last executing test programs: 14.945972862s ago: executing program 3 (id=1678): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a69700000000500040000ffed000900020073797a3200000000240007800c00028008000140ffffffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_setup(0x3c20, &(0x7f0000000400)={0x0, 0x2050, 0x3380, 0x8003, 0xd2}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r4 = dup(0xffffffffffffffff) write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18}, 0x18) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r6, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r7, r8, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r5, 0x3b8b, &(0x7f0000000040)={0x10, 0x1, r9}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x40080d0) 13.75120301s ago: executing program 3 (id=1680): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x220000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) io_setup(0x281, &(0x7f0000000100)=0x0) memfd_create(&(0x7f0000002bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\x99K\xcd\xab\x1a\x034btY\xdb\v\x86\xca<\x02R\xd6a\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7\x80\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8\x88\'\x06f\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51\tz\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\x97\xad\xef~\x15\xfd\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\\L\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1\xad&\x86\xcb\xf3\xad\x9e[\x8b\xc0\xd6\x1e\xe4N\x92\xf2\x905\xe0\x13\x90\xaeQ\xed\xea\xad\x9b\xcc\x9f\xc0P\xff_\xaa\xb2L\xf5\x1f\xc1\xa4[\xe51\xcb B*\xaa\a\x003\xc9\xae\x1f\x8c\xcdm\xb8\xce\x01\xdb\xaa\x1c\xc35\x16#\x04\xb7W4\xfd\'\xbe\x922\xde\xd6\x18\xf7`\xff\xfe%\x06\x02\xc6\x81Jr\x10\x88G\xea+^LA\x96\xed\x1d\xe1V\xbd\xebbyq\xd6\xb3', 0x7) io_submit(r2, 0x1, &(0x7f0000000a00)=[0x0]) r3 = syz_open_procfs(0x0, &(0x7f0000000940)='net/snmp\x00') r4 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382) r5 = memfd_create(&(0x7f0000000b80)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcf\xdf\xe3b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9vm)\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\xff\xff\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xc8\x1b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-\x1e\xf4\xd1\x02Dt\xc0\x1c\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x03\xb0\xef\xc7\x8c\x9e\xed\a\n0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_setup(0x3c20, &(0x7f0000000400)={0x0, 0x2050, 0x3380, 0x8003, 0xd2}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) r4 = dup(0xffffffffffffffff) write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18}, 0x18) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x1d, 0x12, "910000000000006f00"}]}}}}}}}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r6}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r5, 0x3b8b, &(0x7f0000000040)={0x10, 0x1}) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x40080d0) 11.050687832s ago: executing program 1 (id=1689): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0xfffffffffffffff7, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) creat(&(0x7f0000000580)='./file1\x00', 0x0) r2 = dup(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb34902, 0x1000006, 0x28011, r2, 0x0) fanotify_init(0xf00, 0x1) syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="520100003ed00d40980c4011e9db000000010902120000f10000000904"], 0x0) fallocate(r1, 0x0, 0x1000000, 0x3) ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000000)) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r3, &(0x7f0000000340)="07000000010000", 0x7) 9.749529181s ago: executing program 3 (id=1694): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40088a01, &(0x7f0000000000)=0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x2}, 0x94) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) connect$x25(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = add_key(&(0x7f00000000c0)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000400)="f81da85b6eb73d7efae6dc5fedb3bdc4321d31f81d5fb67acf37aca1dae3ac9912892ee476427a4bbd411e4c0036bababb0e6be02c4eb7e0a3f8ab12fea481114fe0205162e00d1e3912292836c4ccdf73852960582592c8c027869bcd79550fa18ecd713844cebe898000"/120, 0x78, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r5, 0xffffffffffffffff, 0xc4) r6 = epoll_create1(0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={0x0, 0x68}, 0x1, 0x7}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r6, &(0x7f0000000040)={0x1}) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r0, &(0x7f0000000340)={0xa000001c}) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) 9.446698136s ago: executing program 0 (id=1696): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x220000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) io_setup(0x281, &(0x7f0000000100)=0x0) memfd_create(&(0x7f0000002bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\x99K\xcd\xab\x1a\x034btY\xdb\v\x86\xca<\x02R\xd6a\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7\x80\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8\x88\'\x06f\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51\tz\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\x97\xad\xef~\x15\xfd\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\\L\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1\xad&\x86\xcb\xf3\xad\x9e[\x8b\xc0\xd6\x1e\xe4N\x92\xf2\x905\xe0\x13\x90\xaeQ\xed\xea\xad\x9b\xcc\x9f\xc0P\xff_\xaa\xb2L\xf5\x1f\xc1\xa4[\xe51\xcb B*\xaa\a\x003\xc9\xae\x1f\x8c\xcdm\xb8\xce\x01\xdb\xaa\x1c\xc35\x16#\x04\xb7W4\xfd\'\xbe\x922\xde\xd6\x18\xf7`\xff\xfe%\x06\x02\xc6\x81Jr\x10\x88G\xea+^LA\x96\xed\x1d\xe1V\xbd\xebbyq\xd6\xb3', 0x7) io_submit(r2, 0x1, &(0x7f0000000a00)=[0x0]) r3 = syz_open_procfs(0x0, &(0x7f0000000940)='net/snmp\x00') r4 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382) r5 = memfd_create(&(0x7f0000000b80)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcf\xdf\xe3b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9vm)\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\xff\xff\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xc8\x1b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-\x1e\xf4\xd1\x02Dt\xc0\x1c\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x03\xb0\xef\xc7\x8c\x9e\xed\a\n0x0, &(0x7f0000000380)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0}) io_uring_enter(r3, 0x40f9, 0x217, 0xa5, 0x0, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x44015) r6 = fsmount(r0, 0x0, 0x0) r7 = openat(r6, &(0x7f0000000040)='.\x00', 0x0, 0x15e) lseek(r7, 0x3, 0x0) ioctl$VIDIOC_ENUM_DV_TIMINGS(0xffffffffffffffff, 0xc0945662, &(0x7f00000003c0)={0x5, 0x0, '\x00', {0x0, @reserved}}) 7.503534516s ago: executing program 2 (id=1699): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a69700000000500040000ffed000900020073797a3200000000240007800c00028008000140ffffffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_setup(0x3c20, &(0x7f0000000400)={0x0, 0x2050, 0x3380, 0x8003, 0xd2}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) dup(0xffffffffffffffff) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x1d, 0x12, "910000000000006f00"}]}}}}}}}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r5, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r4, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r6, r7, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r4, 0x3b8b, &(0x7f0000000040)={0x10, 0x1, r8}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x40080d0) 6.317621984s ago: executing program 2 (id=1700): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r1, 0x4008ae48, 0x0) 6.249825365s ago: executing program 1 (id=1701): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180), 0x0) 6.204422776s ago: executing program 0 (id=1702): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, 0x0}}, 0x40) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000000000)=0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) clock_gettime(0x0, &(0x7f00000003c0)) clock_gettime(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xdc}, 0x1, 0x0, 0x0, 0x80}, 0x0) timer_settime(r5, 0x1, &(0x7f0000000400)={{r6, r7+60000000}, {r8, r9+10000000}}, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) accept4(r11, 0x0, 0x0, 0x80800) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00000001040104000000000000000005000000050001000300000089e1dab22290f395afe04ba808717612701fc5745b0ef8215e68feec835b6231ff6ba75105b9"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8080) 5.91252797s ago: executing program 2 (id=1703): bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000800) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0xd1) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000400)='system.posix_acl_default\x00', &(0x7f0000000540)=ANY=[@ANYRES32=0x0, @ANYBLOB="040000000000000010000300000000002000000000000000"], 0x2c, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x800000000000001, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019640)=""/102392, 0x18ff8) r1 = openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x80000, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x24084004}, 0x4000) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="34010000", @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x41) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f00000000c0)="1c0000001e005f0214fffffffffffff807000000000000000000000008", 0x1d) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r3 = socket$kcm(0xa, 0x1, 0x106) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000000)="30800201", 0x1001, 0x0) sendmsg$kcm(r3, &(0x7f0000000d80)={0x0, 0x0, 0x0}, 0x20000800) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x1) ioctl$SIOCAX25ADDUID(r4, 0x89e1, &(0x7f0000000080)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xee01}) add_key$keyring(&(0x7f0000000480), 0x0, 0x0, 0x0, 0xfffffffffffffffe) 5.591375075s ago: executing program 1 (id=1704): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00'}) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x0) 5.196022701s ago: executing program 0 (id=1705): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x3) ioctl$TIOCVHANGUP(r3, 0x5437, 0x2) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20080, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0400000000000000850400"]) syz_io_uring_setup(0x70ca, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$alg(0x26, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) 4.094127738s ago: executing program 0 (id=1706): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x220000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) io_setup(0x281, &(0x7f0000000100)=0x0) memfd_create(&(0x7f0000002bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\x99K\xcd\xab\x1a\x034btY\xdb\v\x86\xca<\x02R\xd6a\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7\x80\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8\x88\'\x06f\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51\tz\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\x97\xad\xef~\x15\xfd\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\\L\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1\xad&\x86\xcb\xf3\xad\x9e[\x8b\xc0\xd6\x1e\xe4N\x92\xf2\x905\xe0\x13\x90\xaeQ\xed\xea\xad\x9b\xcc\x9f\xc0P\xff_\xaa\xb2L\xf5\x1f\xc1\xa4[\xe51\xcb B*\xaa\a\x003\xc9\xae\x1f\x8c\xcdm\xb8\xce\x01\xdb\xaa\x1c\xc35\x16#\x04\xb7W4\xfd\'\xbe\x922\xde\xd6\x18\xf7`\xff\xfe%\x06\x02\xc6\x81Jr\x10\x88G\xea+^LA\x96\xed\x1d\xe1V\xbd\xebbyq\xd6\xb3', 0x7) io_submit(r2, 0x1, &(0x7f0000000a00)=[0x0]) r3 = syz_open_procfs(0x0, &(0x7f0000000940)='net/snmp\x00') r4 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382) r5 = memfd_create(&(0x7f0000000b80)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcf\xdf\xe3b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9vm)\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\xff\xff\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xc8\x1b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-\x1e\xf4\xd1\x02Dt\xc0\x1c\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x03\xb0\xef\xc7\x8c\x9e\xed\a\n0x0}) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_buf(r3, 0x6, 0xd, &(0x7f0000000080)="f2", 0x1) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000400)={'filter\x00', 0x0, [0x1, 0x1, 0x7, 0xc, 0x80010001]}, &(0x7f00000003c0)=0x54) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000200)=0xf, 0x12) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r4, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x10001, 0x12) sendfile(0xffffffffffffffff, r6, 0x0, 0x3) unshare(0x24040400) r7 = socket(0x2, 0x80805, 0x0) r8 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c) bind$inet6(r7, &(0x7f0000000240)={0xa, 0x4e20, 0x7, @ipv4={'\x00', '\xff\xff', @remote}, 0x3}, 0x1c) setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44) bind$alg(r5, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8) bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e23, @multicast2}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f00000000c0)=0xc) syz_open_procfs$namespace(r9, &(0x7f0000000140)='ns/pid_for_children\x00') sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @hsr={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r2}]}}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) syz_emit_ethernet(0x7e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60fb6809001b2f00fc020000000000000000000000000000ff020000000000000000000000000001"], 0x0) 3.064215914s ago: executing program 2 (id=1708): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000280)=@assoc_value, &(0x7f00000000c0)=0x8) 2.863305096s ago: executing program 2 (id=1709): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a69700000000500040000ffed000900020073797a3200000000240007800c00028008000140ffffffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_setup(0x3c20, &(0x7f0000000400)={0x0, 0x2050, 0x3380, 0x8003, 0xd2}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) dup(0xffffffffffffffff) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x1d, 0x12, "910000000000006f00"}]}}}}}}}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r5, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r4, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r6, r7, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r4, 0x3b8b, &(0x7f0000000040)={0x10, 0x1, r8}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x40080d0) 2.761115118s ago: executing program 1 (id=1710): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$qrtr(0x2a, 0x2, 0x0) r3 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x0, 0x3, 0x8b}, &(0x7f0000000400)=0x0, &(0x7f0000000380)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0}) io_uring_enter(r3, 0x40f9, 0x217, 0xa5, 0x0, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x44015) r6 = fsmount(r0, 0x0, 0x0) r7 = openat(r6, &(0x7f0000000040)='.\x00', 0x0, 0x15e) lseek(r7, 0x3, 0x0) ioctl$VIDIOC_ENUM_DV_TIMINGS(0xffffffffffffffff, 0xc0945662, &(0x7f00000003c0)={0x5, 0x0, '\x00', {0x0, @reserved}}) 2.465460792s ago: executing program 0 (id=1711): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0xfffffffffffffff7, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) creat(&(0x7f0000000580)='./file1\x00', 0x0) r2 = dup(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb34902, 0x1000006, 0x28011, r2, 0x0) fanotify_init(0xf00, 0x1) syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="520100003ed00d40980c4011e9db000000010902120000f10000000904"], 0x0) fallocate(r1, 0x0, 0x1000000, 0x3) ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000000)) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r3, &(0x7f0000000340)="07000000010000", 0x7) 1.690080094s ago: executing program 2 (id=1712): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a69700000000500040000ffed000900020073797a3200000000240007800c00028008000140ffffffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_setup(0x3c20, &(0x7f0000000400)={0x0, 0x2050, 0x3380, 0x8003, 0xd2}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r3 = dup(0xffffffffffffffff) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x1d, 0x12, "910000000000006f00"}]}}}}}}}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r5}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r4, 0x3b8b, &(0x7f0000000040)={0x10, 0x1}) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x40080d0) 1.523242497s ago: executing program 3 (id=1713): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, 0x0}}, 0x40) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000000000)=0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) clock_gettime(0x0, &(0x7f00000003c0)) clock_gettime(0x0, &(0x7f0000000280)) clock_gettime(0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xdc}, 0x1, 0x0, 0x0, 0x80}, 0x0) timer_settime(r5, 0x1, &(0x7f0000000400)={{r6, r7+60000000}}, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) accept4(r9, 0x0, 0x0, 0x80800) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00000001040104000000000000000005000000050001000300000089e1dab22290f395afe04ba808717612701fc5745b0ef8215e68feec835b6231ff6ba75105b9"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8080) 871.240147ms ago: executing program 1 (id=1714): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x3) ioctl$TIOCVHANGUP(r3, 0x5437, 0x2) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20080, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0400000000000000850400"]) syz_io_uring_setup(0x70ca, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$alg(0x26, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 3 (id=1715): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00'}) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.230' (ED25519) to the list of known hosts. [ 82.949073][ T5774] cgroup: Unknown subsys name 'net' [ 83.098593][ T5774] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.820035][ T5774] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.532377][ T5790] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.541916][ T5790] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.550045][ T5790] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.559011][ T5790] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.566526][ T5790] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.575446][ T5790] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.583410][ T5790] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.592140][ T5790] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.599850][ T5790] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.603555][ T5796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.607530][ T5790] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.623259][ T5790] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.625447][ T5799] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.632183][ T5790] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.641699][ T5799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.652188][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.661248][ T5799] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.662744][ T5796] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.669964][ T5799] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.694932][ T5799] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.702392][ T5796] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.710419][ T5796] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.714306][ T5799] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.718012][ T5796] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.219473][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 87.354854][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 87.409377][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 87.467402][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.475714][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.483224][ T5785] bridge_slave_0: entered allmulticast mode [ 87.491772][ T5785] bridge_slave_0: entered promiscuous mode [ 87.553470][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.561920][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.569330][ T5785] bridge_slave_1: entered allmulticast mode [ 87.576895][ T5785] bridge_slave_1: entered promiscuous mode [ 87.726413][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.740581][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.780784][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 87.826612][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.835266][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.843544][ T5787] bridge_slave_0: entered allmulticast mode [ 87.851474][ T5787] bridge_slave_0: entered promiscuous mode [ 87.904981][ T5785] team0: Port device team_slave_0 added [ 87.925587][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.932894][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.940996][ T5787] bridge_slave_1: entered allmulticast mode [ 87.948103][ T5787] bridge_slave_1: entered promiscuous mode [ 87.955790][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.963094][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.971323][ T5784] bridge_slave_0: entered allmulticast mode [ 87.978458][ T5784] bridge_slave_0: entered promiscuous mode [ 87.987594][ T5785] team0: Port device team_slave_1 added [ 88.028929][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.036137][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.043567][ T5784] bridge_slave_1: entered allmulticast mode [ 88.051636][ T5784] bridge_slave_1: entered promiscuous mode [ 88.084361][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.091597][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.118990][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.164754][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.171958][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.198117][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.230323][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.249349][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.263757][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.279949][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.357948][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.366091][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.373578][ T5786] bridge_slave_0: entered allmulticast mode [ 88.380934][ T5786] bridge_slave_0: entered promiscuous mode [ 88.389402][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.396636][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.404766][ T5786] bridge_slave_1: entered allmulticast mode [ 88.412124][ T5786] bridge_slave_1: entered promiscuous mode [ 88.432951][ T5787] team0: Port device team_slave_0 added [ 88.444290][ T5787] team0: Port device team_slave_1 added [ 88.454039][ T5784] team0: Port device team_slave_0 added [ 88.505631][ T5784] team0: Port device team_slave_1 added [ 88.544984][ T5785] hsr_slave_0: entered promiscuous mode [ 88.552076][ T5785] hsr_slave_1: entered promiscuous mode [ 88.587890][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.601066][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.624750][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.632503][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.658762][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.670249][ T5796] Bluetooth: hci0: command tx timeout [ 88.672785][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.683133][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.709385][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.721708][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.728903][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.749725][ T5796] Bluetooth: hci1: command tx timeout [ 88.755317][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.760949][ T5796] Bluetooth: hci3: command tx timeout [ 88.810431][ T5786] team0: Port device team_slave_0 added [ 88.825298][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.833122][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.860356][ T5796] Bluetooth: hci2: command tx timeout [ 88.867161][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.906443][ T5786] team0: Port device team_slave_1 added [ 89.001777][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.009126][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.035318][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.063283][ T5787] hsr_slave_0: entered promiscuous mode [ 89.070327][ T5787] hsr_slave_1: entered promiscuous mode [ 89.076573][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.085568][ T5787] Cannot create hsr debugfs directory [ 89.121305][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.128668][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.155643][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.172596][ T5784] hsr_slave_0: entered promiscuous mode [ 89.179707][ T5784] hsr_slave_1: entered promiscuous mode [ 89.186027][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.193837][ T5784] Cannot create hsr debugfs directory [ 89.372835][ T5786] hsr_slave_0: entered promiscuous mode [ 89.385356][ T5786] hsr_slave_1: entered promiscuous mode [ 89.392195][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.400746][ T5786] Cannot create hsr debugfs directory [ 89.640506][ T5785] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.653431][ T5785] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.685920][ T5785] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.711403][ T5785] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.783960][ T5787] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.817761][ T5787] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.844664][ T5787] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.855920][ T5787] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.909188][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.921041][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.941235][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.955034][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.043473][ T5786] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.073998][ T5786] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.086071][ T5786] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.100643][ T5786] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.237845][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.273006][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.309650][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.324837][ T2975] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.332275][ T2975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.358455][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.374697][ T2975] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.382090][ T2975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.438127][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.457514][ T1134] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.465067][ T1134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.512194][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.541206][ T2975] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.548496][ T2975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.611053][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.631339][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.642049][ T2975] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.649318][ T2975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.667334][ T3462] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.674582][ T3462] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.716162][ T3462] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.723515][ T3462] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.736767][ T3462] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.744015][ T3462] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.752284][ T5796] Bluetooth: hci0: command tx timeout [ 90.828384][ T5796] Bluetooth: hci1: command tx timeout [ 90.828396][ T5793] Bluetooth: hci3: command tx timeout [ 90.910203][ T5796] Bluetooth: hci2: command tx timeout [ 90.992715][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.127943][ T5785] veth0_vlan: entered promiscuous mode [ 91.152392][ T5785] veth1_vlan: entered promiscuous mode [ 91.225135][ T5785] veth0_macvtap: entered promiscuous mode [ 91.271396][ T5785] veth1_macvtap: entered promiscuous mode [ 91.327189][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.370519][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.400883][ T5785] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.429566][ T5785] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.439084][ T5785] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.447864][ T5785] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.553093][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.570661][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.638922][ T2975] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.647043][ T2975] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.654212][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.724947][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.733739][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.830360][ T5784] veth0_vlan: entered promiscuous mode [ 91.856486][ T5786] veth0_vlan: entered promiscuous mode [ 91.914678][ T5784] veth1_vlan: entered promiscuous mode [ 91.923982][ T5787] veth0_vlan: entered promiscuous mode [ 91.948007][ T5786] veth1_vlan: entered promiscuous mode [ 91.998966][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.255184][ T5787] veth1_vlan: entered promiscuous mode [ 92.285569][ T23] cfg80211: failed to load regulatory.db [ 92.401987][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.593435][ T5786] veth0_macvtap: entered promiscuous mode [ 92.651522][ T5786] veth1_macvtap: entered promiscuous mode [ 92.752205][ T5784] veth0_macvtap: entered promiscuous mode [ 92.811088][ T5787] veth0_macvtap: entered promiscuous mode [ 92.836963][ T5796] Bluetooth: hci0: command tx timeout [ 92.856218][ T5787] veth1_macvtap: entered promiscuous mode [ 92.875312][ T5784] veth1_macvtap: entered promiscuous mode [ 92.899208][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.910900][ T5796] Bluetooth: hci3: command tx timeout [ 92.924783][ T5796] Bluetooth: hci1: command tx timeout [ 92.930400][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.944435][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.957001][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.967585][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.979929][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.988771][ T5796] Bluetooth: hci2: command tx timeout [ 93.201943][ T5786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.211345][ T5786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.222571][ T5786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.232762][ T5786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.262894][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.276819][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.287062][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.303298][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.496711][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.906764][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.931145][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.941530][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.954426][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.965151][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.976036][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.987697][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.002572][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.013738][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.023694][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.036991][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.050760][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.083659][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.094396][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.104521][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.116492][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.126428][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.136910][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.151232][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.164953][ T5784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.173956][ T5784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.182939][ T5784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.192825][ T5784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.204888][ T5787] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.213762][ T5787] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.222785][ T5787] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.231972][ T5787] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.386059][ T997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.402071][ T997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.562741][ T1134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.574497][ T1134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.582623][ T997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.616189][ T997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.727443][ T2975] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.760553][ T2975] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.779565][ T997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.795635][ T997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.898030][ T5896] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 94.929005][ T5796] Bluetooth: hci0: command tx timeout [ 94.938460][ T3462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.976017][ T3462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.988760][ T5793] Bluetooth: hci3: command tx timeout [ 94.994459][ T5796] Bluetooth: hci1: command tx timeout [ 95.040034][ T5894] syz.2.7: attempt to access beyond end of device [ 95.040034][ T5894] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 95.078730][ T5796] Bluetooth: hci2: command tx timeout [ 95.269165][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 95.781444][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.859498][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.884764][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 96.088754][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 96.097234][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 96.106351][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.266323][ T5913] ksmbd: Unknown IPC event: 6, ignore. [ 96.508859][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 97.905212][ T5913] ceph: No mds server is up or the cluster is laggy [ 97.955751][ T5878] libceph: connect (1)[c::]:6789 error -101 [ 98.025849][ T5878] libceph: mon0 (1)[c::]:6789 connect error [ 98.225181][ T5918] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.240683][ T5918] Cannot find add_set index 0 as target [ 101.118964][ T27] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 101.404999][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.417738][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.428258][ T27] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 101.437425][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.674056][ T27] usb 2-1: config 0 descriptor?? [ 102.641577][ T27] hid-led 0003:27B8:01ED.0001: unknown main item tag 0x0 [ 102.650362][ T27] hid-led 0003:27B8:01ED.0001: unknown main item tag 0x0 [ 102.657506][ T27] hid-led 0003:27B8:01ED.0001: unknown main item tag 0x0 [ 102.831948][ T27] hid-led: probe of 0003:27B8:01ED.0001 failed with error -71 [ 102.873698][ T27] usb 2-1: USB disconnect, device number 2 [ 103.139590][ T5945] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 103.146370][ T5945] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 103.172905][ T5945] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 103.185092][ T5945] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 103.192038][ T5945] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 103.200897][ T5945] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 103.208070][ T5945] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 103.216238][ T5945] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 103.225496][ T5945] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 103.233664][ T5945] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 103.239927][ T5945] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 103.247667][ T5945] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 103.895785][ T5967] Cannot find add_set index 0 as target [ 105.012721][ T5977] syz.0.25 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 105.072378][ T5796] Bluetooth: hci0: command 0x0c1a tx timeout [ 105.228394][ T5793] Bluetooth: hci1: command 0x0c1a tx timeout [ 105.236860][ T5796] Bluetooth: hci2: command 0x0c1a tx timeout [ 105.308269][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 105.802650][ T5989] capability: warning: `syz.3.29' uses deprecated v2 capabilities in a way that may be insecure [ 107.180469][ T5796] Bluetooth: hci0: command 0x0c1a tx timeout [ 107.489202][ T5793] Bluetooth: hci1: command 0x0c1a tx timeout [ 107.495572][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 107.698543][ T5796] Bluetooth: hci2: command 0x0c1a tx timeout [ 108.358364][ T6010] sctp: [Deprecated]: syz.2.33 (pid 6010) Use of struct sctp_assoc_value in delayed_ack socket option. [ 108.358364][ T6010] Use struct sctp_sack_info instead [ 108.558936][ T6008] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 108.568515][ T6008] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 108.583486][ T6008] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 108.595740][ T6008] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 110.428387][ T5796] Bluetooth: hci0: command 0x0c1a tx timeout [ 110.588448][ T5793] Bluetooth: hci1: command 0x0c1a tx timeout [ 110.594727][ T5796] Bluetooth: hci2: command 0x0c1a tx timeout [ 110.668562][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 112.750869][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 113.565001][ T6059] bridge0: entered promiscuous mode [ 113.570929][ T6059] macvlan2: entered promiscuous mode [ 114.831063][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 121.673552][ T6101] bridge0: entered promiscuous mode [ 121.679176][ T6101] macvlan2: entered promiscuous mode [ 123.132714][ T6115] overlayfs: workdir and upperdir must be separate subtrees [ 125.078379][ T6137] macvlan3: entered promiscuous mode [ 125.191737][ T5796] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 127.152640][ T8] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 127.278864][ T8] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 127.321056][ T8] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 127.346215][ T8] hid-generic 0003:0004:0000.0002: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 127.489216][ T6161] fido_id[6161]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 127.822844][ T6164] netlink: 132 bytes leftover after parsing attributes in process `syz.3.83'. [ 130.288025][ T6177] overlayfs: missing 'lowerdir' [ 130.545468][ T6189] Zero length message leads to an empty skb [ 130.793232][ T6194] netlink: 88 bytes leftover after parsing attributes in process `syz.3.95'. [ 130.805419][ T6194] netlink: 8 bytes leftover after parsing attributes in process `syz.3.95'. [ 133.318871][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.328612][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 136.632389][ T27] libceph: connect (1)[c::]:6789 error -101 [ 136.719818][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 136.820582][ T27] libceph: connect (1)[c::]:6789 error -101 [ 136.900326][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 137.240446][ T27] libceph: connect (1)[c::]:6789 error -101 [ 137.329885][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 137.580271][ T6235] ceph: No mds server is up or the cluster is laggy [ 137.898612][ T27] libceph: connect (1)[c::]:6789 error -101 [ 137.904735][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 138.391354][ T6254] delete_channel: no stack [ 139.815856][ T6260] kvm: pic: level sensitive irq not supported [ 139.816189][ T6260] kvm: pic: non byte read [ 139.854557][ T6260] kvm: pic: non byte read [ 139.858519][ T28] audit: type=1326 audit(1752855262.032:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6270 comm="syz.1.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e798e9a9 code=0x7ffc0000 [ 139.882962][ T6260] kvm: pic: non byte read [ 139.887533][ T6260] kvm: pic: non byte read [ 139.898238][ T6260] kvm: pic: non byte read [ 139.906314][ T6260] kvm: pic: non byte read [ 139.917158][ T6260] kvm: pic: non byte read [ 139.926502][ T6260] kvm: pic: non byte read [ 139.937370][ T6260] kvm: pic: non byte read [ 139.943924][ T6260] kvm: pic: non byte read [ 139.972367][ T28] audit: type=1326 audit(1752855262.072:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6270 comm="syz.1.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e798e9a9 code=0x7ffc0000 [ 140.054816][ T28] audit: type=1326 audit(1752855262.132:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6270 comm="syz.1.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f20e798e9a9 code=0x7ffc0000 [ 140.093558][ T28] audit: type=1326 audit(1752855262.132:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6270 comm="syz.1.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e798e9a9 code=0x7ffc0000 [ 140.124050][ T28] audit: type=1326 audit(1752855262.132:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6270 comm="syz.1.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f20e798e9a9 code=0x7ffc0000 [ 140.185023][ T28] audit: type=1326 audit(1752855262.132:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6270 comm="syz.1.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e798e9a9 code=0x7ffc0000 [ 140.301799][ T28] audit: type=1326 audit(1752855262.132:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6270 comm="syz.1.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e798e9a9 code=0x7ffc0000 [ 140.323989][ C1] vkms_vblank_simulate: vblank timer overrun [ 142.409853][ T5832] libceph: connect (1)[c::]:6789 error -101 [ 142.416962][ T5832] libceph: mon0 (1)[c::]:6789 connect error [ 145.314333][ T6289] ceph: No mds server is up or the cluster is laggy [ 145.319062][ T5832] libceph: connect (1)[c::]:6789 error -101 [ 145.351417][ T5832] libceph: mon0 (1)[c::]:6789 connect error [ 145.421893][ T27] libceph: connect (1)[c::]:6789 error -101 [ 145.427968][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 146.024550][ T6305] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 146.064526][ T6305] ubi31: attaching mtd0 [ 146.091989][ T6305] ubi31: scanning is finished [ 146.096904][ T6305] ubi31: empty MTD device detected [ 146.574552][ T6305] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 147.250554][ T6314] mmap: syz.2.132 (6314) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 150.516581][ T8] libceph: connect (1)[c::]:6789 error -101 [ 150.769474][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 151.111816][ T8] libceph: connect (1)[c::]:6789 error -101 [ 151.213330][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 152.566052][ T6335] ceph: No mds server is up or the cluster is laggy [ 153.060795][ T6342] bridge0: entered promiscuous mode [ 153.066951][ T6342] macvlan2: entered promiscuous mode [ 158.529885][ T6375] macvlan3: entered promiscuous mode [ 163.350413][ T6407] bridge0: entered promiscuous mode [ 163.355788][ T6407] macvlan2: entered promiscuous mode [ 163.396072][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 165.544715][ T6429] netlink: 132 bytes leftover after parsing attributes in process `syz.2.169'. [ 166.778659][ T786] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 167.010413][ T786] usb 4-1: Using ep0 maxpacket: 32 [ 167.061876][ T786] usb 4-1: unable to get BOS descriptor or descriptor too short [ 167.336615][ T786] usb 4-1: config 8 has an invalid interface number: 1 but max is 0 [ 167.398198][ T786] usb 4-1: config 8 has no interface number 0 [ 167.411729][ T786] usb 4-1: config 8 interface 1 has no altsetting 0 [ 167.429259][ T786] usb 4-1: string descriptor 0 read error: -22 [ 167.435603][ T786] usb 4-1: New USB device found, idVendor=0733, idProduct=0430, bcdDevice=57.26 [ 167.468263][ T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.550214][ T786] gspca_main: spca505-2.14.0 probing 0733:0430 [ 168.646250][ T786] gspca_spca505: reg write: error -110 [ 168.646328][ T786] spca505: probe of 4-1:8.1 failed with error -5 [ 169.708790][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 170.028489][ T786] usb 4-1: USB disconnect, device number 2 [ 173.497442][ T6480] Cannot find add_set index 0 as target [ 174.189702][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 177.407880][ T5832] libceph: connect (1)[c::]:6789 error -101 [ 177.547251][ T5832] libceph: mon0 (1)[c::]:6789 connect error [ 177.838751][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 177.846182][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 178.517256][ T6501] ceph: No mds server is up or the cluster is laggy [ 178.602832][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 178.609032][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 179.748050][ T6523] Cannot find add_set index 0 as target [ 181.929336][ T6514] syz.3.194 (6514) used greatest stack depth: 17960 bytes left [ 182.568318][ T786] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 182.792961][ T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.832654][ T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.842788][ T786] usb 4-1: New USB device found, idVendor=0543, idProduct=e621, bcdDevice= 0.00 [ 182.874748][ T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.909603][ T786] usb 4-1: config 0 descriptor?? [ 183.450408][ T786] viewsonic 0003:0543:E621.0003: item fetching failed at offset 3/5 [ 183.541767][ T6561] Cannot find add_set index 0 as target [ 183.587979][ T786] viewsonic: probe of 0003:0543:E621.0003 failed with error -22 [ 185.596586][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 188.188636][ T5832] usb 4-1: USB disconnect, device number 3 [ 191.657103][ T6612] macvlan3: entered promiscuous mode [ 191.663796][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 192.538256][ T786] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 192.798386][ T786] usb 2-1: Using ep0 maxpacket: 8 [ 193.556315][ T786] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.588389][ T786] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 193.636015][ T786] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 193.659157][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.667239][ T786] usb 2-1: Product: syz [ 193.671815][ T786] usb 2-1: Manufacturer: syz [ 193.706388][ T786] usb 2-1: SerialNumber: syz [ 193.872307][ T786] usb 2-1: config 0 descriptor?? [ 194.588282][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 194.720357][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.731277][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.203582][ T27] usb 2-1: USB disconnect, device number 3 [ 196.696934][ T27] IPVS: starting estimator thread 0... [ 196.986058][ T6670] macvlan3: entered promiscuous mode [ 197.079602][ T6668] IPVS: using max 16 ests per chain, 38400 per kthread [ 199.715638][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 200.206173][ T6680] process 'syz.1.238' launched './file0' with NULL argv: empty string added [ 202.315941][ T6712] macvlan4: entered promiscuous mode [ 202.951476][ T6713] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(16) [ 202.958467][ T6713] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 203.034141][ T6713] vhci_hcd vhci_hcd.0: Device attached [ 203.378815][ T27] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 203.414825][ T2128] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 203.609908][ T27] usb 3-1: no configurations [ 203.614669][ T27] usb 3-1: can't read configurations, error -22 [ 203.788845][ T27] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 204.143282][ T6724] Cannot find add_set index 0 as target [ 205.107947][ T27] usb 3-1: device descriptor read/all, error -71 [ 205.115585][ T6714] vhci_hcd: connection reset by peer [ 205.151243][ T27] usb usb3-port1: attempt power cycle [ 205.163758][ T48] vhci_hcd: stop threads [ 205.189593][ T48] vhci_hcd: release socket [ 205.200486][ T48] vhci_hcd: disconnect device [ 205.798302][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 208.648275][ T2128] vhci_hcd: vhci_device speed not set [ 212.701653][ T6794] netlink: 88 bytes leftover after parsing attributes in process `syz.1.271'. [ 216.094216][ T6823] netlink: 88 bytes leftover after parsing attributes in process `syz.1.281'. [ 220.718402][ T5840] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 220.934140][ T5840] usb 4-1: config 0 has no interfaces? [ 226.032462][ T5840] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 226.057821][ T5840] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.179451][ T5840] usb 4-1: config 0 descriptor?? [ 226.187155][ T5840] usb 4-1: can't set config #0, error -32 [ 226.496424][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 229.077511][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 229.319375][ T9] usb 4-1: USB disconnect, device number 4 [ 229.549083][ T27] libceph: connect (1)[c::]:6789 error -101 [ 229.555400][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 229.754712][ T6890] sctp: [Deprecated]: syz.0.296 (pid 6890) Use of struct sctp_assoc_value in delayed_ack socket option. [ 229.754712][ T6890] Use struct sctp_sack_info instead [ 230.668818][ T6877] ceph: No mds server is up or the cluster is laggy [ 230.678364][ T27] libceph: connect (1)[c::]:6789 error -101 [ 230.684460][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 230.731956][ T27] libceph: connect (1)[c::]:6789 error -101 [ 230.824016][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 231.788595][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 243.961625][ T6965] netlink: 'syz.0.318': attribute type 1 has an invalid length. [ 248.970801][ T6986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.322'. [ 248.982026][ T6988] input: syz1 as /devices/virtual/input/input5 [ 249.154234][ T6986] input: syz0 as /devices/virtual/input/input6 [ 251.676057][ T5891] libceph: connect (1)[c::]:6789 error -101 [ 254.138375][ T5891] libceph: mon0 (1)[c::]:6789 connect error [ 254.188714][ T7026] ceph: No mds server is up or the cluster is laggy [ 256.191783][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.199019][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 264.576541][ T27] libceph: connect (1)[c::]:6789 error -101 [ 264.617338][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 265.507403][ T27] libceph: connect (1)[c::]:6789 error -101 [ 265.532581][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 265.852731][ T7069] ceph: No mds server is up or the cluster is laggy [ 275.530911][ T7125] netlink: 132 bytes leftover after parsing attributes in process `syz.0.357'. [ 278.077225][ T7136] netlink: 72 bytes leftover after parsing attributes in process `syz.2.360'. [ 280.885506][ T7172] netlink: 132 bytes leftover after parsing attributes in process `syz.2.369'. [ 286.667445][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 287.998682][ T7195] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 288.007193][ T7195] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 288.031092][ T7195] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 288.039642][ T7195] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 288.928145][ T5796] Bluetooth: hci0: command 0x0c1a tx timeout [ 290.028736][ T5793] Bluetooth: hci1: command 0x0c1a tx timeout [ 290.036409][ T5796] Bluetooth: hci2: command 0x0c1a tx timeout [ 290.108153][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 290.827637][ T7246] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 290.834245][ T7246] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 290.893189][ T7246] vhci_hcd vhci_hcd.0: Device attached [ 291.877774][ T786] usb 36-1: SetAddress Request (2) to port 0 [ 291.888112][ T786] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd [ 291.943985][ T7246] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.954833][ T7246] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.649123][ T5891] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 293.169789][ T7247] vhci_hcd: connection reset by peer [ 293.180057][ T6408] vhci_hcd: stop threads [ 293.184394][ T6408] vhci_hcd: release socket [ 293.192923][ T6408] vhci_hcd: disconnect device [ 293.315086][ T5891] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 293.327023][ T5891] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 293.341998][ T5891] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 293.357364][ T5891] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.376202][ T5891] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 293.469575][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 293.505322][ T5891] usb 4-1: Product: syz [ 293.511505][ T5891] usb 4-1: Manufacturer: syz [ 293.525022][ T5891] cdc_wdm 4-1:1.0: skipping garbage [ 293.532456][ T5891] cdc_wdm 4-1:1.0: skipping garbage [ 293.549199][ T5891] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 293.555489][ T5891] cdc_wdm 4-1:1.0: Unknown control protocol [ 293.844653][ T5891] usb 4-1: USB disconnect, device number 5 [ 297.068332][ T786] usb 36-1: device descriptor read/8, error -110 [ 297.670085][ T5847] libceph: connect (1)[c::]:6789 error -101 [ 297.691178][ T5847] libceph: mon0 (1)[c::]:6789 connect error [ 297.958735][ T5847] libceph: connect (1)[c::]:6789 error -101 [ 297.965818][ T5847] libceph: mon0 (1)[c::]:6789 connect error [ 298.118949][ T786] usb usb36-port1: attempt power cycle [ 298.805300][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 298.812475][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 298.937536][ T7275] ceph: No mds server is up or the cluster is laggy [ 299.630160][ T786] usb usb36-port1: unable to enumerate USB device [ 301.724252][ T7316] netlink: 72 bytes leftover after parsing attributes in process `syz.2.404'. [ 302.214761][ T7320] macvlan4: entered promiscuous mode [ 302.871850][ T7306] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 302.931065][ T7306] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 302.958544][ T7306] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 302.980792][ T7306] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 303.788263][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 305.007099][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 305.007216][ T5796] Bluetooth: hci2: command 0x0c1a tx timeout [ 305.007216][ T5799] Bluetooth: hci1: command 0x0c1a tx timeout [ 310.340123][ T7356] syz.0.414: attempt to access beyond end of device [ 310.340123][ T7356] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 312.800625][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 312.806728][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 313.128595][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 313.134780][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 313.689227][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 313.695470][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 314.606465][ T7378] ceph: No mds server is up or the cluster is laggy [ 315.655852][ T7410] netlink: 72 bytes leftover after parsing attributes in process `syz.1.425'. [ 317.556270][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.563353][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.983978][ T7422] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.995742][ T7422] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.121015][ T7462] syz.0.442 uses obsolete (PF_INET,SOCK_PACKET) [ 326.683442][ T7475] warning: `syz.2.444' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 328.021961][ T7487] netlink: 8 bytes leftover after parsing attributes in process `syz.0.449'. [ 328.083102][ T7487] netlink: 88 bytes leftover after parsing attributes in process `syz.0.449'. [ 335.870783][ T7565] binder_alloc: 7563: binder_alloc_buf size 12280 failed, no address space [ 335.918330][ T7565] binder_alloc: allocated: 72 (num: 1 largest: 72), free: 12216 (num: 1 largest: 12216) [ 343.366447][ T7642] netlink: 88 bytes leftover after parsing attributes in process `syz.1.487'. [ 347.632911][ T7689] netlink: 88 bytes leftover after parsing attributes in process `syz.1.496'. [ 347.739087][ T7670] sctp: [Deprecated]: syz.3.491 (pid 7670) Use of struct sctp_assoc_value in delayed_ack socket option. [ 347.739087][ T7670] Use struct sctp_sack_info instead [ 348.860929][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 349.059134][ T7680] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 349.114217][ T7680] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 349.156441][ T7680] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 349.168026][ T7680] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 349.967594][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 351.148171][ T5793] Bluetooth: hci1: command 0x0c1a tx timeout [ 351.228151][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout [ 351.238242][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 352.514362][ T5891] libceph: connect (1)[c::]:6789 error -101 [ 352.521337][ T5891] libceph: mon0 (1)[c::]:6789 connect error [ 352.779358][ T5891] libceph: connect (1)[c::]:6789 error -101 [ 352.785497][ T5891] libceph: mon0 (1)[c::]:6789 connect error [ 353.005990][ T7706] ceph: No mds server is up or the cluster is laggy [ 353.898307][ T7733] netlink: 88 bytes leftover after parsing attributes in process `syz.3.505'. [ 355.793767][ T7748] netlink: 72 bytes leftover after parsing attributes in process `syz.1.509'. [ 358.688826][ T7787] sctp: [Deprecated]: syz.1.514 (pid 7787) Use of struct sctp_assoc_value in delayed_ack socket option. [ 358.688826][ T7787] Use struct sctp_sack_info instead [ 360.595469][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 360.748775][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 361.481655][ T7777] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 361.489266][ T7777] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 361.495438][ T7777] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 361.639313][ T7777] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 362.708043][ T7808] netlink: 72 bytes leftover after parsing attributes in process `syz.2.522'. [ 363.593575][ T5796] Bluetooth: hci1: command 0x0c1a tx timeout [ 363.599862][ T5796] Bluetooth: hci2: command 0x0c1a tx timeout [ 363.718110][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 365.798989][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 370.761526][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 371.926664][ T7890] sctp: [Deprecated]: syz.1.536 (pid 7890) Use of struct sctp_assoc_value in delayed_ack socket option. [ 371.926664][ T7890] Use struct sctp_sack_info instead [ 373.169035][ T7885] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 373.175396][ T7885] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 373.185604][ T7885] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 373.268415][ T7885] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 374.108247][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 375.228129][ T5793] Bluetooth: hci1: command 0x0c1a tx timeout [ 375.234994][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout [ 375.308105][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 377.388073][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 378.452739][ T7934] netlink: 132 bytes leftover after parsing attributes in process `syz.0.554'. [ 378.992740][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.999222][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.684742][ T7944] (null): rxe_set_mtu: Set mtu to 1024 [ 379.737133][ T7944] wg1 speed is unknown, defaulting to 1000 [ 379.887122][ T7944] wg1 speed is unknown, defaulting to 1000 [ 380.199499][ T7944] wg1 speed is unknown, defaulting to 1000 [ 380.558785][ T7949] comedi comedi2: adq12b: a I/O base address must be specified [ 380.878593][ T7941] pim6reg1: entered allmulticast mode [ 380.885866][ T7941] pim6reg1: left allmulticast mode [ 381.047740][ T7956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.560'. [ 381.966766][ T7944] infiniband syz0: set active [ 381.973776][ T786] wg1 speed is unknown, defaulting to 1000 [ 382.063708][ T7944] infiniband syz0: added wg1 [ 382.341571][ T7944] RDS/IB: syz0: added [ 382.346967][ T7944] smc: adding ib device syz0 with port count 1 [ 382.358590][ T7944] smc: ib device syz0 port 1 has pnetid [ 382.454418][ T786] wg1 speed is unknown, defaulting to 1000 [ 382.464418][ T7944] wg1 speed is unknown, defaulting to 1000 [ 382.676656][ T7972] netlink: 132 bytes leftover after parsing attributes in process `syz.2.566'. [ 383.628273][ T7944] wg1 speed is unknown, defaulting to 1000 [ 384.303842][ T7977] netlink: 16 bytes leftover after parsing attributes in process `syz.0.568'. [ 384.545997][ T7944] wg1 speed is unknown, defaulting to 1000 [ 385.324189][ T7944] wg1 speed is unknown, defaulting to 1000 [ 386.970907][ T8010] netlink: 16 bytes leftover after parsing attributes in process `syz.2.579'. [ 388.049027][ T8018] netlink: 'syz.1.580': attribute type 4 has an invalid length. [ 388.142509][ T8018] netlink: 'syz.1.580': attribute type 4 has an invalid length. [ 389.879068][ T5799] Bluetooth: hci3: command 0x0c1a tx timeout [ 393.286079][ T8083] netlink: 72 bytes leftover after parsing attributes in process `syz.1.596'. [ 396.119085][ T8120] netlink: 'syz.0.601': attribute type 1 has an invalid length. [ 402.330627][ T8177] sctp: [Deprecated]: syz.3.608 (pid 8177) Use of struct sctp_assoc_value in delayed_ack socket option. [ 402.330627][ T8177] Use struct sctp_sack_info instead [ 404.038350][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 404.325755][ T8167] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 404.337611][ T8167] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 404.347226][ T8167] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 404.368223][ T8167] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 404.508094][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 406.548079][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout [ 406.548100][ T5799] Bluetooth: hci1: command 0x0c1a tx timeout [ 406.548146][ T5799] Bluetooth: hci3: command 0x0c1a tx timeout [ 407.816192][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 407.832431][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 407.845415][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 407.854714][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 407.862641][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 407.926067][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 407.951541][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.216434][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.235318][ T9] libceph: connect (1)[c::]:6789 error -101 [ 410.337991][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.345482][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.353005][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.364535][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.378277][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 410.388152][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.404297][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.419620][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.427501][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.455052][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.490882][ T8243] ceph: No mds server is up or the cluster is laggy [ 410.547595][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.586862][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.610828][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.620176][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.627652][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.635415][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.643120][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.650944][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.658980][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.667259][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.688529][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 410.703686][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 412.672223][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 412.680324][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 412.687802][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 412.697335][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 412.706022][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 412.730386][ T2128] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 412.753213][ T2128] hid-generic 0000:0000:0000.0004: hidraw0: HID v8.00 Device [syz1] on syz0 [ 413.087444][ T8264] fido_id[8264]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 420.589699][ T5799] Bluetooth: hci0: unexpected event for opcode 0x0803 [ 423.788428][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 431.916866][ T8379] (null): rxe_set_mtu: Set mtu to 1024 [ 431.936878][ T8379] rdma_rxe: rxe_newlink: failed to add wg1 [ 432.848930][ T8388] netlink: 28 bytes leftover after parsing attributes in process `syz.0.675'. [ 434.044803][ T8392] syzkaller0: entered promiscuous mode [ 434.050615][ T8392] syzkaller0: entered allmulticast mode [ 440.876771][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.883587][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.250886][ T8457] (null): rxe_set_mtu: Set mtu to 1024 [ 442.258378][ T8457] rdma_rxe: rxe_newlink: failed to add wg1 [ 443.763839][ T8475] netlink: 72 bytes leftover after parsing attributes in process `syz.2.698'. [ 445.497394][ T8491] (null): rxe_set_mtu: Set mtu to 1024 [ 445.508272][ T8491] rdma_rxe: rxe_newlink: failed to add wg1 [ 445.590039][ T8493] autofs4:pid:8493:autofs_fill_super: called with bogus options [ 445.645950][ T8493] random: crng reseeded on system resumption [ 445.919276][ T8496] netlink: 104 bytes leftover after parsing attributes in process `syz.0.704'. [ 453.455451][ T8550] netlink: 'syz.1.719': attribute type 1 has an invalid length. [ 461.834340][ T8596] netlink: 16 bytes leftover after parsing attributes in process `syz.2.732'. [ 470.571714][ T5847] libceph: connect (1)[c::]:6789 error -101 [ 470.578132][ T5847] libceph: mon0 (1)[c::]:6789 connect error [ 471.190779][ T5847] libceph: connect (1)[c::]:6789 error -101 [ 471.234229][ T5847] libceph: mon0 (1)[c::]:6789 connect error [ 472.342109][ T5847] libceph: connect (1)[c::]:6789 error -101 [ 472.411792][ T5847] libceph: mon0 (1)[c::]:6789 connect error [ 473.508026][ T8681] ceph: No mds server is up or the cluster is laggy [ 473.524818][ T8703] netlink: 10 bytes leftover after parsing attributes in process `syz.1.759'. [ 478.228370][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 478.241661][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 478.256687][ T8749] netlink: 'syz.0.771': attribute type 1 has an invalid length. [ 478.581822][ T2128] libceph: connect (1)[c::]:6789 error -101 [ 478.621174][ T2128] libceph: mon0 (1)[c::]:6789 connect error [ 478.805861][ T8750] bond1: (slave bridge1): making interface the new active one [ 479.040862][ T8750] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 479.310500][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 479.354115][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 480.273362][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 480.280802][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 481.015726][ T8746] ceph: No mds server is up or the cluster is laggy [ 485.148242][ T8816] syz.0.780: attempt to access beyond end of device [ 485.148242][ T8816] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 485.250066][ T8822] wg1 speed is unknown, defaulting to 1000 [ 488.391165][ T5799] Bluetooth: hci3: command 0x0c1a tx timeout [ 494.080827][ T8898] netlink: 88 bytes leftover after parsing attributes in process `syz.2.806'. [ 494.089838][ T8898] netlink: 16 bytes leftover after parsing attributes in process `syz.2.806'. [ 501.649109][ T8924] syz.1.812: attempt to access beyond end of device [ 501.649109][ T8924] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 501.878764][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.885200][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.380886][ T8941] netlink: 88 bytes leftover after parsing attributes in process `syz.2.815'. [ 502.409604][ T8941] netlink: 16 bytes leftover after parsing attributes in process `syz.2.815'. [ 505.710051][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 506.382825][ T8986] (null): rxe_set_mtu: Set mtu to 1024 [ 506.468322][ T8986] rdma_rxe: rxe_newlink: failed to add wg1 [ 506.469915][ T8987] pim6reg1: entered allmulticast mode [ 507.379463][ T8981] pim6reg1: left allmulticast mode [ 507.505068][ T8990] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nbd0": -EINTR [ 507.623186][ T8991] wg1 speed is unknown, defaulting to 1000 [ 513.320456][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 514.195876][ T9030] netlink: 88 bytes leftover after parsing attributes in process `syz.2.838'. [ 514.196052][ T9030] netlink: 16 bytes leftover after parsing attributes in process `syz.2.838'. [ 515.433428][ T9035] input: syz1 as /devices/virtual/input/input7 [ 518.114396][ T9055] comedi comedi0: dt2815: I/O port conflict (0xef,2) [ 518.221636][ T9065] netlink: 88 bytes leftover after parsing attributes in process `syz.0.848'. [ 518.241541][ T9065] netlink: 16 bytes leftover after parsing attributes in process `syz.0.848'. [ 518.987958][ T5799] Bluetooth: hci3: command 0x0c1a tx timeout [ 519.767793][ T9071] netlink: 32 bytes leftover after parsing attributes in process `syz.0.850'. [ 520.499868][ T786] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 520.825816][ T786] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 521.264555][ T786] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 521.284141][ T786] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 521.308132][ T786] usb 2-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0 [ 521.337908][ T786] usb 2-1: Product: syz [ 521.346190][ T9073] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 521.361117][ T786] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 521.537957][ T9081] netlink: 72 bytes leftover after parsing attributes in process `syz.0.853'. [ 522.977397][ T9094] wg1 speed is unknown, defaulting to 1000 [ 523.022218][ T5832] usb 2-1: USB disconnect, device number 4 [ 523.031082][ T9089] syz.0.854: attempt to access beyond end of device [ 523.031082][ T9089] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 523.327686][ T9101] lo: entered promiscuous mode [ 523.349043][ T9101] tunl0: entered promiscuous mode [ 523.536110][ T9101] gre0: entered promiscuous mode [ 524.177439][ T9101] gretap0: entered promiscuous mode [ 524.385369][ T9101] erspan0: entered promiscuous mode [ 524.448843][ T9101] ip_vti0: entered promiscuous mode [ 524.543200][ T9101] ip6_vti0: entered promiscuous mode [ 524.967445][ T9101] sit0: entered promiscuous mode [ 525.132274][ T9101] ip6tnl0: entered promiscuous mode [ 525.181509][ T9101] ip6gre0: entered promiscuous mode [ 525.230345][ T9101] syz_tun: entered promiscuous mode [ 525.248036][ T9101] ip6gretap0: entered promiscuous mode [ 525.255499][ T9101] vcan0: entered promiscuous mode [ 525.342236][ T9101] bond0: entered promiscuous mode [ 525.347353][ T9101] bond_slave_0: entered promiscuous mode [ 525.532529][ T9101] bond_slave_1: entered promiscuous mode [ 525.787319][ T9101] team0: entered promiscuous mode [ 525.795743][ T9101] team_slave_0: entered promiscuous mode [ 525.890068][ T9101] team_slave_1: entered promiscuous mode [ 526.022240][ T9117] netlink: 72 bytes leftover after parsing attributes in process `syz.2.862'. [ 526.036275][ T9101] dummy0: entered promiscuous mode [ 526.114092][ T9101] nlmon0: entered promiscuous mode [ 526.156663][ T9101] caif0: entered promiscuous mode [ 526.226361][ T9101] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 529.187506][ T9144] netlink: 72 bytes leftover after parsing attributes in process `syz.1.871'. [ 532.265349][ T9161] input: syz1 as /devices/virtual/input/input8 [ 533.637949][ T786] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 534.118082][ T786] usb 2-1: Using ep0 maxpacket: 8 [ 534.936939][ T786] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 534.973843][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.013313][ T9180] syz.0.881: attempt to access beyond end of device [ 535.013313][ T9180] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 535.068074][ T786] usb 2-1: Product: syz [ 535.075327][ T786] usb 2-1: Manufacturer: syz [ 535.089570][ T786] usb 2-1: SerialNumber: syz [ 535.113853][ T786] usb 2-1: config 0 descriptor?? [ 535.148753][ T786] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 535.156886][ T786] usb 2-1: setting power ON [ 535.163768][ T786] dvb-usb: bulk message failed: -22 (2/0) [ 535.170845][ T9187] wg1 speed is unknown, defaulting to 1000 [ 535.805266][ T786] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 535.834260][ T786] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 535.848533][ T786] usb 2-1: media controller created [ 535.895076][ T786] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 536.000709][ T786] usb 2-1: selecting invalid altsetting 6 [ 536.006815][ T786] usb 2-1: digital interface selection failed (-22) [ 536.017086][ T786] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 536.039289][ T786] usb 2-1: setting power OFF [ 536.044598][ T786] dvb-usb: bulk message failed: -22 (2/0) [ 536.074437][ T786] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 536.088717][ T786] (NULL device *): no alternate interface [ 536.104446][ T9192] sctp: [Deprecated]: syz.2.880 (pid 9192) Use of struct sctp_assoc_value in delayed_ack socket option. [ 536.104446][ T9192] Use struct sctp_sack_info instead [ 536.230397][ T9186] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 536.460808][ T786] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 536.468476][ T9186] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 536.807449][ T9186] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 536.816405][ T9186] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 536.852479][ T786] usb 2-1: USB disconnect, device number 5 [ 538.278026][ T5796] Bluetooth: hci0: command 0x0c1a tx timeout [ 538.868102][ T5796] Bluetooth: hci1: command 0x0c1a tx timeout [ 538.874572][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 538.883296][ T5796] Bluetooth: hci2: command 0x0c1a tx timeout [ 540.513980][ T9223] comedi comedi0: dt2815: I/O port conflict (0xef,2) [ 545.709907][ T9278] pim6reg1: entered allmulticast mode [ 545.735882][ T9278] pim6reg1: left allmulticast mode [ 546.337001][ T9282] sctp: [Deprecated]: syz.1.901 (pid 9282) Use of struct sctp_assoc_value in delayed_ack socket option. [ 546.337001][ T9282] Use struct sctp_sack_info instead [ 547.063168][ T9274] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 547.084454][ T9274] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 547.290569][ T9294] syz.3.903: attempt to access beyond end of device [ 547.290569][ T9294] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 547.319411][ T9274] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 547.326777][ T9274] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 547.447188][ T9299] wg1 speed is unknown, defaulting to 1000 [ 549.010628][ T5796] Bluetooth: hci0: command 0x0c1a tx timeout [ 549.148233][ T5796] Bluetooth: hci1: command 0x0c1a tx timeout [ 549.390682][ T5799] Bluetooth: hci2: command 0x0c1a tx timeout [ 549.396989][ T5796] Bluetooth: hci3: command 0x0c1a tx timeout [ 551.407976][ T5891] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 551.422764][ T786] libceph: connect (1)[c::]:6789 error -101 [ 551.431210][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 551.610633][ T5891] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 551.622109][ T5891] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 551.655540][ T5891] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 551.688757][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 551.699398][ T5891] usb 2-1: SerialNumber: syz [ 551.709329][ T786] libceph: connect (1)[c::]:6789 error -101 [ 551.721392][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 552.275980][ T786] libceph: connect (1)[c::]:6789 error -101 [ 552.354990][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 552.398264][ T5891] usb 2-1: 0:2 : does not exist [ 552.459689][ T5891] usb 2-1: USB disconnect, device number 6 [ 553.534289][ T9] libceph: connect (1)[c::]:6789 error -101 [ 554.988120][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 554.997384][ T9] libceph: connect (1)[c::]:6789 error -101 [ 555.016372][ T9326] ceph: No mds server is up or the cluster is laggy [ 555.065152][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 555.129162][ T7872] udevd[7872]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 558.700578][ T9348] sctp: [Deprecated]: syz.0.917 (pid 9348) Use of struct sctp_assoc_value in delayed_ack socket option. [ 558.700578][ T9348] Use struct sctp_sack_info instead [ 558.753547][ T9365] syz.1.921: attempt to access beyond end of device [ 558.753547][ T9365] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 559.073012][ T9372] wg1 speed is unknown, defaulting to 1000 [ 560.427976][ T5799] Bluetooth: hci3: command 0x0c1a tx timeout [ 561.043399][ T9359] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 561.051969][ T5799] Bluetooth: hci0: command 0x0c1a tx timeout [ 562.559405][ T9359] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 562.565755][ T9359] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 562.572488][ T9359] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 563.312161][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.319038][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.379513][ T5878] libceph: connect (1)[c::]:6789 error -101 [ 563.767674][ T5878] libceph: mon0 (1)[c::]:6789 connect error [ 564.028501][ T5891] libceph: connect (1)[c::]:6789 error -101 [ 564.048842][ T5891] libceph: mon0 (1)[c::]:6789 connect error [ 564.597948][ T5796] Bluetooth: hci1: command 0x0c1a tx timeout [ 564.677986][ T5796] Bluetooth: hci2: command 0x0c1a tx timeout [ 564.684121][ T5799] Bluetooth: hci3: command 0x0c1a tx timeout [ 565.589942][ T5891] libceph: connect (1)[c::]:6789 error -101 [ 566.504430][ T5891] libceph: mon0 (1)[c::]:6789 connect error [ 566.513059][ T5891] libceph: connect (1)[c::]:6789 error -101 [ 566.527854][ T5891] libceph: mon0 (1)[c::]:6789 connect error [ 566.592635][ T9387] ceph: No mds server is up or the cluster is laggy [ 566.937246][ T5878] libceph: connect (1)[c::]:6789 error -101 [ 567.874305][ T5878] libceph: mon0 (1)[c::]:6789 connect error [ 572.258173][ T9428] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/nbd0": -EINTR [ 572.315690][ T9433] wg1 speed is unknown, defaulting to 1000 [ 577.290953][ T9336] libceph: connect (1)[c::]:6789 error -101 [ 577.297174][ T9336] libceph: mon0 (1)[c::]:6789 connect error [ 577.596618][ T9336] libceph: connect (1)[c::]:6789 error -101 [ 577.604295][ T9336] libceph: mon0 (1)[c::]:6789 connect error [ 578.578034][ T9336] libceph: connect (1)[c::]:6789 error -101 [ 578.584089][ T9336] libceph: mon0 (1)[c::]:6789 connect error [ 578.611831][ T9466] ceph: No mds server is up or the cluster is laggy [ 581.573944][ T9502] syz.0.949: attempt to access beyond end of device [ 581.573944][ T9502] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 585.070560][ T786] libceph: connect (1)[c::]:6789 error -101 [ 585.076720][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 585.637174][ T786] libceph: connect (1)[c::]:6789 error -101 [ 585.649947][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 586.010505][ T9546] netlink: 72 bytes leftover after parsing attributes in process `syz.3.959'. [ 586.159180][ T786] libceph: connect (1)[c::]:6789 error -101 [ 586.198657][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 587.454131][ T786] libceph: connect (1)[c::]:6789 error -101 [ 587.484421][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 587.693015][ T9528] ceph: No mds server is up or the cluster is laggy [ 588.230397][ T9566] syz0: rxe_newlink: already configured on wg1 [ 588.237748][ T9566] pim6reg1: entered allmulticast mode [ 588.244126][ T9566] pim6reg1: left allmulticast mode [ 589.413124][ T9582] syz.0.964: attempt to access beyond end of device [ 589.413124][ T9582] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 589.837609][ T9582] wg1 speed is unknown, defaulting to 1000 [ 590.739956][ T9604] netlink: 72 bytes leftover after parsing attributes in process `syz.1.968'. [ 592.141197][ T786] libceph: connect (1)[c::]:6789 error -101 [ 592.147321][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 592.541231][ T5878] libceph: connect (1)[c::]:6789 error -101 [ 592.558115][ T5878] libceph: mon0 (1)[c::]:6789 connect error [ 593.088424][ T5878] libceph: connect (1)[c::]:6789 error -101 [ 593.479445][ T5878] libceph: mon0 (1)[c::]:6789 connect error [ 593.557568][ T9626] (null): rxe_set_mtu: Set mtu to 1024 [ 593.563762][ T9626] rdma_rxe: rxe_newlink: failed to add wg1 [ 593.571046][ T9626] pim6reg1: entered allmulticast mode [ 593.577415][ T9626] pim6reg1: left allmulticast mode [ 594.802746][ T9613] ceph: No mds server is up or the cluster is laggy [ 596.581042][ T9652] syz.2.981: attempt to access beyond end of device [ 596.581042][ T9652] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 597.234596][ T9661] wg1 speed is unknown, defaulting to 1000 [ 598.443938][ T9673] syz0: rxe_newlink: already configured on wg1 [ 598.862449][ T9673] pim6reg1: entered allmulticast mode [ 603.549968][ T786] libceph: connect (1)[c::]:6789 error -101 [ 603.556237][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 603.818249][ T786] libceph: connect (1)[c::]:6789 error -101 [ 603.824334][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 604.276165][ T9687] ceph: No mds server is up or the cluster is laggy [ 606.662895][ T9716] (null): rxe_set_mtu: Set mtu to 1024 [ 606.708783][ T9716] rdma_rxe: rxe_newlink: failed to add wg1 [ 606.878902][ T9716] pim6reg1: entered allmulticast mode [ 607.099205][ T9719] netlink: 72 bytes leftover after parsing attributes in process `syz.0.997'. [ 607.202745][ T9713] pim6reg1: left allmulticast mode [ 607.593777][ T9727] trusted_key: encrypted_key: key user:syz not found [ 607.797519][ T9728] syz.2.999: attempt to access beyond end of device [ 607.797519][ T9728] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 608.000402][ T9735] wg1 speed is unknown, defaulting to 1000 [ 608.868326][ T786] libceph: connect (1)[c::]:6789 error -101 [ 611.110833][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 611.368277][ T9741] ceph: No mds server is up or the cluster is laggy [ 613.728468][ T9763] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1006'. [ 618.209401][ T27] libceph: connect (1)[c::]:6789 error -101 [ 618.215642][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 618.405039][ T9784] syz.1.1009: attempt to access beyond end of device [ 618.405039][ T9784] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 618.488381][ T27] libceph: connect (1)[c::]:6789 error -101 [ 618.494522][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 619.410375][ T9779] ceph: No mds server is up or the cluster is laggy [ 620.706424][ T27] libceph: connect (1)[c::]:6789 error -101 [ 620.713647][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 624.753059][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.770015][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.403348][ T786] libceph: connect (1)[c::]:6789 error -101 [ 629.444990][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 629.481181][ T9833] ceph: No mds server is up or the cluster is laggy [ 629.490409][ T786] libceph: connect (1)[c::]:6789 error -101 [ 629.496536][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 630.486798][ T786] libceph: connect (1)[c::]:6789 error -101 [ 630.522451][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 632.569388][ T9882] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 632.585431][ T9882] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 632.602075][ T9882] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 632.614318][ T9882] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 632.675575][ T9886] trusted_key: encrypted_key: key user:syz not found [ 633.280563][ T9887] syz.3.1035: attempt to access beyond end of device [ 633.280563][ T9887] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 633.659311][ T9900] wg1 speed is unknown, defaulting to 1000 [ 634.021717][ T9903] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1037'. [ 637.253620][ T786] libceph: connect (1)[c::]:6789 error -101 [ 637.283897][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 637.338661][ T786] libceph: connect (1)[c::]:6789 error -101 [ 637.373606][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 638.334351][ T786] libceph: connect (1)[c::]:6789 error -101 [ 638.340774][ T786] libceph: mon0 (1)[c::]:6789 connect error [ 638.858317][ T9336] libceph: connect (1)[c::]:6789 error -101 [ 638.864460][ T9336] libceph: mon0 (1)[c::]:6789 connect error [ 638.905496][ T9907] ceph: No mds server is up or the cluster is laggy [ 639.657502][ T9926] (null): rxe_set_mtu: Set mtu to 1024 [ 639.669066][ T9926] rdma_rxe: rxe_newlink: failed to add wg1 [ 640.950129][ T9926] pim6reg1: entered allmulticast mode [ 640.975782][ T9937] pim6reg1: left allmulticast mode [ 644.121250][ T9943] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1046'. [ 644.187421][ T9947] syz.3.1047: attempt to access beyond end of device [ 644.187421][ T9947] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 644.286079][ T9948] wg1 speed is unknown, defaulting to 1000 [ 646.169312][ T9957] trusted_key: encrypted_key: key user:syz not found [ 647.867722][ T9974] syz.1.1052[9974]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 654.366451][T10010] syz.1.1057: attempt to access beyond end of device [ 654.366451][T10010] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 655.189377][T10019] wg1 speed is unknown, defaulting to 1000 [ 656.126131][T10034] (null): rxe_set_mtu: Set mtu to 1024 [ 656.162527][T10034] rdma_rxe: rxe_newlink: failed to add wg1 [ 656.261882][T10034] pim6reg1: entered allmulticast mode [ 656.334077][T10034] pim6reg1: left allmulticast mode [ 659.316567][T10066] trusted_key: encrypted_key: key user:syz not found [ 660.046494][T10078] netlink: set zone limit has 8 unknown bytes [ 662.720954][T10102] syz.0.1072: attempt to access beyond end of device [ 662.720954][T10102] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 662.819381][T10107] wg1 speed is unknown, defaulting to 1000 [ 664.400946][T10119] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1073'. [ 664.410108][T10119] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1073'. [ 664.419235][T10119] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1073'. [ 664.763961][T10132] (null): rxe_set_mtu: Set mtu to 1024 [ 664.853480][T10136] pim6reg1: entered allmulticast mode [ 664.863516][T10132] rdma_rxe: rxe_newlink: failed to add wg1 [ 664.871784][T10136] pim6reg1: left allmulticast mode [ 667.220056][T10151] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1077'. [ 671.652058][T10173] trusted_key: encrypted_key: key user:syz not found [ 678.557129][T10220] (null): rxe_set_mtu: Set mtu to 1024 [ 678.586673][T10220] rdma_rxe: rxe_newlink: failed to add wg1 [ 678.614456][T10220] pim6reg1: entered allmulticast mode [ 678.629417][T10220] pim6reg1: left allmulticast mode [ 679.481673][T10228] trusted_key: encrypted_key: key user:syz not found [ 681.356989][ T28] audit: type=1326 audit(1752855803.522:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.3.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9206d8e9a9 code=0x7ffc0000 [ 681.530588][ T28] audit: type=1326 audit(1752855803.522:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.3.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9206d8e9a9 code=0x7ffc0000 [ 681.601403][ T28] audit: type=1326 audit(1752855803.552:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.3.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9206d8e9a9 code=0x7ffc0000 [ 681.688290][ T28] audit: type=1326 audit(1752855803.552:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.3.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9206d8e9a9 code=0x7ffc0000 [ 681.733788][ T28] audit: type=1326 audit(1752855803.552:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.3.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9206d8e9a9 code=0x7ffc0000 [ 681.778375][ T28] audit: type=1326 audit(1752855803.562:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.3.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9206d8e9a9 code=0x7ffc0000 [ 681.837802][ T28] audit: type=1326 audit(1752855803.562:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.3.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9206d8e9a9 code=0x7ffc0000 [ 681.891299][ T28] audit: type=1326 audit(1752855803.562:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.3.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9206d8e9a9 code=0x7ffc0000 [ 682.041180][T10243] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1106'. [ 682.157174][ T28] audit: type=1326 audit(1752855803.562:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.3.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9206d8e9a9 code=0x7ffc0000 [ 682.441741][ T28] audit: type=1326 audit(1752855803.562:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.3.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9206d8e9a9 code=0x7ffc0000 [ 686.067659][T10274] x_tables: ip_tables: osf match: only valid for protocol 6 [ 686.102921][T10274] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 686.191783][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.744105][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.002556][ T27] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 688.346686][ T27] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 688.370742][ T27] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 688.464510][ T27] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 688.524561][ T27] usb 2-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0 [ 688.596108][ T27] usb 2-1: Product: syz [ 688.747898][T10286] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 688.776755][ T27] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 688.852939][T10291] trusted_key: encrypted_key: key user:syz not found [ 690.050615][ T786] usb 2-1: USB disconnect, device number 7 [ 692.885655][T10329] block nbd0: shutting down sockets [ 694.192002][ T2128] libceph: connect (1)[c::]:6789 error -101 [ 694.211925][ T2128] libceph: mon0 (1)[c::]:6789 connect error [ 694.498314][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 694.595133][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 694.786655][T10342] ceph: No mds server is up or the cluster is laggy [ 700.699097][ T786] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 701.024407][ T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 701.068617][ T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 701.085794][ T786] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 701.105348][ T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.121536][ T786] usb 2-1: config 0 descriptor?? [ 701.754434][ T786] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0 [ 701.817325][ T786] cp2112 0003:10C4:EA90.0005: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 702.038753][ T786] cp2112 0003:10C4:EA90.0005: Part Number: 0x82 Device Version: 0xFE [ 702.977914][T10398] binder: 10397:10398 ioctl c0306201 0 returned -14 [ 703.881042][ T5840] usb 2-1: USB disconnect, device number 8 [ 706.071131][ T2128] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 706.128154][T10439] (null): rxe_set_mtu: Set mtu to 1024 [ 706.171862][T10439] rdma_rxe: rxe_newlink: failed to add wg1 [ 706.283287][ T2128] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 706.288714][T10439] pim6reg1: entered allmulticast mode [ 706.294499][ T2128] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 706.303169][T10439] pim6reg1: left allmulticast mode [ 706.317073][ T2128] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 706.327655][ T2128] usb 4-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0 [ 706.337179][ T2128] usb 4-1: Product: syz [ 706.501226][T10436] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 706.535452][ T2128] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 706.746836][ T786] usb 4-1: USB disconnect, device number 6 [ 706.856351][T10296] udevd[10296]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 713.587441][T10478] (null): rxe_set_mtu: Set mtu to 1024 [ 713.595704][T10478] rdma_rxe: rxe_newlink: failed to add wg1 [ 713.705814][T10478] pim6reg1: entered allmulticast mode [ 713.744331][T10478] pim6reg1: left allmulticast mode [ 720.167772][T10531] can0: slcan on ptm0. [ 723.680842][T10531] can0 (unregistered): slcan off ptm0. [ 731.127953][ T27] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 731.482779][ T27] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 731.510991][ T27] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 732.344802][ T27] usb 2-1: string descriptor 0 read error: -71 [ 732.351517][ T27] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 732.361195][ T27] usb 2-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0 [ 732.414534][ T27] usb 2-1: can't set config #27, error -71 [ 732.432003][ T27] usb 2-1: USB disconnect, device number 9 [ 733.219204][T10615] syz0: rxe_newlink: already configured on wg1 [ 736.178151][ T5891] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 738.515874][T10645] debugfs: Directory 'ptm0' with parent 'caif_serial' already present! [ 738.571405][ T5891] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 739.789853][ T5891] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 739.801127][ T5891] usb 4-1: string descriptor 0 read error: -71 [ 739.813187][ T5891] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 739.827810][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0 [ 739.855752][ T5891] usb 4-1: can't set config #27, error -71 [ 739.863861][ T5891] usb 4-1: USB disconnect, device number 7 [ 740.322473][T10657] syz.0.1216: attempt to access beyond end of device [ 740.322473][T10657] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 740.681164][T10657] wg1 speed is unknown, defaulting to 1000 [ 742.298014][ T786] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 742.982420][T10687] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1224'. [ 743.063802][ T786] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 743.303900][T10687] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1224'. [ 743.373967][ T786] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 743.499426][ T786] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 743.525459][ T786] usb 3-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0 [ 743.543556][ T786] usb 3-1: Product: syz [ 743.597935][T10683] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 743.609917][ T786] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 744.607954][ T786] usb 3-1: USB disconnect, device number 5 [ 748.394931][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 748.424051][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.880129][T10730] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1231'. [ 750.403664][T10738] Illegal XDP return value 4294967274 on prog (id 171) dev syz_tun, expect packet loss! [ 752.366363][T10759] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1243'. [ 752.385494][T10757] syz.2.1240: attempt to access beyond end of device [ 752.385494][T10757] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 752.474006][T10766] wg1 speed is unknown, defaulting to 1000 [ 754.657080][T10781] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1247'. [ 759.957969][T10816] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1252'. [ 760.903702][T10821] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1257'. [ 764.595296][T10844] lo: entered promiscuous mode [ 764.634539][T10844] tunl0: entered promiscuous mode [ 764.711369][T10844] gre0: entered promiscuous mode [ 764.717555][T10844] gretap0: entered promiscuous mode [ 765.648402][T10855] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1265'. [ 766.167031][T10844] erspan0: entered promiscuous mode [ 766.862810][T10844] ip_vti0: entered promiscuous mode [ 767.084772][T10844] ip6_vti0: entered promiscuous mode [ 767.091414][T10844] sit0: entered promiscuous mode [ 767.098741][T10844] ip6tnl0: entered promiscuous mode [ 767.105132][T10844] ip6gre0: entered promiscuous mode [ 767.111640][T10844] syz_tun: entered promiscuous mode [ 767.117594][T10844] ip6gretap0: entered promiscuous mode [ 767.125469][T10844] vcan0: entered promiscuous mode [ 767.131550][T10844] bond0: entered promiscuous mode [ 767.136849][T10844] bond_slave_0: entered promiscuous mode [ 767.144173][T10844] bond_slave_1: entered promiscuous mode [ 767.151714][T10844] team0: entered promiscuous mode [ 767.156898][T10844] team_slave_0: entered promiscuous mode [ 767.163050][T10844] team_slave_1: entered promiscuous mode [ 767.170257][T10844] dummy0: entered promiscuous mode [ 767.176587][T10844] nlmon0: entered promiscuous mode [ 767.268306][T10844] caif0: entered promiscuous mode [ 767.273413][T10844] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 771.485543][T10882] syz.3.1272: attempt to access beyond end of device [ 771.485543][T10882] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 771.916011][T10885] wg1 speed is unknown, defaulting to 1000 [ 773.522384][T10909] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 780.549802][ T2128] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 780.838029][ T2128] usb 3-1: Using ep0 maxpacket: 32 [ 780.996986][ T2128] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 781.153583][ T2128] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 781.378985][ T2128] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 781.528921][ T2128] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid wMaxPacketSize 0 [ 781.559032][T10971] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 781.578234][ T2128] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 781.661206][ T2128] usb 3-1: config 0 interface 0 has no altsetting 0 [ 781.690746][ T2128] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 781.716621][ T2128] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 781.744025][T10987] debugfs: Directory 'ptm0' with parent 'caif_serial' already present! [ 782.968816][ T2128] usb 3-1: Product: syz [ 783.022862][ T2128] usb 3-1: Manufacturer: syz [ 783.092830][ T2128] usb 3-1: SerialNumber: syz [ 783.249341][ T2128] usb 3-1: config 0 descriptor?? [ 783.412854][ T2128] usb 3-1: can't set config #0, error -71 [ 783.488218][ T2128] usb 3-1: USB disconnect, device number 6 [ 787.129974][T11027] Bluetooth: MGMT ver 1.22 [ 791.042668][T11043] lo: entered promiscuous mode [ 791.062094][T11043] tunl0: entered promiscuous mode [ 791.078712][T11043] gre0: entered promiscuous mode [ 791.085821][T11043] gretap0: entered promiscuous mode [ 791.127192][T11043] erspan0: entered promiscuous mode [ 791.169498][T11043] ip_vti0: entered promiscuous mode [ 791.300297][T11043] ip6_vti0: entered promiscuous mode [ 791.306987][T11043] sit0: entered promiscuous mode [ 791.332848][T11043] ip6tnl0: entered promiscuous mode [ 792.118641][T11043] ip6gre0: entered promiscuous mode [ 792.124864][T11043] syz_tun: entered promiscuous mode [ 792.250905][T11043] ip6gretap0: entered promiscuous mode [ 792.258921][T11043] vcan0: entered promiscuous mode [ 792.307961][T11043] bond0: entered promiscuous mode [ 792.313075][T11043] bond_slave_0: entered promiscuous mode [ 792.512350][T11043] bond_slave_1: entered promiscuous mode [ 792.679828][T11043] team0: entered promiscuous mode [ 792.685170][T11043] team_slave_0: entered promiscuous mode [ 792.907916][T11043] team_slave_1: entered promiscuous mode [ 793.593606][T11043] dummy0: entered promiscuous mode [ 793.714505][T11043] nlmon0: entered promiscuous mode [ 793.918175][T11043] caif0: entered promiscuous mode [ 793.985296][T11043] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 802.601495][ T9336] libceph: connect (1)[c::]:6789 error -101 [ 802.618502][ T9336] libceph: mon0 (1)[c::]:6789 connect error [ 802.911699][ T5878] libceph: connect (1)[c::]:6789 error -101 [ 802.918366][ T5878] libceph: mon0 (1)[c::]:6789 connect error [ 803.441403][ T5878] libceph: connect (1)[c::]:6789 error -101 [ 804.405174][ T5878] libceph: mon0 (1)[c::]:6789 connect error [ 804.853455][T11122] ceph: No mds server is up or the cluster is laggy [ 805.338493][ T5891] libceph: connect (1)[c::]:6789 error -101 [ 805.454987][ T5891] libceph: mon0 (1)[c::]:6789 connect error [ 809.128647][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.135070][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.909576][T11167] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1337'. [ 817.337771][ T5878] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 817.537793][ T5878] usb 4-1: Using ep0 maxpacket: 8 [ 817.545773][ T5878] usb 4-1: unable to get BOS descriptor or descriptor too short [ 819.184745][ T5878] usb 4-1: config 4 has an invalid interface number: 147 but max is 0 [ 819.203880][ T5878] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 819.234094][ T5891] libceph: connect (1)[c::]:6789 error -101 [ 821.686308][T11224] ceph: No mds server is up or the cluster is laggy [ 821.712956][ T5891] libceph: mon0 (1)[c::]:6789 connect error [ 821.721088][ T5878] usb 4-1: config 4 has no interface number 0 [ 821.795013][ T5878] usb 4-1: config 4 interface 147 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 821.888342][ T5878] usb 4-1: config 4 interface 147 has no altsetting 0 [ 821.908824][T11238] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1354'. [ 821.914929][ T5878] usb 4-1: string descriptor 0 read error: -71 [ 821.927100][ T5878] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 822.000332][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 822.578037][ T5878] usb 4-1: can't set config #4, error -71 [ 822.608237][ T5878] usb 4-1: USB disconnect, device number 8 [ 826.242611][ T2128] libceph: connect (1)[c::]:6789 error -101 [ 826.298384][ T2128] libceph: mon0 (1)[c::]:6789 connect error [ 826.715704][ T27] libceph: connect (1)[c::]:6789 error -101 [ 826.735628][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 828.061358][ T27] libceph: connect (1)[c::]:6789 error -101 [ 828.079576][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 830.355329][T11278] ceph: No mds server is up or the cluster is laggy [ 830.501165][ T27] libceph: connect (1)[c::]:6789 error -101 [ 830.508854][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 831.746720][T11305] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1371'. [ 834.477741][ T5832] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 835.005538][ T5832] usb 2-1: config 241 has an invalid interface number: 0 but max is -1 [ 835.054451][ T5832] usb 2-1: config 241 has 1 interface, different from the descriptor's value: 0 [ 835.075228][ T5832] usb 2-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=db.e9 [ 835.124376][ T5832] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.357113][ T5832] usb 2-1: can't set config #241, error -71 [ 836.261887][ T5832] usb 2-1: USB disconnect, device number 10 [ 838.517668][T11358] (null): rxe_set_mtu: Set mtu to 1024 [ 838.572865][T11358] rdma_rxe: rxe_newlink: failed to add wg1 [ 838.574786][T11360] pim6reg1: entered allmulticast mode [ 845.451259][T11407] input: syz1 as /devices/virtual/input/input9 [ 846.578584][T11427] (null): rxe_set_mtu: Set mtu to 1024 [ 846.585338][T11427] rdma_rxe: rxe_newlink: failed to add wg1 [ 846.629326][T11427] pim6reg1: entered allmulticast mode [ 849.347714][ T9336] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 849.643831][T11449] input: syz1 as /devices/virtual/input/input10 [ 849.700343][ T9336] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 851.487097][ T9336] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 852.128908][ T9336] usb 2-1: string descriptor 0 read error: -71 [ 852.187175][ T9336] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 852.227739][ T9336] usb 2-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0 [ 852.259660][T11459] fuse: Bad value for 'fd' [ 852.266628][ T9336] usb 2-1: can't set config #27, error -71 [ 852.313691][ T9336] usb 2-1: USB disconnect, device number 11 [ 852.446630][T11464] (null): rxe_set_mtu: Set mtu to 1024 [ 852.459844][T11464] rdma_rxe: rxe_newlink: failed to add wg1 [ 852.511498][T11464] pim6reg1: entered allmulticast mode [ 855.531933][ T9336] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 855.639394][T11496] input: syz1 as /devices/virtual/input/input11 [ 855.740232][ T9336] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 855.785014][ T9336] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 856.305770][ T9336] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 856.850225][ T9336] usb 4-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0 [ 856.859110][ T9336] usb 4-1: Product: syz [ 856.884627][T11483] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 856.900144][ T9336] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 859.309707][ T9336] usb 4-1: USB disconnect, device number 9 [ 859.455076][T10806] udevd[10806]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 861.869419][T11529] input: syz1 as /devices/virtual/input/input12 [ 864.767608][ C1] sched: RT throttling activated [ 866.094102][T11546] tmpfs: Bad value for 'mpol' [ 866.857965][T11551] set match dimension is over the limit! [ 869.345918][T11565] input: syz1 as /devices/virtual/input/input13 [ 870.590138][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.604181][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.446526][T11592] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1447'. [ 872.646907][T11608] (null): rxe_set_mtu: Set mtu to 1024 [ 872.694055][T11608] rdma_rxe: rxe_newlink: failed to add wg1 [ 872.739731][ T9336] usb 2-1: new low-speed USB device number 12 using dummy_hcd [ 872.935319][T11608] pim6reg1: entered allmulticast mode [ 872.963514][ T9336] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 873.340029][ T9336] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 873.631997][ T9336] usb 2-1: string descriptor 0 read error: -22 [ 873.650491][ T9336] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 873.774724][T11608] pim6reg1: left allmulticast mode [ 873.799038][ T9336] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 874.215365][ T9336] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 874.252186][ T9336] usb 2-1: MIDIStreaming interface descriptor not found [ 875.357402][T11633] tmpfs: Bad value for 'mpol' [ 876.220684][T11319] usb 2-1: USB disconnect, device number 12 [ 880.134471][T11670] (null): rxe_set_mtu: Set mtu to 1024 [ 880.142317][T11670] rdma_rxe: rxe_newlink: failed to add wg1 [ 880.204108][T11670] pim6reg1: entered allmulticast mode [ 880.213274][T11670] pim6reg1: left allmulticast mode [ 880.594990][T11671] tmpfs: Bad value for 'mpol' [ 888.482360][T11714] tmpfs: Bad value for 'mpol' [ 889.629923][T11721] (null): rxe_set_mtu: Set mtu to 1024 [ 889.659305][T11721] rdma_rxe: rxe_newlink: failed to add wg1 [ 890.536882][T11721] pim6reg1: entered allmulticast mode [ 890.594616][T11726] pim6reg1: left allmulticast mode [ 894.347122][T11751] syz.2.1487 uses old SIOCAX25GETINFO [ 896.220616][ T9745] Bluetooth: hci4: Frame reassembly failed (-84) [ 896.803678][ T9745] Bluetooth: hci4: Frame reassembly failed (-84) [ 898.267983][ T5796] Bluetooth: hci4: command 0x1003 tx timeout [ 898.274939][ T5799] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 901.211029][T11811] (null): rxe_set_mtu: Set mtu to 1024 [ 901.219099][T11811] rdma_rxe: rxe_newlink: failed to add wg1 [ 906.847605][T11842] can: request_module (can-proto-0) failed. [ 907.675566][T11860] wg1 speed is unknown, defaulting to 1000 [ 914.273269][T11907] syz0: rxe_newlink: already configured on wg1 [ 914.764417][T11906] pim6reg1: entered allmulticast mode [ 914.784060][T11906] pim6reg1: left allmulticast mode [ 914.934046][T11897] xt_nfacct: accounting object `syz1' does not exists [ 922.991242][T11970] sctp: [Deprecated]: syz.3.1534 (pid 11970) Use of int in max_burst socket option. [ 922.991242][T11970] Use struct sctp_assoc_value instead [ 923.481068][T11967] capability: warning: `syz.3.1534' uses 32-bit capabilities (legacy support in use) [ 926.732752][T11993] input: syz1 as /devices/virtual/input/input14 [ 931.567786][T12031] syz0: rxe_newlink: already configured on wg1 [ 931.656104][T12031] pim6reg1: entered allmulticast mode [ 932.153524][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.161437][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.207585][T12034] pim6reg1: left allmulticast mode [ 932.823338][T12040] input: syz1 as /devices/virtual/input/input15 [ 934.635632][T12054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1555'. [ 934.693266][T12046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 934.781772][T12046] bond0: (slave rose0): Enslaving as an active interface with an up link [ 935.367261][ T23] libceph: connect (1)[c::]:6789 error -101 [ 935.442032][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 935.828627][ T23] libceph: connect (1)[c::]:6789 error -101 [ 935.915057][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 936.601882][ T2128] libceph: connect (1)[c::]:6789 error -101 [ 936.667169][ T2128] libceph: mon0 (1)[c::]:6789 connect error [ 938.204305][T12066] ceph: No mds server is up or the cluster is laggy [ 938.415439][T12097] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1565'. [ 938.657628][ T9336] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 938.901147][ T9336] usb 2-1: Using ep0 maxpacket: 16 [ 938.913253][ T9336] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 938.928155][ T9336] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 938.963203][T12111] (null): rxe_set_mtu: Set mtu to 1024 [ 938.975728][ T9336] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 939.161511][ T9336] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 939.171916][T12111] rdma_rxe: rxe_newlink: failed to add wg1 [ 939.188655][ T9336] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 939.282759][ T9336] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 939.829289][T12111] pim6reg1: entered allmulticast mode [ 939.836836][ T9336] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 939.857280][T12111] pim6reg1: left allmulticast mode [ 939.865137][ T9336] usb 2-1: Manufacturer: syz [ 939.915311][ T9336] usb 2-1: config 0 descriptor?? [ 942.517603][ T9336] rc_core: IR keymap rc-hauppauge not found [ 942.527641][ T9336] Registered IR keymap rc-empty [ 942.533354][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 942.567796][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 942.643126][ T9336] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 942.730921][ T9336] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input17 [ 942.865818][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 943.391091][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 943.468226][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 943.501677][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 943.568901][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 943.610356][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 943.650398][ T23] libceph: connect (1)[c::]:6789 error -101 [ 943.661371][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 943.671671][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 943.717765][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 943.747710][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 943.758996][T12148] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1574'. [ 943.787740][ T9336] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 943.828944][ T9336] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 943.838205][ T9336] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 943.853332][ T9336] usb 2-1: USB disconnect, device number 13 [ 943.918458][ T23] libceph: connect (1)[c::]:6789 error -101 [ 943.944066][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 945.000564][ T23] libceph: connect (1)[c::]:6789 error -101 [ 945.036032][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 946.769034][T11319] libceph: connect (1)[c::]:6789 error -101 [ 946.775087][T11319] libceph: mon0 (1)[c::]:6789 connect error [ 947.244017][T12141] ceph: No mds server is up or the cluster is laggy [ 947.265562][T11319] libceph: connect (1)[c::]:6789 error -101 [ 947.899188][T11319] libceph: mon0 (1)[c::]:6789 connect error [ 948.437619][ T23] libceph: connect (1)[c::]:6789 error -101 [ 948.472191][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 949.337633][ T2128] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 949.768027][ T2128] usb 3-1: config 241 has an invalid interface number: 0 but max is -1 [ 949.805093][ T2128] usb 3-1: config 241 has 1 interface, different from the descriptor's value: 0 [ 949.997051][ T2128] usb 3-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=db.e9 [ 950.017471][ T2128] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 950.602534][ T2128] pcwd_usb: The device isn't a Human Interface Device [ 952.392104][T12222] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 953.034910][ T23] usb 3-1: USB disconnect, device number 7 [ 954.182716][ T23] libceph: connect (1)[c::]:6789 error -101 [ 954.194900][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 955.013180][ T23] libceph: connect (1)[c::]:6789 error -101 [ 955.031526][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 955.550185][ T23] libceph: connect (1)[c::]:6789 error -101 [ 955.559896][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 955.775283][T12242] input: syz1 as /devices/virtual/input/input20 [ 956.110012][T12227] ceph: No mds server is up or the cluster is laggy [ 959.552233][ T23] libceph: connect (1)[c::]:6789 error -101 [ 959.570066][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 959.850487][ T2128] libceph: connect (1)[c::]:6789 error -101 [ 959.884823][ T2128] libceph: mon0 (1)[c::]:6789 connect error [ 960.469102][ T23] libceph: connect (1)[c::]:6789 error -101 [ 960.498532][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 961.587022][T12296] input: syz1 as /devices/virtual/input/input21 [ 963.020568][ T23] libceph: connect (1)[c::]:6789 error -101 [ 963.027943][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 963.332732][ T23] libceph: connect (1)[c::]:6789 error -101 [ 963.376922][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 963.516202][T12283] ceph: No mds server is up or the cluster is laggy [ 967.870722][T12343] input: syz1 as /devices/virtual/input/input22 [ 970.978236][T12362] xt_nfacct: accounting object `syz1' does not exists [ 976.986976][T12425] debugfs: Directory 'ptm0' with parent 'caif_serial' already present! [ 979.482303][T12438] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 980.949031][T12456] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 984.373836][T12489] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 987.595500][T12521] bridge_slave_0: left allmulticast mode [ 987.645424][T12521] bridge_slave_0: left promiscuous mode [ 987.656069][T12521] bridge0: port 1(bridge_slave_0) entered disabled state [ 987.723701][T12521] bridge_slave_1: left allmulticast mode [ 987.739090][T12521] bridge_slave_1: left promiscuous mode [ 987.758302][T12521] bridge0: port 2(bridge_slave_1) entered disabled state [ 987.838409][T12521] bond0: (slave bond_slave_0): Releasing backup interface [ 987.865640][T12521] bond_slave_0: left promiscuous mode [ 987.958858][T12521] bond0: (slave bond_slave_1): Releasing backup interface [ 987.979952][T12521] bond_slave_1: left promiscuous mode [ 988.050312][T12521] team_slave_0: left promiscuous mode [ 990.165582][T12521] team0: Port device team_slave_0 removed [ 990.239453][T12521] team_slave_1: left promiscuous mode [ 990.638150][T12521] team0: Port device team_slave_1 removed [ 990.707591][T12521] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 990.737681][T12521] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 990.747251][T12521] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 990.761727][T12521] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 990.977765][T12538] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 992.298663][T12551] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1668'. [ 993.461667][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.486924][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 996.415602][T12591] tipc: Started in network mode [ 996.453480][T12591] tipc: Node identity ac1414aa, cluster identity 4711 [ 996.485274][T12591] tipc: Enabling of bearer rejected, failed to enable media [ 997.645221][T12604] ax25_connect(): syz.2.1687 uses autobind, please contact jreuter@yaina.de [ 998.883238][ T786] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 999.135356][ T786] usb 2-1: config 241 has an invalid interface number: 0 but max is -1 [ 999.156514][ T786] usb 2-1: config 241 has 1 interface, different from the descriptor's value: 0 [ 999.195608][ T786] usb 2-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=db.e9 [ 999.207036][ T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 999.302973][ T786] pcwd_usb: This driver only supports 1 device [ 1000.808059][ T2128] usb 2-1: USB disconnect, device number 14 [ 1000.983172][T12634] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1697'. [ 1001.023647][T12634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1697'. [ 1005.832360][ T2128] IPVS: starting estimator thread 0... [ 1005.929381][T12673] IPVS: using max 19 ests per chain, 45600 per kthread [ 1008.747907][ C0] ================================================================== [ 1008.756144][ C0] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x46a/0x4b0 [ 1008.764085][ C0] Read of size 2 at addr ffff88805f32142a by task syz.1.1714/12688 [ 1008.772016][ C0] [ 1008.774378][ C0] CPU: 0 PID: 12688 Comm: syz.1.1714 Not tainted 6.6.99-syzkaller #0 [ 1008.782465][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1008.792560][ C0] Call Trace: [ 1008.795862][ C0] [ 1008.798742][ C0] dump_stack_lvl+0x16c/0x230 [ 1008.803628][ C0] ? __lock_acquire+0x7c80/0x7c80 [ 1008.808699][ C0] ? show_regs_print_info+0x20/0x20 [ 1008.813989][ C0] ? load_image+0x3b0/0x3b0 [ 1008.818544][ C0] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 1008.824070][ C0] ? __virt_addr_valid+0x18c/0x540 [ 1008.829241][ C0] ? __virt_addr_valid+0x469/0x540 [ 1008.834484][ C0] print_report+0xac/0x200 [ 1008.838957][ C0] ? rose_timer_expiry+0x46a/0x4b0 [ 1008.844117][ C0] kasan_report+0x117/0x150 [ 1008.848920][ C0] ? rose_timer_expiry+0x46a/0x4b0 [ 1008.854079][ C0] rose_timer_expiry+0x46a/0x4b0 [ 1008.859075][ C0] call_timer_fn+0x16e/0x530 [ 1008.863712][ C0] ? rose_start_t1timer+0xd0/0xd0 [ 1008.868804][ C0] ? call_timer_fn+0xbf/0x530 [ 1008.873536][ C0] ? __run_timers+0x7d0/0x7d0 [ 1008.878258][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1008.883506][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 1008.888748][ C0] ? rose_start_t1timer+0xd0/0xd0 [ 1008.894161][ C0] __run_timers+0x52d/0x7d0 [ 1008.898717][ C0] ? detach_timer+0x2b0/0x2b0 [ 1008.903500][ C0] ? lock_chain_count+0x20/0x20 [ 1008.908373][ C0] run_timer_softirq+0x67/0xf0 [ 1008.913146][ C0] handle_softirqs+0x280/0x820 [ 1008.917932][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 1008.922715][ C0] ? do_softirq+0x180/0x180 [ 1008.927249][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 1008.932492][ C0] __irq_exit_rcu+0xc7/0x190 [ 1008.937113][ C0] ? irq_exit_rcu+0x20/0x20 [ 1008.941635][ C0] irq_exit_rcu+0x9/0x20 [ 1008.945894][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1008.951546][ C0] [ 1008.954477][ C0] [ 1008.957422][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1008.963520][ C0] RIP: 0010:lock_acquire+0x1f2/0x410 [ 1008.968841][ C0] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00 [ 1008.988754][ C0] RSP: 0018:ffffc9000b4a6ee0 EFLAGS: 00000206 [ 1008.995038][ C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 81d3b3c8db70b100 [ 1009.003039][ C0] RDX: 0000000000000000 RSI: ffffffff8aaacbc0 RDI: ffffffff8afc6680 [ 1009.011376][ C0] RBP: ffffc9000b4a6fe8 R08: dffffc0000000000 R09: 1ffffffff21b44a4 [ 1009.019367][ C0] R10: dffffc0000000000 R11: fffffbfff21b44a5 R12: 1ffff92001694de8 [ 1009.027356][ C0] R13: ffff8880b8e42318 R14: 0000000000000246 R15: dffffc0000000000 [ 1009.035356][ C0] ? read_lock_is_recursive+0x20/0x20 [ 1009.040758][ C0] ? do_raw_spin_trylock+0xac/0x180 [ 1009.045969][ C0] ? do_raw_spin_lock+0x2c0/0x2c0 [ 1009.051016][ C0] _raw_spin_trylock+0x47/0x80 [ 1009.055815][ C0] ? get_page_from_freelist+0x44f/0x19f0 [ 1009.061484][ C0] get_page_from_freelist+0x44f/0x19f0 [ 1009.066987][ C0] ? mark_lock+0x94/0x320 [ 1009.071372][ C0] ? __next_zones_zonelist+0x9d/0x130 [ 1009.076804][ C0] ? prepare_alloc_pages+0x366/0x5f0 [ 1009.082131][ C0] __alloc_pages+0x1e3/0x460 [ 1009.086752][ C0] ? zone_statistics+0x170/0x170 [ 1009.091725][ C0] __folio_alloc+0x10/0x20 [ 1009.096213][ C0] vma_alloc_folio+0x47a/0x8f0 [ 1009.100995][ C0] ? mpol_shared_policy_lookup+0x14b/0x1e0 [ 1009.106811][ C0] shmem_alloc_folio+0x179/0x230 [ 1009.111772][ C0] ? folio_put+0xd0/0xd0 [ 1009.116050][ C0] ? shmem_inode_acct_block+0x324/0x460 [ 1009.121715][ C0] shmem_alloc_and_acct_folio+0x189/0x630 [ 1009.127457][ C0] ? put_swap_device+0x230/0x230 [ 1009.132625][ C0] ? xas_load+0x12b/0x140 [ 1009.136961][ C0] ? filemap_get_entry+0xb1/0x3c0 [ 1009.142004][ C0] ? filemap_get_entry+0xb1/0x3c0 [ 1009.147063][ C0] ? filemap_get_entry+0x35c/0x3c0 [ 1009.152212][ C0] ? page_cache_prev_miss+0x360/0x360 [ 1009.157650][ C0] shmem_get_folio_gfp+0xcde/0x2ac0 [ 1009.162906][ C0] shmem_fault+0x1b6/0x7f0 [ 1009.167466][ C0] ? zero_pipe_buf_get+0x10/0x10 [ 1009.172458][ C0] ? handle_mm_fault+0xd1/0x4920 [ 1009.177606][ C0] ? __lock_acquire+0x7c80/0x7c80 [ 1009.182954][ C0] __do_fault+0x13b/0x4e0 [ 1009.187324][ C0] ? handle_mm_fault+0x386a/0x4920 [ 1009.192478][ C0] ? handle_mm_fault+0xd1/0x4920 [ 1009.197456][ C0] handle_mm_fault+0x3886/0x4920 [ 1009.202433][ C0] ? handle_mm_fault+0xd1/0x4920 [ 1009.207393][ C0] ? numa_migrate_prep+0x350/0x350 [ 1009.212515][ C0] ? follow_page_pte+0x6fb/0x1a70 [ 1009.217562][ C0] ? pmd_lock+0x60/0x60 [ 1009.221863][ C0] __get_user_pages+0x5ea/0x1470 [ 1009.226905][ C0] ? mtree_destroy+0x30/0x30 [ 1009.231504][ C0] ? populate_vma_page_range+0x370/0x370 [ 1009.237321][ C0] populate_vma_page_range+0x2b6/0x370 [ 1009.242823][ C0] ? fixup_user_fault+0x710/0x710 [ 1009.247868][ C0] ? userfaultfd_unmap_complete+0x279/0x2d0 [ 1009.253884][ C0] ? down_read+0x1ac/0x2e0 [ 1009.258342][ C0] __mm_populate+0x24c/0x380 [ 1009.262991][ C0] ? faultin_page_range+0x8f0/0x8f0 [ 1009.268222][ C0] ? up_write+0x1c3/0x410 [ 1009.272567][ C0] vm_mmap_pgoff+0x2e7/0x400 [ 1009.277193][ C0] ? account_locked_vm+0x210/0x210 [ 1009.282327][ C0] ? ksys_mmap_pgoff+0xea/0x700 [ 1009.287193][ C0] ? __x64_sys_mmap+0x7a/0x130 [ 1009.291979][ C0] do_syscall_64+0x55/0xb0 [ 1009.296404][ C0] ? clear_bhb_loop+0x40/0x90 [ 1009.301091][ C0] ? clear_bhb_loop+0x40/0x90 [ 1009.305775][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1009.311683][ C0] RIP: 0033:0x7f20e798e9a9 [ 1009.316133][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1009.335748][ C0] RSP: 002b:00007f20e8835038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1009.344173][ C0] RAX: ffffffffffffffda RBX: 00007f20e7bb5fa0 RCX: 00007f20e798e9a9 [ 1009.352157][ C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000 [ 1009.360135][ C0] RBP: 00007f20e7a10ca1 R08: ffffffffffffffff R09: 0000000000000000 [ 1009.368110][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 1009.376079][ C0] R13: 0000000000000000 R14: 00007f20e7bb5fa0 R15: 00007ffd642acb78 [ 1009.384074][ C0] [ 1009.387123][ C0] [ 1009.389465][ C0] Allocated by task 5156: [ 1009.393878][ C0] kasan_set_track+0x4e/0x70 [ 1009.398485][ C0] __kasan_kmalloc+0x8f/0xa0 [ 1009.403078][ C0] kernfs_fop_open+0x3f5/0xcc0 [ 1009.407860][ C0] do_dentry_open+0x8c6/0x1500 [ 1009.412649][ C0] path_openat+0x274b/0x3190 [ 1009.417263][ C0] do_filp_open+0x1c5/0x3d0 [ 1009.421798][ C0] do_sys_openat2+0x12c/0x1c0 [ 1009.426497][ C0] __x64_sys_openat+0x139/0x160 [ 1009.431406][ C0] do_syscall_64+0x55/0xb0 [ 1009.435841][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1009.441759][ C0] [ 1009.444086][ C0] Last potentially related work creation: [ 1009.449973][ C0] kasan_save_stack+0x3e/0x60 [ 1009.454661][ C0] __kasan_record_aux_stack+0xaf/0xc0 [ 1009.460038][ C0] insert_work+0x3d/0x310 [ 1009.464371][ C0] __queue_work+0xd2c/0x1020 [ 1009.468960][ C0] call_timer_fn+0x16e/0x530 [ 1009.473647][ C0] __run_timers+0x558/0x7d0 [ 1009.478187][ C0] run_timer_softirq+0x67/0xf0 [ 1009.482961][ C0] handle_softirqs+0x280/0x820 [ 1009.487751][ C0] __irq_exit_rcu+0xc7/0x190 [ 1009.492468][ C0] irq_exit_rcu+0x9/0x20 [ 1009.496731][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1009.502404][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1009.508435][ C0] [ 1009.510767][ C0] The buggy address belongs to the object at ffff88805f321400 [ 1009.510767][ C0] which belongs to the cache kmalloc-512 of size 512 [ 1009.524915][ C0] The buggy address is located 42 bytes inside of [ 1009.524915][ C0] freed 512-byte region [ffff88805f321400, ffff88805f321600) [ 1009.538716][ C0] [ 1009.541042][ C0] The buggy address belongs to the physical page: [ 1009.547457][ C0] page:ffffea00017cc800 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805f323000 pfn:0x5f320 [ 1009.558945][ C0] head:ffffea00017cc800 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1009.567893][ C0] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1009.575975][ C0] page_type: 0xffffffff() [ 1009.580320][ C0] raw: 00fff00000000840 ffff888017841c80 ffffea00017a5810 ffffea00017cda10 [ 1009.588942][ C0] raw: ffff88805f323000 000000000010000e 00000001ffffffff 0000000000000000 [ 1009.597532][ C0] page dumped because: kasan: bad access detected [ 1009.603963][ C0] page_owner tracks the page as allocated [ 1009.609852][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2975, tgid 2975 (kworker/u4:7), ts 90640802910, free_ts 27627790404 [ 1009.629254][ C0] post_alloc_hook+0x1cd/0x210 [ 1009.634072][ C0] get_page_from_freelist+0x195c/0x19f0 [ 1009.639675][ C0] __alloc_pages+0x1e3/0x460 [ 1009.644287][ C0] alloc_slab_page+0x5d/0x170 [ 1009.648987][ C0] new_slab+0x87/0x2e0 [ 1009.653237][ C0] ___slab_alloc+0xc6d/0x12f0 [ 1009.657933][ C0] __kmem_cache_alloc_node+0x1a2/0x260 [ 1009.663398][ C0] __kmalloc+0xa4/0x240 [ 1009.667644][ C0] fib6_info_alloc+0x32/0xe0 [ 1009.672324][ C0] ip6_route_info_create+0x44f/0x1200 [ 1009.677714][ C0] ip6_route_add+0x28/0x130 [ 1009.682327][ C0] addrconf_add_linklocal+0x45c/0x6b0 [ 1009.687724][ C0] addrconf_addr_gen+0x4ac/0x5a0 [ 1009.692673][ C0] addrconf_init_auto_addrs+0x70e/0xaa0 [ 1009.698220][ C0] addrconf_notify+0xb62/0x1010 [ 1009.703076][ C0] notifier_call_chain+0x197/0x390 [ 1009.708192][ C0] page last free stack trace: [ 1009.712860][ C0] free_unref_page_prepare+0x7ce/0x8e0 [ 1009.718347][ C0] free_unref_page+0x32/0x2e0 [ 1009.723029][ C0] free_contig_range+0xa1/0x160 [ 1009.727884][ C0] destroy_args+0x87/0x770 [ 1009.732366][ C0] debug_vm_pgtable+0x3cc/0x410 [ 1009.737219][ C0] do_one_initcall+0x1fd/0x750 [ 1009.741988][ C0] do_initcall_level+0x137/0x1f0 [ 1009.746952][ C0] do_initcalls+0x69/0xd0 [ 1009.751300][ C0] kernel_init_freeable+0x3d2/0x570 [ 1009.756612][ C0] kernel_init+0x1d/0x1c0 [ 1009.761317][ C0] ret_from_fork+0x48/0x80 [ 1009.765753][ C0] ret_from_fork_asm+0x11/0x20 [ 1009.770541][ C0] [ 1009.772953][ C0] Memory state around the buggy address: [ 1009.778672][ C0] ffff88805f321300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1009.787032][ C0] ffff88805f321380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1009.795217][ C0] >ffff88805f321400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1009.803280][ C0] ^ [ 1009.808653][ C0] ffff88805f321480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1009.816722][ C0] ffff88805f321500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1009.824809][ C0] ================================================================== [ 1009.833103][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1009.840295][ C0] CPU: 0 PID: 12688 Comm: syz.1.1714 Not tainted 6.6.99-syzkaller #0 [ 1009.848359][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1009.858422][ C0] Call Trace: [ 1009.861731][ C0] [ 1009.864684][ C0] dump_stack_lvl+0x16c/0x230 [ 1009.869475][ C0] ? show_regs_print_info+0x20/0x20 [ 1009.874696][ C0] ? load_image+0x3b0/0x3b0 [ 1009.879218][ C0] panic+0x2c0/0x710 [ 1009.883131][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 1009.887656][ C0] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 1009.893570][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 1009.899479][ C0] ? _raw_spin_unlock+0x40/0x40 [ 1009.904350][ C0] ? print_memory_metadata+0x314/0x400 [ 1009.909868][ C0] ? rose_timer_expiry+0x46a/0x4b0 [ 1009.915002][ C0] check_panic_on_warn+0x84/0xa0 [ 1009.919969][ C0] ? rose_timer_expiry+0x46a/0x4b0 [ 1009.925093][ C0] end_report+0x6f/0x140 [ 1009.929428][ C0] kasan_report+0x128/0x150 [ 1009.934033][ C0] ? rose_timer_expiry+0x46a/0x4b0 [ 1009.939179][ C0] rose_timer_expiry+0x46a/0x4b0 [ 1009.944135][ C0] call_timer_fn+0x16e/0x530 [ 1009.948734][ C0] ? rose_start_t1timer+0xd0/0xd0 [ 1009.953950][ C0] ? call_timer_fn+0xbf/0x530 [ 1009.958655][ C0] ? __run_timers+0x7d0/0x7d0 [ 1009.963355][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1009.968885][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 1009.974271][ C0] ? rose_start_t1timer+0xd0/0xd0 [ 1009.979340][ C0] __run_timers+0x52d/0x7d0 [ 1009.983852][ C0] ? detach_timer+0x2b0/0x2b0 [ 1009.988558][ C0] ? lock_chain_count+0x20/0x20 [ 1009.993413][ C0] run_timer_softirq+0x67/0xf0 [ 1009.998181][ C0] handle_softirqs+0x280/0x820 [ 1010.002948][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 1010.007903][ C0] ? do_softirq+0x180/0x180 [ 1010.012408][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 1010.017619][ C0] __irq_exit_rcu+0xc7/0x190 [ 1010.022220][ C0] ? irq_exit_rcu+0x20/0x20 [ 1010.026722][ C0] irq_exit_rcu+0x9/0x20 [ 1010.030975][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1010.036700][ C0] [ 1010.039657][ C0] [ 1010.042585][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1010.048687][ C0] RIP: 0010:lock_acquire+0x1f2/0x410 [ 1010.054062][ C0] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00 [ 1010.074227][ C0] RSP: 0018:ffffc9000b4a6ee0 EFLAGS: 00000206 [ 1010.080307][ C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 81d3b3c8db70b100 [ 1010.088367][ C0] RDX: 0000000000000000 RSI: ffffffff8aaacbc0 RDI: ffffffff8afc6680 [ 1010.096422][ C0] RBP: ffffc9000b4a6fe8 R08: dffffc0000000000 R09: 1ffffffff21b44a4 [ 1010.104427][ C0] R10: dffffc0000000000 R11: fffffbfff21b44a5 R12: 1ffff92001694de8 [ 1010.112489][ C0] R13: ffff8880b8e42318 R14: 0000000000000246 R15: dffffc0000000000 [ 1010.120474][ C0] ? read_lock_is_recursive+0x20/0x20 [ 1010.125854][ C0] ? do_raw_spin_trylock+0xac/0x180 [ 1010.131058][ C0] ? do_raw_spin_lock+0x2c0/0x2c0 [ 1010.136180][ C0] _raw_spin_trylock+0x47/0x80 [ 1010.140955][ C0] ? get_page_from_freelist+0x44f/0x19f0 [ 1010.146597][ C0] get_page_from_freelist+0x44f/0x19f0 [ 1010.152095][ C0] ? mark_lock+0x94/0x320 [ 1010.156442][ C0] ? __next_zones_zonelist+0x9d/0x130 [ 1010.161920][ C0] ? prepare_alloc_pages+0x366/0x5f0 [ 1010.167226][ C0] __alloc_pages+0x1e3/0x460 [ 1010.171839][ C0] ? zone_statistics+0x170/0x170 [ 1010.176808][ C0] __folio_alloc+0x10/0x20 [ 1010.181270][ C0] vma_alloc_folio+0x47a/0x8f0 [ 1010.186051][ C0] ? mpol_shared_policy_lookup+0x14b/0x1e0 [ 1010.191892][ C0] shmem_alloc_folio+0x179/0x230 [ 1010.196867][ C0] ? folio_put+0xd0/0xd0 [ 1010.201143][ C0] ? shmem_inode_acct_block+0x324/0x460 [ 1010.206865][ C0] shmem_alloc_and_acct_folio+0x189/0x630 [ 1010.212721][ C0] ? put_swap_device+0x230/0x230 [ 1010.217682][ C0] ? xas_load+0x12b/0x140 [ 1010.222030][ C0] ? filemap_get_entry+0xb1/0x3c0 [ 1010.227057][ C0] ? filemap_get_entry+0xb1/0x3c0 [ 1010.232085][ C0] ? filemap_get_entry+0x35c/0x3c0 [ 1010.237196][ C0] ? page_cache_prev_miss+0x360/0x360 [ 1010.242578][ C0] shmem_get_folio_gfp+0xcde/0x2ac0 [ 1010.247794][ C0] shmem_fault+0x1b6/0x7f0 [ 1010.252262][ C0] ? zero_pipe_buf_get+0x10/0x10 [ 1010.257247][ C0] ? handle_mm_fault+0xd1/0x4920 [ 1010.262210][ C0] ? __lock_acquire+0x7c80/0x7c80 [ 1010.267243][ C0] __do_fault+0x13b/0x4e0 [ 1010.271602][ C0] ? handle_mm_fault+0x386a/0x4920 [ 1010.276723][ C0] ? handle_mm_fault+0xd1/0x4920 [ 1010.281673][ C0] handle_mm_fault+0x3886/0x4920 [ 1010.286625][ C0] ? handle_mm_fault+0xd1/0x4920 [ 1010.291578][ C0] ? numa_migrate_prep+0x350/0x350 [ 1010.296697][ C0] ? follow_page_pte+0x6fb/0x1a70 [ 1010.301738][ C0] ? pmd_lock+0x60/0x60 [ 1010.305902][ C0] __get_user_pages+0x5ea/0x1470 [ 1010.310855][ C0] ? mtree_destroy+0x30/0x30 [ 1010.315454][ C0] ? populate_vma_page_range+0x370/0x370 [ 1010.321184][ C0] populate_vma_page_range+0x2b6/0x370 [ 1010.326649][ C0] ? fixup_user_fault+0x710/0x710 [ 1010.331680][ C0] ? userfaultfd_unmap_complete+0x279/0x2d0 [ 1010.337605][ C0] ? down_read+0x1ac/0x2e0 [ 1010.342073][ C0] __mm_populate+0x24c/0x380 [ 1010.346727][ C0] ? faultin_page_range+0x8f0/0x8f0 [ 1010.351952][ C0] ? up_write+0x1c3/0x410 [ 1010.356289][ C0] vm_mmap_pgoff+0x2e7/0x400 [ 1010.360903][ C0] ? account_locked_vm+0x210/0x210 [ 1010.366041][ C0] ? ksys_mmap_pgoff+0xea/0x700 [ 1010.370903][ C0] ? __x64_sys_mmap+0x7a/0x130 [ 1010.375686][ C0] do_syscall_64+0x55/0xb0 [ 1010.380109][ C0] ? clear_bhb_loop+0x40/0x90 [ 1010.384820][ C0] ? clear_bhb_loop+0x40/0x90 [ 1010.389499][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1010.395664][ C0] RIP: 0033:0x7f20e798e9a9 [ 1010.400172][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1010.419792][ C0] RSP: 002b:00007f20e8835038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1010.428216][ C0] RAX: ffffffffffffffda RBX: 00007f20e7bb5fa0 RCX: 00007f20e798e9a9 [ 1010.436218][ C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000 [ 1010.444215][ C0] RBP: 00007f20e7a10ca1 R08: ffffffffffffffff R09: 0000000000000000 [ 1010.452203][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 1010.460290][ C0] R13: 0000000000000000 R14: 00007f20e7bb5fa0 R15: 00007ffd642acb78 [ 1010.468374][ C0] [ 1010.471679][ C0] Kernel Offset: disabled [ 1010.476180][ C0] Rebooting in 86400 seconds..