0x40/0x70 [ 1426.249167][ T5155] ? __pfx___mutex_lock+0x10/0x10 [ 1426.249194][ T5155] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1426.249219][ T5155] ? skb_pull_data+0xfb/0x200 [ 1426.249295][ T5155] hci_le_conn_complete_evt+0x187/0x450 [ 1426.249334][ T5155] hci_event_packet+0x78c/0x1200 [ 1426.249362][ T5155] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1426.249394][ T5155] ? __pfx_hci_event_packet+0x10/0x10 [ 1426.249421][ T5155] ? kcov_remote_start+0x4d3/0x7f0 [ 1426.249497][ T5155] ? lockdep_hardirqs_on+0x90/0x150 [ 1426.249525][ T5155] ? hci_send_to_monitor+0xe2/0x570 [ 1426.249561][ T5155] hci_rx_work+0x46a/0xe80 [ 1426.249596][ T5155] ? process_scheduled_works+0x9ef/0x17b0 [ 1426.249623][ T5155] process_scheduled_works+0xade/0x17b0 [ 1426.249684][ T5155] ? __pfx_process_scheduled_works+0x10/0x10 [ 1426.249731][ T5155] worker_thread+0x8a0/0xda0 [ 1426.249789][ T5155] kthread+0x70e/0x8a0 [ 1426.249824][ T5155] ? __pfx_worker_thread+0x10/0x10 [ 1426.249848][ T5155] ? __pfx_kthread+0x10/0x10 [ 1426.249881][ T5155] ? _raw_spin_unlock_irq+0x23/0x50 [ 1426.249902][ T5155] ? lockdep_hardirqs_on+0x9c/0x150 [ 1426.249923][ T5155] ? __pfx_kthread+0x10/0x10 [ 1426.249962][ T5155] ret_from_fork+0x3fc/0x770 [ 1426.249988][ T5155] ? __pfx_ret_from_fork+0x10/0x10 [ 1426.250018][ T5155] ? __switch_to_asm+0x39/0x70 [ 1426.250045][ T5155] ? __switch_to_asm+0x33/0x70 [ 1426.250071][ T5155] ? __pfx_kthread+0x10/0x10 [ 1426.250104][ T5155] ret_from_fork_asm+0x1a/0x30 [ 1426.250153][ T5155] [ 1426.250273][ T5155] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1426.552634][ T5155] Bluetooth: hci2: failed to register connection device [ 1426.563037][ T5843] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1426.575344][ T5843] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1426.589404][ T5843] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1426.603001][ T5843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1426.645262][T21288] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1426.657863][ T5843] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1427.767940][T19855] udevd[19855]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: Read-only file system [ 1428.746296][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1429.385043][ T5843] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 1429.535093][ T5843] usb 2-1: device descriptor read/64, error -71 [ 1429.675424][T21323] lo speed is unknown, defaulting to 1000 [ 1429.835314][ T5843] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 1430.005209][ T5843] usb 2-1: device descriptor read/64, error -71 [ 1430.062336][T14939] usb 3-1: USB disconnect, device number 20 [ 1430.125665][ T5843] usb usb2-port1: attempt power cycle [ 1430.324452][T21338] bio_check_eod: 2 callbacks suppressed [ 1430.324467][T21338] syz.2.4198: attempt to access beyond end of device [ 1430.324467][T21338] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0 [ 1430.343596][T21338] syz.2.4198: attempt to access beyond end of device [ 1430.343596][T21338] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0 [ 1430.356816][T21338] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 1430.366567][T21338] syz.2.4198: attempt to access beyond end of device [ 1430.366567][T21338] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0 [ 1430.379550][T21338] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 1430.389781][T21338] syz.2.4198: attempt to access beyond end of device [ 1430.389781][T21338] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 1430.402834][T21338] syz.2.4198: attempt to access beyond end of device [ 1430.402834][T21338] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 1430.415870][T21338] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 1430.425569][T21338] syz.2.4198: attempt to access beyond end of device [ 1430.425569][T21338] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 1430.438626][T21338] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 1430.448915][T21338] syz.2.4198: attempt to access beyond end of device [ 1430.448915][T21338] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 1430.461966][T21338] syz.2.4198: attempt to access beyond end of device [ 1430.461966][T21338] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 1430.475040][T21338] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 1430.484652][T21338] syz.2.4198: attempt to access beyond end of device [ 1430.484652][T21338] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 1430.497910][T21338] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 1430.507896][T21338] syz.2.4198: attempt to access beyond end of device [ 1430.507896][T21338] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1430.520982][T21338] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 1430.530701][T21338] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 1430.540240][T21338] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 1430.612363][ T5843] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 1430.645823][ T5843] usb 2-1: device descriptor read/8, error -71 [ 1430.724013][T21344] netlink: 'syz.2.4200': attribute type 2 has an invalid length. [ 1430.783212][T21323] lo speed is unknown, defaulting to 1000 [ 1431.345496][ T5843] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 1431.603604][ T5843] usb 2-1: device not accepting address 18, error -71 [ 1431.611824][ T5843] usb usb2-port1: unable to enumerate USB device [ 1437.693732][T21430] netlink: 'syz.5.4222': attribute type 21 has an invalid length. [ 1437.702096][T21430] netlink: 128 bytes leftover after parsing attributes in process `syz.5.4222'. [ 1437.711823][T21430] netlink: 'syz.5.4222': attribute type 5 has an invalid length. [ 1437.719984][T21430] netlink: 3 bytes leftover after parsing attributes in process `syz.5.4222'. [ 1439.905672][T21449] syz_tun: entered allmulticast mode [ 1440.885040][T21449] dvmrp1: entered allmulticast mode [ 1441.099233][T21446] syz_tun: left allmulticast mode [ 1444.510062][T21508] hub 8-0:1.0: USB hub found [ 1444.530039][T21508] hub 8-0:1.0: 1 port detected [ 1450.468345][T21568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4263'. [ 1455.828094][T21630] hub 8-0:1.0: USB hub found [ 1455.874879][T21630] hub 8-0:1.0: 1 port detected [ 1459.065485][T21662] syz.5.4292 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1459.226858][T21663] lo speed is unknown, defaulting to 1000 [ 1461.191549][T21663] lo speed is unknown, defaulting to 1000 [ 1462.970534][T21722] 9pnet_fd: Insufficient options for proto=fd [ 1476.122747][T21845] syzkaller1: entered promiscuous mode [ 1476.211024][T21845] syzkaller1: entered allmulticast mode [ 1478.413659][T21862] netlink: 108 bytes leftover after parsing attributes in process `syz.4.4362'. [ 1478.432732][T21862] netlink: 108 bytes leftover after parsing attributes in process `syz.4.4362'. [ 1478.526812][T21862] netlink: 108 bytes leftover after parsing attributes in process `syz.4.4362'. [ 1482.951733][T21902] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4373'. [ 1482.980418][T21898] syzkaller0: entered promiscuous mode [ 1483.154603][T21898] syzkaller0: entered allmulticast mode [ 1483.169472][T21906] 9pnet_fd: Insufficient options for proto=fd [ 1483.182986][T21890] syzkaller1: entered promiscuous mode [ 1483.205154][T21890] syzkaller1: entered allmulticast mode [ 1485.475142][T21902] dummy0: entered promiscuous mode [ 1485.493807][T21902] batadv_slave_1: entered promiscuous mode [ 1486.825736][T21930] netlink: 'syz.1.4379': attribute type 1 has an invalid length. [ 1486.839142][T21930] NCSI netlink: No device for ifindex 0 [ 1489.701672][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1495.903854][T22001] netlink: 128 bytes leftover after parsing attributes in process `syz.1.4398'. [ 1496.050498][ T30] audit: type=1326 audit(201326632.730:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22005 comm="syz.5.4399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9c758ebe9 code=0x7ffc0000 [ 1496.157038][ T30] audit: type=1326 audit(201326632.760:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22005 comm="syz.5.4399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe9c758ebe9 code=0x7ffc0000 [ 1496.218906][ T30] audit: type=1326 audit(201326632.760:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22005 comm="syz.5.4399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9c758ebe9 code=0x7ffc0000 [ 1496.241174][ T30] audit: type=1326 audit(201326632.760:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22005 comm="syz.5.4399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fe9c758ebe9 code=0x7ffc0000 [ 1497.577844][T22028] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4408'. [ 1499.021612][T22045] bpq0: entered allmulticast mode [ 1503.180868][T22099] BUG: assuming non migratable context at ./include/linux/filter.h:703 [ 1503.233414][T22099] in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 22099, name: syz.5.4430 [ 1503.317433][T22099] 3 locks held by syz.5.4430/22099: [ 1503.366089][T22099] #0: ffff88814d15f158 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_sendmsg+0xb97/0x2810 [ 1503.438094][T22099] #1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: sctp_v6_xmit+0x60f/0x12f0 [ 1503.471836][T22103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4431'. [ 1503.495776][T22099] #2: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: nf_hook+0x9d/0x380 [ 1503.548151][T22099] CPU: 0 UID: 0 PID: 22099 Comm: syz.5.4430 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1503.548186][T22099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1503.548202][T22099] Call Trace: [ 1503.548212][T22099] [ 1503.548221][T22099] dump_stack_lvl+0x189/0x250 [ 1503.548257][T22099] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1503.548306][T22099] ? print_lock_name+0xde/0x100 [ 1503.548343][T22099] __cant_migrate+0x238/0x2e0 [ 1503.548374][T22099] ? __pfx___cant_migrate+0x10/0x10 [ 1503.548406][T22099] ? ip6table_mangle_hook+0x2a2/0x6c0 [ 1503.548508][T22099] ? nf_nat_ipv6_fn+0xe7/0x2d0 [ 1503.548570][T22099] nf_hook_run_bpf+0x8f/0x1f0 [ 1503.548619][T22099] ? __pfx_ip6table_mangle_hook+0x10/0x10 [ 1503.548657][T22099] ? __pfx_nf_hook_run_bpf+0x10/0x10 [ 1503.548685][T22099] ? nf_nat_ipv6_out+0x21d/0x380 [ 1503.548712][T22099] ? __pfx_nf_hook_run_bpf+0x10/0x10 [ 1503.548737][T22099] nf_hook_slow+0xc5/0x220 [ 1503.548796][T22099] nf_hook+0x217/0x380 [ 1503.548837][T22099] ? nf_hook+0x9d/0x380 [ 1503.548869][T22099] ? __pfx_nf_hook+0x10/0x10 [ 1503.548900][T22099] ? nf_hook+0x2f2/0x380 [ 1503.548943][T22099] ? __pfx_ip6_finish_output+0x10/0x10 [ 1503.548973][T22099] ? nf_hook+0x9d/0x380 [ 1503.549006][T22099] ? __pfx_nf_hook+0x10/0x10 [ 1503.549048][T22099] ip6_output+0x27d/0x3e0 [ 1503.549076][T22099] ? __pfx_ip6_finish_output+0x10/0x10 [ 1503.549120][T22099] ip6_xmit+0x107a/0x1840 [ 1503.549167][T22099] ? __pfx_ip6_xmit+0x10/0x10 [ 1503.549207][T22099] ? sctp_v6_xmit+0x60f/0x12f0 [ 1503.549249][T22099] ? sctp_v6_xmit+0x60f/0x12f0 [ 1503.549280][T22099] sctp_v6_xmit+0xa22/0x12f0 [ 1503.549338][T22099] ? __pfx_sctp_v6_xmit+0x10/0x10 [ 1503.549368][T22099] ? kasan_quarantine_put+0xdd/0x220 [ 1503.549434][T22099] ? lockdep_hardirqs_on+0x9c/0x150 [ 1503.549469][T22099] ? kmem_cache_free+0x18f/0x400 [ 1503.549540][T22099] sctp_packet_transmit+0x2581/0x2bb0 [ 1503.549667][T22099] sctp_packet_singleton+0x233/0x330 [ 1503.549697][T22099] ? __pfx_sctp_packet_singleton+0x10/0x10 [ 1503.549736][T22099] ? sctp_outq_select_transport+0x462/0x570 [ 1503.549768][T22099] ? sctp_transport_burst_limited+0x19c/0x280 [ 1503.549822][T22099] sctp_outq_flush+0x4f0/0x3140 [ 1503.549847][T22099] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1503.549894][T22099] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1503.549932][T22099] ? rcu_is_watching+0x15/0xb0 [ 1503.549964][T22099] ? __pfx_sctp_outq_flush+0x10/0x10 [ 1503.549996][T22099] ? sctp_outq_tail+0x612/0x8c0 [ 1503.550020][T22099] ? sctp_outq_uncork+0x4d/0xa0 [ 1503.550047][T22099] sctp_do_sm+0x5332/0x5a20 [ 1503.550105][T22099] ? sctp_stream_init_ext+0x57/0x180 [ 1503.550129][T22099] ? sctp_sendmsg_to_asoc+0x12fd/0x1810 [ 1503.550160][T22099] ? sctp_sendmsg+0x1941/0x2810 [ 1503.550189][T22099] ? __sock_sendmsg+0x19c/0x270 [ 1503.550245][T22099] ? __pfx_sctp_do_sm+0x10/0x10 [ 1503.550327][T22099] ? __sk_mem_raise_allocated+0xaa9/0x1240 [ 1503.550366][T22099] sctp_primitive_ASSOCIATE+0x95/0xc0 [ 1503.550408][T22099] sctp_sendmsg_to_asoc+0x102d/0x1810 [ 1503.550441][T22099] ? __asan_memcpy+0x40/0x70 [ 1503.550482][T22099] ? sctp_assoc_add_peer+0xcfa/0x13b0 [ 1503.550535][T22099] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 1503.550569][T22099] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 1503.550602][T22099] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1503.550636][T22099] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 1503.550684][T22099] ? security_sctp_bind_connect+0x7e/0x2e0 [ 1503.550763][T22099] sctp_sendmsg+0x1941/0x2810 [ 1503.550812][T22099] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1503.550846][T22099] ? __lock_acquire+0xab9/0xd20 [ 1503.550891][T22099] ? sock_rps_record_flow+0x19/0x410 [ 1503.550943][T22099] ? inet_sendmsg+0x2f4/0x370 [ 1503.550976][T22099] __sock_sendmsg+0x19c/0x270 [ 1503.551008][T22099] __sys_sendto+0x3bd/0x520 [ 1503.551065][T22099] ? __pfx___sys_sendto+0x10/0x10 [ 1503.551095][T22099] ? do_futex+0x333/0x420 [ 1503.551165][T22099] ? rcu_is_watching+0x15/0xb0 [ 1503.551197][T22099] __x64_sys_sendto+0xde/0x100 [ 1503.551235][T22099] do_syscall_64+0xfa/0x3b0 [ 1503.551261][T22099] ? lockdep_hardirqs_on+0x9c/0x150 [ 1503.551291][T22099] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1503.551315][T22099] ? clear_bhb_loop+0x60/0xb0 [ 1503.551345][T22099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1503.551375][T22099] RIP: 0033:0x7fe9c758ebe9 [ 1503.551398][T22099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1503.551420][T22099] RSP: 002b:00007fe9c8382038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1503.551446][T22099] RAX: ffffffffffffffda RBX: 00007fe9c77b5fa0 RCX: 00007fe9c758ebe9 [ 1503.551464][T22099] RDX: 000000000000fee4 RSI: 0000200000847fff RDI: 0000000000000003 [ 1503.551479][T22099] RBP: 00007fe9c7611e19 R08: 000020000005ffe4 R09: 000000000000001c [ 1503.551494][T22099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1503.551508][T22099] R13: 00007fe9c77b6038 R14: 00007fe9c77b5fa0 R15: 00007ffc177f6228 [ 1503.551545][T22099]