last executing test programs: 3m16.520812057s ago: executing program 4 (id=248): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @val=@tcx}, 0x1c) syz_emit_ethernet(0x2a, &(0x7f00000005c0)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @echo_reply={0x0, 0x0, 0x0, 0x65, 0x4}}}}}, 0x0) 3m16.362339271s ago: executing program 4 (id=250): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) r1 = socket(0x28, 0x5, 0x0) r2 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r2, 0x4) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmmsg$unix(r1, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x6cfc686d3553f0e1, 0x0) 3m15.810150709s ago: executing program 4 (id=251): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000200)={0x0, 0x0, 0x20}, &(0x7f0000002380)=0x18) 3m15.530539216s ago: executing program 4 (id=253): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) umount2(&(0x7f0000000080)='./file0/../file0\x00', 0x0) 3m14.775801412s ago: executing program 4 (id=254): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000440)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x1) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x104) fdatasync(r1) 3m13.708610772s ago: executing program 4 (id=262): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) sendto$inet(r0, &(0x7f00000003c0)='%', 0x1, 0x2400c0c1, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) 3m13.180681523s ago: executing program 32 (id=262): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) sendto$inet(r0, &(0x7f00000003c0)='%', 0x1, 0x2400c0c1, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) 2m21.126248955s ago: executing program 5 (id=429): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}}, 0x0) recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1020}], 0x1}}], 0x8, 0x34000, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x8aba, 0x4, 0x6, 0x804, 0x7, 0xf, 0x120000, 0x5, 0x0, 0x8, 0x8000000000000001, 0x2, 0xfffffffffffffffe, 0x101, 0x0, 0x1], 0x8000000, 0x141200}) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2m20.392002792s ago: executing program 5 (id=431): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x94173000) r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) openat$cgroup_subtree(r1, &(0x7f0000000080), 0x2, 0x0) sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]}) syz_open_dev$sndctrl(0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 2m15.595968816s ago: executing program 5 (id=449): bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000740)=""/67, 0x0, 0xd000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz1\x00', {0x8000, 0xcb2, 0x4, 0xb1e9}, 0x3d, [0xfff, 0xb, 0x76, 0x80c, 0x2, 0xbbf2, 0x66, 0x6, 0x7fff, 0x8001, 0x1, 0x7fe00, 0x7, 0x4, 0x3, 0x9, 0x30a, 0x0, 0x4, 0x7, 0x690, 0x83c, 0xfffffffa, 0xe2, 0xf6c, 0x8, 0x161, 0xfffeffff, 0x6, 0x10000, 0x9, 0x9, 0xe13, 0x5, 0x1, 0x6, 0x3, 0x200, 0x5, 0xff, 0x5, 0x5, 0x7, 0x0, 0x800, 0xf, 0x4, 0x3, 0xf, 0x7, 0x7f, 0x8, 0xfff, 0x5, 0x4, 0x9, 0xe3, 0x2, 0x5, 0xfffffb3f, 0x0, 0x6, 0x7ff, 0x1], [0x1, 0xfffffc00, 0x4, 0x400, 0xe, 0x6, 0x8, 0x6, 0x1, 0x81, 0x9, 0xfffffffe, 0x7, 0x8, 0xa, 0x101, 0x70, 0xffff, 0xffff, 0x3, 0x0, 0x8, 0x2, 0x5, 0x4, 0x8, 0x10001, 0x8001, 0x2, 0x400, 0xfffffc00, 0x7, 0x5, 0x7, 0x8, 0x1, 0x0, 0x7, 0xe, 0x75e, 0x4, 0x9, 0x9a8, 0x10, 0xbf8, 0x84, 0xfffffc00, 0x7ff, 0xb, 0x2, 0x0, 0x1, 0x1000, 0x6, 0x6ccf4fc6, 0x0, 0x70, 0xffffff80, 0x5, 0x2fa20546, 0xe, 0x6, 0x8694, 0x4], [0x1, 0x8, 0x8, 0x8, 0x10000, 0x8, 0x4, 0xf8d, 0x401, 0x5, 0x8000, 0x7, 0x7, 0xc, 0xfffffff8, 0x1, 0x3, 0x5, 0x40, 0x4c04, 0x1, 0x40, 0x1, 0x8001, 0x3, 0xc212, 0x6, 0x8, 0xffffffff, 0x1, 0xc5, 0x2, 0x8, 0xe17d, 0x93a2, 0xfe, 0x9, 0x0, 0x0, 0x1, 0x3, 0x6, 0x3, 0xf, 0x2, 0x9, 0x5b1fbd6e, 0x7, 0xffffff81, 0x2, 0x2, 0x1, 0x4, 0x3, 0x74d, 0x6, 0x5, 0x6, 0x1, 0x0, 0x100, 0x9, 0x0, 0x7f], [0x8, 0xffff, 0x3, 0x2, 0x8, 0x3, 0x0, 0x400, 0xfffffff7, 0x3, 0xe, 0xb2, 0x80000000, 0x3, 0x800, 0xc6b, 0x8, 0x4, 0x3, 0x4, 0xfffffffd, 0x8, 0x7, 0x8c, 0x3c, 0x12000, 0x3d, 0x9, 0x6, 0x8, 0x3fb, 0x1, 0x0, 0x80, 0x69361293, 0x6, 0x401, 0x2, 0x992, 0x7fff, 0xfffffffe, 0x4, 0x6, 0x6, 0x400, 0x1, 0xc, 0xffff4e34, 0x53d, 0x6, 0x8, 0xffff8001, 0x8001, 0x5c, 0x10000, 0xb468, 0x6, 0xffff, 0x8, 0x8001, 0x2, 0x0, 0x9]}, 0x45c) 2m15.230520985s ago: executing program 5 (id=451): sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000a40)="ccb7a66ef87a890391f1f97eab423fe7e69296eb55af1a5c820ce1a26312f4a968467efbf1bb6b92275ea38c435d3cec751a4060bbe58a45119e17b98f114459a9e8541abeef3738a960c8b69a341ec53fff", 0x52}], 0x1}}], 0x1, 0x40005) recvmmsg(0xffffffffffffffff, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000080)}, 0x7}], 0x1, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000000)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x3) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x3, 0xffffffff, 0x8, 0xdeb9, 0x8, 0x5, 0x6, 0xfffffffffffffff2, 0x5, 0x6736, 0x2, 0x5, 0x7, 0xfffffffffffffff9, 0xa7, 0xa9], 0xdddd0000, 0x82200}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000740)={"808653769f50df58624295cc7aeae1914d55ba337e30f9a12499193c721e5882fd645f9bb2e2cf88f1c084f6a82522cec7592c4114e068ac3f651dc519c1dc1e763bb8e987153e52c192c5e8652809b057e483fa3281dc50559a0867e1a66e314026cfe30b84c3a1d0bf3db7a748162421014d3fcac3c4cb7e6a22e3938e05c03693bd4a88b47311dd93bede2a46065704f63fd88dacc60ec3004705fe45c8dd154025e7ba8e0e8ebd0e9036ccf370829c44b18e0b759644657724838f714cdffc3937dbf27e0b34eb6d21a0a453b8f9b469e8a61de2c33888e5413a5f884be17c8d210994dedefd3ed29099fb61c4e943a7f2d2af4a47e64d63af12b3b054007d645d4b3e55b34cb894bd58b1d21a45bf9418a78b60c7b5341b9107bf4b0d37fe622a36cd305f2fa2f566786d636838eaf8658e432510170ce247ecc5102e890fb9a6faf4671421b1173995c262bfe6d45c5a0eda06109f0f049a6a1114764b85e7339ffbb22e84b623a686dd5287f23bc09007ba19f515e0b7e649ab8a6474859328a09a561f5ebcd6f9e8f38b7d12d0df01bf147852ed5b090e7baa56720d9ba22f71704704c322650e05a5a9f3351793adbb4f746992f879d990598344ead42b812e9599a20d51bad7ff93bf6104330897a7a34c10f95f60b934b2a864f6936cac5b5a73b628adadebea5ae5906e18c8927eab35e53fa6f016984e376e223363376dbc510810807b69e13e2946f6f8835a97efc8e6d8f78446203eae0bcd3e7f63c88499dc0829c3df2b9900225c7f3074c1fcab2170d8d45e18679d10cdc394ae214960c1655b5f61fcb55dcabe240eab6d7f55d879ed12288be37c89406c28d2f95eb95e72e2a4d11554f2a5c3a03f1bb1d0f554531ecf5f19a435d484569a5c42ea89a1e7d664ad8f6ece582bcdb2d53c8002035fc4d99c12aacfaaf34e88c989d553ca138020f273a4b407c9f11f9c61f34d985a5e2acdf0ab14db335be776b84013153951363180d96fa765eb226b4bf25a652077749e6a8e987f9898f152205b175eee8c1e3fe47ab8ff68edd3453a0721817a29f4b3ea3022c3a5af3daf4d0cb9c4a34e3627e38bbeba0a67e5f142e252956d87a4fff8528b09432f2f5f4c15fbfdd2451925ea73f7a8bf37262580ab47d265ed6bfe3fb3e4e19feaa13a089fdba86043686d59792b865375b5665d6b91470ec80b7115ac095e4822815aeac232a1900daa6bd95efec249d485cf5e5a266e938d74ab9060622aa426cb76e9e22f24f6498448cc7c0c6ebf7dbc289f68faa0aeca1d51739f9d5868e573adc9a49523b476fe6f5e746ab57e50a996a38fe5f3d9181a8a03881aff8cb124bf981421d24e7d04b0aa43330616f4ebee30d23629f6f1387fdc0b3de32df913c205a211b921f7715c91f60bab4f7799b16798ae04baf89b9ae93becc59b"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m14.804781433s ago: executing program 5 (id=456): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) setpgid(0x0, r0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10) creat(&(0x7f00000001c0)='./file0\x00', 0x8) 2m13.865970655s ago: executing program 5 (id=461): socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x801) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) 1m58.185870205s ago: executing program 33 (id=461): socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x801) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) 1m40.732915497s ago: executing program 0 (id=550): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x36, 0x35d702) bind$netlink(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = memfd_create(&(0x7f00000001c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xf7\x00d2*Nha\x97\xd5\f\xde@\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\x91\xeb\xfc_q\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1a\x81]\x01*\x1b\xfd\xbcMA\xdcq\xa1b\x17\xab\xe4\x14l\x9b$\x13\xa7\x00MO\xb8\xfdX\xaaf*Du\x02z\x89(\xbcu\x9e\xdf\xe7es\xb9\x1e\xb2\x83\xdc\x82\xed\xcf\x1e\xff\x00\x00\x00\x00g\xa2-\xb1\x94\x9b\x04\x899\xf25\xae\xbb[C\x8aH\xa0\xb1\xa4&\xfb\xe4\xae\xf9R[jQ\x92\xc6K\xe6U\xaa3\xeb\x93\x84bIn\xc9\x11e\xf6;\xce\xee\xe2\x84]\x1eF\xee\xaf\x97Md\xbb\xd1}\x91\x12`\x02\xaa\xb2\xe8F7\t\x92\xedO`\xf7jc\x00\x11|]\x13\xaa<)0\x95-\xe7\xc5\xceuB\xba\xd5\x10\x1d4\x8f@\xfd6\xed?\xe5\xb7\x9d\xb7\xc3+m\x94\xf7\x00g\xa8\xd0y\xaa\x86\f?c\x8c.\x05\n\xf1\x9dw8\xbb\xcf\x9a\xfewx\xb7\xea\xb0\xe0\xa2\xa6/u\x18\xb8\x912g\x19\xcauw\xa8\x93\x80h\xad\x04\xf9sCB?b?\x1a\x04\x11U\xac\b\x9b\xd3\x04\xd9\xdb\xa3?qny\x19f{F\xb0\xb2\xc6\xe9\x1f\x13\x14\xbb\xde\x06\x16\b\x95^q\x0f\xc6\x16\xfeG\xf9\xf3D\xe9:\x86\xc8!4\xa0+\xba\x87\xdd\xbc\xbd\x93\xbb\xef*:\x00Ld\x00'/408, 0x4) ftruncate(r2, 0x40000001) 1m37.70805711s ago: executing program 0 (id=560): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b702000000000080bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b706000008ffffff9c6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000004a000000b70000000000000095000000000000008e17f199a68b061b93d83298a8cdda1ce784909b849d5550ad855dab54d8877a6db61d69f2ffcaa10350e11cb97ce8df1bc9a0c4eeceb9971e43405d621ffbc9b0d8ca56b50f0c010ddb03cf1c62d57c08a90b189d190c341035de53a9a53608c10556e5734eb84049761051ce540c772e201b2de17dfdb5b60939d5d6aed4062049b87e03e2cd18a77dda613e0c64497fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8000000000000000b91c61bd99dc89f12907af7dccd106cb937b450f859ce8292a79c3e40000b59b0fc46d6cec3c080a882add4e1179bd4a44f231a2d73148be428ba953df4aece69311687f4122073a236c3a32efa04137d46f0247d2638da3261c8162bb7c7824be6195a66d2e17e122040e11001131ce319045e5b3334e68475ac3f46aa2837f9004600daded9b19b35eebe52613c346e255421b23a278fd00004270b1cd5fc9aa2286ccca37db965d9dd366598f5ec993cb0cf127e2a46cfbdf63eea190d86a4d1b75ae98480100bd5828954a7d093a54f7e75b3753508ca3c41685d1e407315e59d626c23b3f89a926e9382966853774e7dd1f1a2177cdf2802237c177d543e8da47a01f05e113e53518270239b69c117e2637c31085f4d8a596b6edab26afaf6605b231199f38a6fc7eb83714387450ea18eafbace8eec18a4b2c442e7b88a7611c1283bec84e1715fb9f4fcaf52c08058fc4f21c0ad71adabdd850aed3eeec6eaab347bdf474e17b9aa345d1e6e3bb83f90230bdf53e7d0e5c3f914d905422b83f30936674ba8f0bffaf2305c0972df71fe5f4e015064716897bced7798509e64df360d95f9a4099f86438ac2bbcbdbd1d9db21a1d5c065567fd70aae68096827fa5c2d9bd20292344c7dcf6241447cfbb05b5d0fdb4e08afbac5397b64aa369922ed7ed8918f97294b6854210d2b93aaf92159dbaa2f186d4a420c68d6baf1c31de4f0bf478bfd51bb1e96ea849a80ae5a89be7e38474c7aade344d68324f9e12a6b9770e6bd12ae69efffaee58040753701af84c2924c1b5aea1650f42c9ae9820a33095f062fb88313d035ea405515a61a4be64f9fa0985c5be592090cc48291004609fdac2ab6100000000000000a84570c7c00d647daf8af334050b61e9b2d3f0adad1d1ff47be19b8da2799e9ecef8efabe73f92dbd0760f8bbd9c710bd1371e2b5d9a2ea2190f5e4f5cd641cdfe5d89f84a368ef7e6ff1eacdc0ec9e97b8f9c9e314661ea0aa8a104008d188b66b3a4aedeed9df4238a08fc2fb1007233cc2c87fcaa0cccd8ec03440eafe1c8660c73acc17bff740d199a7c0c52c63c0408b5158e0000000c275eedb02f141113cf2c55b2c08c2c68cc99d2bb5840fba332e1c82862ec9b90106248f81d32a47ac94ddee815dba8aeb5d3121cf247a81aef7805b020e9eec44cbe3055be69fe066824ba2292b9cdce41635fc00df96fb10a3a8cc60c4a76c65ebbb0640e0a29de94edf5cbefac1c5fa96e7080af804b22cabce10ea52f1018527f4aa39cdafa3eff63de2a7f50d042667820f6f86f276afb2b8134301e031351ee13013137e9d5cec0c84d7e3f82c6fd12eb98f9ea654bcb9ce59a2015183c6e65bb0537e611b830d74c30fb8207fca0990acdbb51e4e234026e00000000b3ebae3eb52c140953a350fcf0124b1a30b1afc29ea56f8413686d912eb8118d73ef9c6d3843ebcb555301c0205dd3bd9b1d742e334319c8979c322e92fbc2c400"/1423], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42) 1m36.645157718s ago: executing program 0 (id=564): r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)) dup(r0) socket$inet6(0xa, 0x802, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x11, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 1m35.926851913s ago: executing program 0 (id=566): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) chdir(&(0x7f0000000080)='./file1\x00') r1 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', 0x0, 0x1010412, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0) 1m35.211570509s ago: executing program 0 (id=571): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x185) r3 = inotify_init() inotify_add_watch(r3, &(0x7f0000000000)='./file1\x00', 0x56000129) fallocate(r2, 0x0, 0x1000000, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x2000000) 1m34.064153383s ago: executing program 0 (id=575): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x4000}, 0x10) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvfrom(r2, &(0x7f0000000140)=""/104, 0x68, 0x12020, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 1m33.706459752s ago: executing program 34 (id=575): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x4000}, 0x10) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvfrom(r2, &(0x7f0000000140)=""/104, 0x68, 0x12020, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 16.940859857s ago: executing program 7 (id=798): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) socket$unix(0x1, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x0, 0xbfdfffbc}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}}) io_uring_enter(r3, 0x32d7, 0x0, 0x46, 0x0, 0x0) 12.803279078s ago: executing program 7 (id=811): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000004140)=[{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000001c0)="14", 0x1}, {&(0x7f0000000280)="3b942cdf3dbb4d708446209c8a7a9893c711167b6aee1ac4a8cc59d92a394f460b20f21b9add9e84d2dba9e6df8034c449e64138a4aea2a8df6d35031bd3263f", 0x7fffefff}], 0x2}], 0x1, 0x0) 11.485006703s ago: executing program 1 (id=813): r0 = socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() setitimer(0x2, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00'}, 0x18) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000780)={0x2, 0x3, 0x0, 0x3, 0x18, 0x0, 0x70bd2c, 0x25dfdbfc, [@sadb_key={0x2, 0x9, 0x8, 0x0, '\n'}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x2}}, @sadb_sa={0x2, 0x1, 0x0, 0x4, 0x0, 0x3, 0xc}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x7}}, @sadb_key={0x8, 0x8, 0x1a8, 0x0, "67328c217950d4ed0ce9fd283e7a39cddf91db11b8d33fe41b6225fa8075fb71275ea059e57dbe5ddb41c0ece4532edb885207438d"}]}, 0xc0}, 0x1, 0x7}, 0x14) 9.548707739s ago: executing program 6 (id=816): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000180)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x478103, 0x60) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) 9.388823519s ago: executing program 1 (id=817): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x2c, 0x3, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r4, &(0x7f0000000140), &(0x7f0000000080)=@tcp6=r3, 0x2}, 0x20) 8.278813454s ago: executing program 1 (id=819): creat(0x0, 0x0) r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000280)=@multiplanar_userptr={0x0, 0x5, 0x4, 0x4000, 0x3ff, {0x0, 0x2710}, {0x0, 0xc, 0x4, 0x7, 0x2, 0x81, "e608f81b"}, 0x7, 0x2, {0x0}, 0x6}) r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000140)=0x122) mount$9p_fd(0x0, &(0x7f0000000580)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x14c, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_STAB={0x104, 0x2, "547d9ed0effe82c024750032ea49f09c72384049bcc87e42ca7e2c78d6a85178e447e32b5f4e4fabff6fb16a40901dc4221e42eb745b6332c476d0c3aefed8dc95af179570cf8cc43bc29eb93c6e78f5e1153d3d7c1542f77dc4b29877e2002685e850f2969cf2164fbf8db7e1713786899d2a8ab03ca5accb2e9b50e1fb7a4e3681b35f0f68461daa4f4e1583b9a02195dee35ae7c8bca085399157d5f30c2ec691c39267b2655c782b363a11645a0c78a39fab8c0ce69f11f2db45ee16e2975a80664f687d01bd7444244a25bdb9ec5b0fa8b1afc0254ddbca2e22ca1b189502b74d7ec4665c23804df713183d428f50a0d64e31e110c707eb3fe69f437992"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0xffffffff, 0x401, 0xffff, 0x2, 0xc, 0xe, 0x4}}]}}]}, 0x14c}}, 0x0) syz_usb_connect(0x3, 0x24, &(0x7f0000000440)={{0x12, 0x1, 0x200, 0xae, 0x3c, 0x50, 0x8, 0x61d, 0xc140, 0x311e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x1, 0x130, 0x8, [{{0x9, 0x4, 0x15, 0x6, 0x0, 0x7d, 0x18, 0xed, 0x64}}]}}]}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xb4}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) syz_usb_connect(0x0, 0x24, &(0x7f0000000340)={{0x12, 0x1, 0x0, 0xf0, 0x8f, 0xd, 0x40, 0x4b4, 0x6830, 0x86cf, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x88, 0x63, 0xc1}}]}}]}}, 0x0) 8.246934515s ago: executing program 6 (id=820): fsopen(&(0x7f0000000040)='binder\x00', 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 7.860066725s ago: executing program 7 (id=822): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000001000)=ANY=[@ANYBLOB="440f01"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000000180)={0x20, 0x9b4c36e34b07fa52}, 0x0, 0x0}) 7.040412544s ago: executing program 3 (id=823): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x4, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0xa) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000050000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989425f5d0b79f6584d0416d7c4bb9f547b328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f01000000010000006e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b98d2de10c21d3ea02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d000000200008000000000000001abc11c800000000000000000000000928ee53595a779d243a48cea769470424d20a04c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005472b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92fe8bad99ca332af00f191b66b6a6f732a91f0e2e9190e4b448da7de018c58e950767f9b320be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c52573d9308a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e495f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e4a48dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f00000021f8547d393dabe616fbbde21c90be00b5a22671395c7a69c6dd4d022ffc97ddb6aa025131652d409da1d8cfc3d219d4b1c1b7b8170d7c33d91db2b73f7ae02485a209a2474b5d0790d05c01bec623056e4d3f4d3149373a28b26a15a1fcce73d57e6eaf7e6f315fe275ebc9ef7aeca277dde01dde724f419803a2172a7833ceab38d21ca4f1dea5e1f4d8824167b21dd289dd4e6ecfba9e163bdbc48e1e758ecde05c10809c9edfa6d77c652fd742e6dad13d2a397bebe3ea8bc087d3720e2202f36c7719ae34f042e19dc08a3323a3d94098a7ec171469352bab1662c3e4d4803c565cfcce32dad628fade43a4844abb230ce608726fd87e93c405a96cf638c41510f26e9da5f316"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)=0x2) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_WANTACK(r2, 0x0, 0x0, 0x0, &(0x7f0000000040)) syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0) symlinkat(&(0x7f0000000000)='.\x02\x00', 0xffffffffffffffff, 0x0) setresuid(0xffffffffffffffff, 0xee00, 0x0) gettid() timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x1) 6.433594537s ago: executing program 3 (id=824): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001c00)=@base={0xb, 0x5, 0x7, 0x9, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) 5.995095363s ago: executing program 3 (id=826): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newchain={0x94, 0x64, 0x100, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xfff1}, {0xc, 0xe}}, [@f_rsvp={{0x9}, {0x64, 0x2, [@TCA_RSVP_POLICE={0x20, 0x5, [@TCA_POLICE_RESULT={0x8, 0x5, 0x100}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x6b}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x6}]}, @TCA_RSVP_CLASSID={0x8, 0x1, {0xa}}, @TCA_RSVP_PINFO={0x20, 0x4, {{0x1, 0x1, 0x6}, {0x7, 0x2, 0xe}, 0x29, 0x2}}, @TCA_RSVP_DST={0x8, 0x2, @remote}, @TCA_RSVP_POLICE={0x10, 0x5, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x1}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x20000820}, 0x40881) recvmmsg(r3, &(0x7f0000006fc0)=[{{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000d40)=""/13, 0xd}, {&(0x7f0000000d80)=""/247, 0xf7}], 0x2}, 0x3}], 0x1, 0x1, 0x0) 5.761861236s ago: executing program 6 (id=827): syz_usb_connect$uac1(0x0, 0xa4, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast}) 5.358754702s ago: executing program 1 (id=828): setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) close(0x3) r3 = socket(0x2, 0x80805, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010101}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r5, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000002c0)={r2, 0x5}, 0x8) 5.089292271s ago: executing program 1 (id=831): syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x18d6, &(0x7f0000000040)={0x0, 0x3}, &(0x7f0000ffe000), &(0x7f0000ffe000)) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r3, 0x2, &(0x7f0000000180), 0xfe) 4.36331399s ago: executing program 6 (id=832): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x53e}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) 4.195182542s ago: executing program 2 (id=833): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f00000001c0)='./file0\x00', 0x44000911) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r2, 0x2000009) sendfile(r0, r2, 0x0, 0x20000000000006) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) tee(r3, r4, 0x8000000000003, 0x0) 3.407095607s ago: executing program 1 (id=834): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890) syz_usb_connect(0x5, 0x48, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 3.280574778s ago: executing program 7 (id=835): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0) r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000280)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x9, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x4, 0x21}}}, 0x3f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(0x0, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, 0x0, 0x21eae}}, 0x20}}, 0x0) 2.855341956s ago: executing program 2 (id=836): userfaultfd(0x801) syz_io_uring_setup(0x237, 0x0, &(0x7f0000000040), 0x0) r0 = socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x50, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x4, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @local}}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x8010}, 0x4000000) 2.717834727s ago: executing program 2 (id=837): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001300)=""/102392, 0x18ff8) syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TCGETA(0xffffffffffffffff, 0x5405, &(0x7f0000000080)) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'}) setsockopt$packet_add_memb(r1, 0x107, 0x1, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f30216000000000000000000000002001b0008000000e9000000000000000300060000000000020000000000000000000000000000000200010000000000000003fcff000020030005000000000002000000ac1414aa00000000000000000a00080008"], 0xb0}, 0x1, 0x7}, 0x0) 2.488930742s ago: executing program 2 (id=838): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, 0x0, 0x0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000040), &(0x7f00000002c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.329952508s ago: executing program 3 (id=839): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x108, 0x0, 0x0, 0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) pipe(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x1) close(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_int(r3, 0x1, 0x200000010, &(0x7f0000000040)=0x9, 0x65) splice(r1, 0x0, r2, 0x0, 0xfffd, 0x0) 2.271298088s ago: executing program 6 (id=840): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x80) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001540)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0xc}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}}, 0x0) 2.144813399s ago: executing program 3 (id=841): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x2, 0x1, 0x401, 0x0, 0x0, {0x7}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x6}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x2}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x8}]}, 0x34}}, 0x800) 2.100775328s ago: executing program 2 (id=842): prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) mkdir(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010) 2.01171466s ago: executing program 7 (id=843): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x802, 0x0) getsockname$llc(r3, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0) 1.094231795s ago: executing program 6 (id=844): r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, 0x0, 0x0) syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2de, 0x0, 0xffffffff}, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r2, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r2, 0x0, 0x19, &(0x7f0000000180)=0x1f5, 0x4) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x7, 0x4, 0x438, 0x130, 0x240, 0x0, 0x240, 0x370, 0x350, 0x4, 0x0, {[{{@arp={@private, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_to_batadv\x00', 'batadv0\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "bc2e329885ea3654891fbae8c6c66e07212432bde429bcda7deb48d85c6f5e269c2021c8f8dc09af0b3f2e10e8ac79cc67e264613c4be6838ee2daacf7926a6e"}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @rand_addr, @broadcast}}}, {{@arp={@private, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0\x00', 'veth0_to_bond\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x488) setsockopt$inet_int(r2, 0x0, 0x14, &(0x7f0000000000)=0x40, 0x4) recvmmsg(r2, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 984.61252ms ago: executing program 3 (id=845): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x10, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb000000, 0x0, 0x0, 0x0, 0x7ff}, {{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) 949.288247ms ago: executing program 2 (id=846): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) connect$inet(r3, 0x0, 0x0) close(0x4) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x242800, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) 0s ago: executing program 7 (id=847): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x49f, &(0x7f0000000400)={0x0, 0xf97f, 0x400, 0x1, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x23, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r5 = eventfd2(0xff, 0x80001) io_uring_register$IORING_REGISTER_EVENTFD(r2, 0x4, &(0x7f0000000300)=r5, 0x1) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r2, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r2, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.125' (ED25519) to the list of known hosts. [ 80.908296][ T5824] cgroup: Unknown subsys name 'net' [ 81.060158][ T5824] cgroup: Unknown subsys name 'cpuset' [ 81.069042][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.497426][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.117902][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.126592][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.135351][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.143849][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.149991][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.152328][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.167487][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.173250][ T5854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.175170][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.184971][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.191276][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.197322][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.204503][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.212856][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.219400][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.227554][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.236967][ T5157] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.241256][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.248315][ T5157] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.256314][ T5854] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.264351][ T5157] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.283764][ T5157] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.284379][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.293878][ T5157] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.306625][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.862293][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 86.122329][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 86.140983][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 86.166769][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 86.265881][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 86.287095][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.295745][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.303367][ T5837] bridge_slave_0: entered allmulticast mode [ 86.311833][ T5837] bridge_slave_0: entered promiscuous mode [ 86.364241][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.372159][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.380584][ T5837] bridge_slave_1: entered allmulticast mode [ 86.388267][ T5837] bridge_slave_1: entered promiscuous mode [ 86.460036][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.504031][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.586436][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.593837][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.601893][ T5834] bridge_slave_0: entered allmulticast mode [ 86.609385][ T5834] bridge_slave_0: entered promiscuous mode [ 86.640393][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.647797][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.655558][ T5835] bridge_slave_0: entered allmulticast mode [ 86.663182][ T5835] bridge_slave_0: entered promiscuous mode [ 86.677911][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.685309][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.692584][ T5834] bridge_slave_1: entered allmulticast mode [ 86.700347][ T5834] bridge_slave_1: entered promiscuous mode [ 86.723741][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.732023][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.739807][ T5836] bridge_slave_0: entered allmulticast mode [ 86.747666][ T5836] bridge_slave_0: entered promiscuous mode [ 86.758596][ T5837] team0: Port device team_slave_0 added [ 86.765022][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.772556][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.780290][ T5835] bridge_slave_1: entered allmulticast mode [ 86.789445][ T5835] bridge_slave_1: entered promiscuous mode [ 86.857217][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.869477][ T5837] team0: Port device team_slave_1 added [ 86.875992][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.883389][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.891037][ T5836] bridge_slave_1: entered allmulticast mode [ 86.898273][ T5836] bridge_slave_1: entered promiscuous mode [ 86.923552][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.933133][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.941983][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.949700][ T5844] bridge_slave_0: entered allmulticast mode [ 86.957601][ T5844] bridge_slave_0: entered promiscuous mode [ 86.967422][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.005204][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.029102][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.044918][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.052654][ T5844] bridge_slave_1: entered allmulticast mode [ 87.060872][ T5844] bridge_slave_1: entered promiscuous mode [ 87.157717][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.164712][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.195343][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.230591][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.238092][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.265316][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.279784][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.311126][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.356228][ T51] Bluetooth: hci3: command tx timeout [ 87.356236][ T5849] Bluetooth: hci4: command tx timeout [ 87.356546][ T5849] Bluetooth: hci1: command tx timeout [ 87.361996][ T51] Bluetooth: hci0: command tx timeout [ 87.367908][ T5848] Bluetooth: hci2: command tx timeout [ 87.403136][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.417363][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.430802][ T5834] team0: Port device team_slave_0 added [ 87.440699][ T5835] team0: Port device team_slave_0 added [ 87.498053][ T5834] team0: Port device team_slave_1 added [ 87.518654][ T5835] team0: Port device team_slave_1 added [ 87.528931][ T5844] team0: Port device team_slave_0 added [ 87.584130][ T5844] team0: Port device team_slave_1 added [ 87.606607][ T5837] hsr_slave_0: entered promiscuous mode [ 87.613432][ T5837] hsr_slave_1: entered promiscuous mode [ 87.624398][ T5836] team0: Port device team_slave_0 added [ 87.656355][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.663588][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.692195][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.721377][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.728712][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.755658][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.769612][ T5836] team0: Port device team_slave_1 added [ 87.792373][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.799847][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.826798][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.838825][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.846624][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.873394][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.904476][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.912221][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.938808][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.968146][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.975519][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.003153][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.015790][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.022946][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.050463][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.119500][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.127127][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.154457][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.210966][ T5835] hsr_slave_0: entered promiscuous mode [ 88.217760][ T5835] hsr_slave_1: entered promiscuous mode [ 88.224440][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.232629][ T5835] Cannot create hsr debugfs directory [ 88.346396][ T5844] hsr_slave_0: entered promiscuous mode [ 88.353407][ T5844] hsr_slave_1: entered promiscuous mode [ 88.362024][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.370391][ T5844] Cannot create hsr debugfs directory [ 88.432478][ T5834] hsr_slave_0: entered promiscuous mode [ 88.456333][ T5834] hsr_slave_1: entered promiscuous mode [ 88.462857][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.471555][ T5834] Cannot create hsr debugfs directory [ 88.501004][ T5836] hsr_slave_0: entered promiscuous mode [ 88.508124][ T5836] hsr_slave_1: entered promiscuous mode [ 88.514261][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.522189][ T5836] Cannot create hsr debugfs directory [ 89.041946][ T5837] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.058586][ T5837] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.087809][ T5837] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.124161][ T5837] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.198334][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.217951][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.242904][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.270908][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.341038][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.353157][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.381099][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.411629][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.425331][ T5848] Bluetooth: hci2: command tx timeout [ 89.430799][ T5848] Bluetooth: hci1: command tx timeout [ 89.435360][ T51] Bluetooth: hci3: command tx timeout [ 89.442449][ T51] Bluetooth: hci4: command tx timeout [ 89.448190][ T5849] Bluetooth: hci0: command tx timeout [ 89.471548][ T5834] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.529236][ T5834] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.544894][ T5834] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.590852][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.598303][ T5834] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.663455][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.685239][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.700377][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.712230][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.754678][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.791424][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.799035][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.831809][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.839545][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.877423][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.003503][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.041616][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.060208][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.067613][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.113603][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.122027][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.169894][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.216790][ T1344] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.224114][ T1344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.258760][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.296240][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.303378][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.319361][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.393059][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.423952][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.460774][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.468104][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.497737][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.505313][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.518336][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.526190][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.561814][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.569322][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.728432][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.928747][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.014352][ T5837] veth0_vlan: entered promiscuous mode [ 91.087785][ T5837] veth1_vlan: entered promiscuous mode [ 91.172233][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.198339][ T5844] veth0_vlan: entered promiscuous mode [ 91.263995][ T5837] veth0_macvtap: entered promiscuous mode [ 91.278706][ T5844] veth1_vlan: entered promiscuous mode [ 91.309161][ T5837] veth1_macvtap: entered promiscuous mode [ 91.363891][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.398992][ T5844] veth0_macvtap: entered promiscuous mode [ 91.413420][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.428253][ T5844] veth1_macvtap: entered promiscuous mode [ 91.452906][ T5835] veth0_vlan: entered promiscuous mode [ 91.472009][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.480897][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.497798][ T5835] veth1_vlan: entered promiscuous mode [ 91.506859][ T51] Bluetooth: hci1: command tx timeout [ 91.512579][ T51] Bluetooth: hci3: command tx timeout [ 91.518420][ T5849] Bluetooth: hci2: command tx timeout [ 91.518442][ T5851] Bluetooth: hci4: command tx timeout [ 91.523988][ T5849] Bluetooth: hci0: command tx timeout [ 91.554123][ T5837] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.576511][ T5837] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.588273][ T5837] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.597457][ T5837] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.651041][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.695497][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.736755][ T5844] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.757873][ T5844] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.772004][ T5844] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.781331][ T5844] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.832179][ T5836] veth0_vlan: entered promiscuous mode [ 91.914228][ T1344] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.936313][ T1344] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.949354][ T5836] veth1_vlan: entered promiscuous mode [ 91.972510][ T5835] veth0_macvtap: entered promiscuous mode [ 92.026179][ T5835] veth1_macvtap: entered promiscuous mode [ 92.034520][ T1344] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.063426][ T1344] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.084294][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.143906][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.149161][ T3098] cfg80211: failed to load regulatory.db [ 92.174212][ T5837] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.191162][ T5834] veth0_vlan: entered promiscuous mode [ 92.199679][ T5834] veth1_vlan: entered promiscuous mode [ 92.219348][ T5836] veth0_macvtap: entered promiscuous mode [ 92.280457][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.302242][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.318619][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.335210][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.354987][ T1344] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.374881][ T1344] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.399147][ T5836] veth1_macvtap: entered promiscuous mode [ 92.423246][ T1344] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.433676][ T1344] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.516158][ T5959] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.519453][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.583733][ T5834] veth0_macvtap: entered promiscuous mode [ 92.618956][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.672711][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.716462][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.729174][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.741977][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.757297][ T5834] veth1_macvtap: entered promiscuous mode [ 92.875027][ T1344] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.882909][ T1344] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.982848][ T1332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.992139][ T1332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.116599][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.150575][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.200825][ T5834] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.222760][ T5834] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.241755][ T5834] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.267864][ T5834] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.429190][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.462345][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.559414][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.589756][ T5849] Bluetooth: hci0: command tx timeout [ 93.595546][ T5157] Bluetooth: hci3: command tx timeout [ 93.601174][ T5157] Bluetooth: hci4: command tx timeout [ 93.607484][ T51] Bluetooth: hci2: command tx timeout [ 93.607510][ T5851] Bluetooth: hci1: command tx timeout [ 93.684848][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.914290][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.972771][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.598014][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.655722][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.385416][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.649186][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.660190][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.669389][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 96.230257][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.331955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 96.435456][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 96.815459][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.824499][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.253827][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.316323][ T6043] netlink: 'syz.4.23': attribute type 10 has an invalid length. [ 100.364011][ T6043] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.373021][ T6043] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.559867][ T6043] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.567755][ T6043] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.576220][ T6043] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.583814][ T6043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.903185][ T6043] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 100.989396][ T6043] syz.4.23 (6043) used greatest stack depth: 19224 bytes left [ 105.045421][ T6107] binder: BINDER_SET_CONTEXT_MGR already set [ 105.060840][ T6107] binder: 6106:6107 ioctl 4018620d 200000000040 returned -16 [ 105.137479][ T6109] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.145278][ T6109] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.288032][ T6109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.300818][ T6109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.353024][ T6109] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.362754][ T6109] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.372772][ T6109] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.383396][ T6109] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.980701][ T6118] netlink: 'syz.2.46': attribute type 1 has an invalid length. [ 106.149076][ T6118] vlan2: entered allmulticast mode [ 106.154448][ T6118] veth1: entered allmulticast mode [ 106.377378][ T6126] netlink: 24 bytes leftover after parsing attributes in process `syz.3.50'. [ 106.443441][ T6127] netlink: 'syz.4.49': attribute type 1 has an invalid length. [ 106.687050][ T6132] vlan3: entered allmulticast mode [ 106.818877][ T6132] team_slave_0: entered allmulticast mode [ 109.390484][ T30] audit: type=1800 audit(1754659191.752:2): pid=6175 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.66" name="bus" dev="overlay" ino=124 res=0 errno=0 [ 109.871146][ T6191] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 111.002899][ T6212] netlink: 92 bytes leftover after parsing attributes in process `syz.0.78'. [ 111.925163][ T5926] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 112.115359][ T5926] usb 2-1: Using ep0 maxpacket: 8 [ 112.130256][ T5926] usb 2-1: unable to get BOS descriptor or descriptor too short [ 112.153177][ T5926] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 113, changing to 10 [ 112.220322][ T5926] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1040, setting to 1024 [ 112.265596][ T5926] usb 2-1: config 1 interface 0 has no altsetting 0 [ 112.282480][ T6237] capability: warning: `syz.2.87' uses deprecated v2 capabilities in a way that may be insecure [ 112.301547][ T5926] usb 2-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.40 [ 112.332414][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.345168][ T5926] usb 2-1: Product: syz [ 112.349651][ T5926] usb 2-1: Manufacturer: syz [ 112.401172][ T5926] usb 2-1: SerialNumber: syz [ 112.453417][ T6218] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 112.729090][ T5926] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input6 [ 112.755972][ T5192] bcm5974 2-1:1.0: could not read from device [ 112.789988][ T5192] bcm5974 2-1:1.0: could not read from device [ 112.821412][ T5926] usb 2-1: USB disconnect, device number 2 [ 112.832781][ T5192] bcm5974 2-1:1.0: could not read from device [ 112.916353][ T6253] netlink: 180 bytes leftover after parsing attributes in process `syz.2.91'. [ 112.928703][ T5192] bcm5974 2-1:1.0: could not read from device [ 113.000541][ T6251] netlink: 180 bytes leftover after parsing attributes in process `syz.2.91'. [ 113.055717][ T6251] netlink: 180 bytes leftover after parsing attributes in process `syz.2.91'. [ 113.080934][ T5907] udevd[5907]: Error opening device "/dev/input/event5": No such file or directory [ 113.105096][ T5907] udevd[5907]: Unable to EVIOCGABS device "/dev/input/event5" [ 113.133516][ T5907] udevd[5907]: Unable to EVIOCGABS device "/dev/input/event5" [ 113.155763][ T5907] udevd[5907]: Unable to EVIOCGABS device "/dev/input/event5" [ 113.175362][ T5907] udevd[5907]: Unable to EVIOCGABS device "/dev/input/event5" [ 113.436919][ T6265] netlink: 12 bytes leftover after parsing attributes in process `syz.1.98'. [ 114.565090][ T6273] Zero length message leads to an empty skb [ 115.052016][ T6282] loop6: detected capacity change from 0 to 63 [ 115.083078][ T5893] Buffer I/O error on dev loop6, logical block 0, async page read [ 115.110109][ T5893] Buffer I/O error on dev loop6, logical block 0, async page read [ 115.142080][ T5893] Buffer I/O error on dev loop6, logical block 0, async page read [ 115.175272][ T5893] Buffer I/O error on dev loop6, logical block 0, async page read [ 115.343807][ T6282] Buffer I/O error on dev loop6, logical block 0, async page read [ 115.432063][ T5893] Buffer I/O error on dev loop6, logical block 0, async page read [ 115.453353][ T6282] Buffer I/O error on dev loop6, logical block 0, async page read [ 115.462547][ T6282] Buffer I/O error on dev loop6, logical block 0, async page read [ 115.472394][ T6282] Buffer I/O error on dev loop6, logical block 0, async page read [ 115.481810][ T6282] Buffer I/O error on dev loop6, logical block 0, async page read [ 116.816587][ T6304] netlink: 12 bytes leftover after parsing attributes in process `syz.0.111'. [ 117.677419][ T30] audit: type=1804 audit(1754659200.032:3): pid=6317 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.114" name="/newroot/24/file0" dev="tmpfs" ino=140 res=1 errno=0 [ 119.140913][ T6330] loop6: detected capacity change from 0 to 524287999 [ 120.608275][ T6355] process 'syz.1.126' launched './file0' with NULL argv: empty string added [ 120.951972][ T6362] netlink: 12 bytes leftover after parsing attributes in process `syz.2.128'. [ 121.247329][ T6368] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 122.621175][ T43] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 122.662198][ T6385] netlink: 24 bytes leftover after parsing attributes in process `syz.3.135'. [ 122.705200][ T6387] binder: 6386:6387 unknown command 0 [ 122.724975][ T6387] binder: 6386:6387 ioctl c0306201 2000000003c0 returned -22 [ 122.748855][ T30] audit: type=1326 audit(1754659205.112:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6388 comm="syz.2.137" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f545d38ebe9 code=0x0 [ 122.842386][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 122.902393][ T43] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 122.952258][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 122.967001][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 122.979645][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 123.000214][ T43] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 123.010827][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 123.020044][ T43] usb 2-1: Product: syz [ 123.024343][ T43] usb 2-1: Manufacturer: syz [ 123.047792][ T43] usb 2-1: SerialNumber: syz [ 123.063717][ T43] usb 2-1: config 0 descriptor?? [ 123.394213][ T5926] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 123.574855][ T5926] usb 4-1: Using ep0 maxpacket: 32 [ 123.623852][ T6385] netlink: 24 bytes leftover after parsing attributes in process `syz.3.135'. [ 123.768082][ T6385] Bluetooth: MGMT ver 1.23 [ 123.783366][ T43] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 123.790855][ T6390] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 123.836265][ T43] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 123.858125][ T5926] usb 4-1: unable to get BOS descriptor or descriptor too short [ 123.884259][ T43] radio-si470x 2-1:0.0: software version 0, hardware version 0 [ 123.899138][ T43] radio-si470x 2-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 123.909554][ T5926] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 123.914872][ T43] radio-si470x 2-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 123.943136][ T5926] usb 4-1: can't read configurations, error -71 [ 124.094718][ T43] radio-si470x 2-1:0.0: submitting int urb failed (-90) [ 125.530868][ T43] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -71 [ 125.839634][ T5848] Bluetooth: hci0: command 0x0401 tx timeout [ 125.892419][ T43] usb 2-1: USB disconnect, device number 3 [ 125.898912][ T5851] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 126.038969][ T6432] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 126.860367][ T30] audit: type=1326 audit(1754659209.222:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6441 comm="syz.1.151" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f145158ebe9 code=0x0 [ 127.159637][ T6453] netlink: 24 bytes leftover after parsing attributes in process `syz.4.154'. [ 127.282612][ T6453] netlink: 4 bytes leftover after parsing attributes in process `syz.4.154'. [ 127.658341][ T6464] binder: BINDER_SET_CONTEXT_MGR already set [ 127.734929][ T6464] binder: 6463:6464 ioctl 4018620d 200000004a80 returned -16 [ 127.939296][ T5851] Bluetooth: hci0: command 0x0401 tx timeout [ 128.225037][ T5926] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 128.714945][ T5926] usb 2-1: Using ep0 maxpacket: 32 [ 129.208896][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.209883][ T6474] syz_tun: entered promiscuous mode [ 129.276151][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.301533][ T6474] vlan2: entered promiscuous mode [ 129.335476][ T5926] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 129.414946][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.516121][ T5926] usb 2-1: config 0 descriptor?? [ 129.974857][ T6480] netlink: 4 bytes leftover after parsing attributes in process `syz.0.164'. [ 130.060476][ T5926] savu 0003:1E7D:2D5A.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 130.246984][ T43] usb 2-1: USB disconnect, device number 4 [ 130.540541][ T6482] fido_id[6482]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 130.692314][ T6494] netlink: 12 bytes leftover after parsing attributes in process `syz.3.169'. [ 130.971794][ T6494] 8021q: adding VLAN 0 to HW filter on device bond1 [ 131.144938][ T6496] macvlan2: entered promiscuous mode [ 131.165359][ T6496] macvlan2: entered allmulticast mode [ 131.178540][ T6496] bond1: entered promiscuous mode [ 131.208491][ T6496] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 131.288320][ T6496] bond1: left promiscuous mode [ 132.269540][ T5851] Bluetooth: hci0: Invalid handle: 0x20c9 > 0x0eff [ 132.435521][ T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 132.760969][ T6537] binder_alloc: 6536: binder_alloc_buf size 4120 failed, no address space [ 132.770800][ T6537] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 4096 (num: 1 largest: 4096) [ 132.787689][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 133.011386][ T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 133.055479][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 133.083384][ T30] audit: type=1804 audit(1754659215.442:6): pid=6538 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.181" name="/newroot/42/file0" dev="tmpfs" ino=252 res=1 errno=0 [ 133.126530][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.134060][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.224993][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 133.241247][ T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 133.250849][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.259162][ T24] usb 4-1: Product: syz [ 133.264139][ T24] usb 4-1: Manufacturer: syz [ 133.269227][ T24] usb 4-1: SerialNumber: syz [ 133.685238][ T24] usb 4-1: 0:2 : does not exist [ 133.719907][ T6543] kvm: pic: non byte write [ 133.728086][ T6545] Driver unsupported XDP return value 0 on prog (id 28) dev N/A, expect packet loss! [ 134.053488][ T30] audit: type=1800 audit(1754659216.412:7): pid=6552 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.187" name="file1" dev="tmpfs" ino=177 res=0 errno=0 [ 135.445779][ T24] usb 4-1: USB disconnect, device number 4 [ 137.223814][ T5848] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 137.259515][ T5848] Bluetooth: hci3: Injecting HCI hardware error event [ 137.329783][ T5848] Bluetooth: hci3: hardware error 0x00 [ 138.905180][ T5921] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 139.105545][ T5921] usb 1-1: Using ep0 maxpacket: 16 [ 139.143677][ T5921] usb 1-1: config 0 has no interfaces? [ 139.203951][ T5921] usb 1-1: New USB device found, idVendor=0408, idProduct=4034, bcdDevice=dd.cd [ 139.246579][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.281177][ T5921] usb 1-1: Product: syz [ 139.301813][ T5921] usb 1-1: Manufacturer: syz [ 139.324792][ T5921] usb 1-1: SerialNumber: syz [ 139.384157][ T5921] usb 1-1: config 0 descriptor?? [ 139.590573][ T5848] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 140.187319][ T5921] usb 1-1: USB disconnect, device number 2 [ 144.016538][ T6656] capability: warning: `syz.0.221' uses 32-bit capabilities (legacy support in use) [ 148.614944][ T43] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 148.797671][ T43] usb 5-1: Using ep0 maxpacket: 32 [ 148.820177][ T43] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.850126][ T43] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.913328][ T43] usb 5-1: config 0 interface 0 has no altsetting 0 [ 148.931334][ T43] usb 5-1: New USB device found, idVendor=056a, idProduct=032c, bcdDevice= 0.00 [ 148.973232][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.056790][ T43] usb 5-1: config 0 descriptor?? [ 149.744201][ T5921] usb 5-1: USB disconnect, device number 2 [ 150.543924][ T6728] input: syz1 as /devices/virtual/input/input7 [ 152.463658][ T6748] ======================================================= [ 152.463658][ T6748] WARNING: The mand mount option has been deprecated and [ 152.463658][ T6748] and is ignored by this kernel. Remove the mand [ 152.463658][ T6748] option from the mount to silence this warning. [ 152.463658][ T6748] ======================================================= [ 153.941214][ T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.957647][ T6767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.260'. [ 154.170696][ T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.353988][ T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.710909][ T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.278928][ T6788] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 156.500746][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 156.544907][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 156.557902][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 156.568368][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 156.578909][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 156.873186][ T49] bridge_slave_1: left allmulticast mode [ 156.924942][ T49] bridge_slave_1: left promiscuous mode [ 156.959538][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.076345][ T49] bridge_slave_0: left allmulticast mode [ 157.082308][ T49] bridge_slave_0: left promiscuous mode [ 157.133698][ T6797] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3045695589 (97462258848 ns) > initial count (89605043936 ns). Using initial count to start timer. [ 157.158253][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.508694][ T6797] kvm: pic: non byte write [ 157.555870][ T6797] kvm: pic: non byte write [ 157.560644][ T6797] kvm: pic: non byte write [ 157.575131][ T6797] kvm: pic: non byte write [ 157.579683][ T6797] kvm: pic: non byte write [ 157.636620][ T6797] kvm: pic: non byte write [ 157.660258][ T6797] kvm: pic: non byte write [ 157.703939][ T6797] kvm: pic: non byte write [ 157.726542][ T6797] kvm: pic: non byte write [ 157.731285][ T6797] kvm: pic: non byte write [ 157.763063][ T6797] kvm: pic: single mode not supported [ 158.624959][ T5851] Bluetooth: hci0: command tx timeout [ 158.870747][ T49] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 159.277072][ T6833] syz.2.280 uses obsolete (PF_INET,SOCK_PACKET) [ 159.286602][ T30] audit: type=1804 audit(1754659241.652:8): pid=6830 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.279" name="/newroot/51/bus/file0" dev="overlay" ino=294 res=1 errno=0 [ 159.950596][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.755003][ T5851] Bluetooth: hci0: command tx timeout [ 160.804194][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.821149][ T49] bond0 (unregistering): Released all slaves [ 162.369591][ T49] hsr_slave_0: left promiscuous mode [ 162.383004][ T49] hsr_slave_1: left promiscuous mode [ 162.393299][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 162.618114][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.655891][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 162.663462][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 162.784908][ T5851] Bluetooth: hci0: command tx timeout [ 164.234998][ T49] veth1_macvtap: left promiscuous mode [ 164.241248][ T49] veth0_macvtap: left promiscuous mode [ 164.298443][ T49] veth1_vlan: left promiscuous mode [ 164.326257][ T49] veth0_vlan: left promiscuous mode [ 164.434987][ T30] audit: type=1326 audit(1754659246.772:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6876 comm="syz.3.291" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efcc658ebe9 code=0x0 [ 164.868642][ T5851] Bluetooth: hci0: command tx timeout [ 166.781540][ T49] team0 (unregistering): Port device team_slave_1 removed [ 166.871937][ T49] team0 (unregistering): Port device team_slave_0 removed [ 168.006986][ T6905] bond0: entered promiscuous mode [ 168.035999][ T6905] bond_slave_0: entered promiscuous mode [ 168.044448][ T6905] bond_slave_1: entered promiscuous mode [ 168.085057][ T6905] bond0: entered allmulticast mode [ 168.090507][ T6905] bond_slave_0: entered allmulticast mode [ 168.112610][ T6905] bond_slave_1: entered allmulticast mode [ 168.196807][ T6789] chnl_net:caif_netlink_parms(): no params data found [ 169.058158][ T6789] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.078022][ T6789] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.091405][ T6789] bridge_slave_0: entered allmulticast mode [ 169.100694][ T6789] bridge_slave_0: entered promiscuous mode [ 169.119159][ T6789] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.127611][ T6789] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.136007][ T6789] bridge_slave_1: entered allmulticast mode [ 169.145038][ T6789] bridge_slave_1: entered promiscuous mode [ 169.246073][ T6789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.261726][ T6789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.359998][ T6923] picdev_write: 104 callbacks suppressed [ 169.360016][ T6923] kvm: pic: non byte write [ 169.397365][ T6789] team0: Port device team_slave_0 added [ 169.410266][ T6789] team0: Port device team_slave_1 added [ 169.477882][ T6789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.485609][ T6789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.528708][ T6789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.546888][ T6789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.559274][ T6789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.597777][ T6789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.705579][ T6789] hsr_slave_0: entered promiscuous mode [ 169.715914][ T6789] hsr_slave_1: entered promiscuous mode [ 169.722354][ T6789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.735004][ T6789] Cannot create hsr debugfs directory [ 171.291659][ T6789] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 171.372700][ T6789] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 171.443829][ T6935] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 171.574856][ T6789] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 171.760797][ T6789] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 173.081275][ T6789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.103686][ T6789] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.139706][ T1332] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.151053][ T1332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.281117][ T1344] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.288372][ T1344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.511953][ T30] audit: type=1326 audit(1754659255.872:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6953 comm="syz.0.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ccef2add9 code=0x7ffc0000 [ 173.637181][ T30] audit: type=1326 audit(1754659255.902:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6953 comm="syz.0.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ccef2add9 code=0x7ffc0000 [ 173.939656][ T30] audit: type=1326 audit(1754659255.902:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6953 comm="syz.0.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ccef2add9 code=0x7ffc0000 [ 174.170447][ T30] audit: type=1326 audit(1754659255.902:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6953 comm="syz.0.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccef8ebe9 code=0x7ffc0000 [ 174.439549][ T30] audit: type=1326 audit(1754659255.902:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6953 comm="syz.0.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccef8ebe9 code=0x7ffc0000 [ 174.473102][ T30] audit: type=1326 audit(1754659255.902:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6953 comm="syz.0.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccef8ebe9 code=0x7ffc0000 [ 174.605047][ T30] audit: type=1326 audit(1754659255.902:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6953 comm="syz.0.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ccef2add9 code=0x7ffc0000 [ 174.630317][ T30] audit: type=1326 audit(1754659255.902:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6953 comm="syz.0.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccef8ebe9 code=0x7ffc0000 [ 174.736574][ T6983] JFS: charset not found [ 175.498360][ T30] audit: type=1326 audit(1754659255.902:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6953 comm="syz.0.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ccef2add9 code=0x7ffc0000 [ 175.539045][ T30] audit: type=1326 audit(1754659255.902:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6953 comm="syz.0.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ccef2add9 code=0x7ffc0000 [ 175.677376][ T6789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.820463][ T6998] netlink: 'syz.0.325': attribute type 1 has an invalid length. [ 177.031617][ T7004] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 177.060877][ T7004] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 177.143649][ T6998] gretap1: entered promiscuous mode [ 177.178006][ T6998] bond1: (slave gretap1): making interface the new active one [ 177.198391][ T6998] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 177.486246][ T6789] veth0_vlan: entered promiscuous mode [ 177.507966][ T6789] veth1_vlan: entered promiscuous mode [ 177.584629][ T6789] veth0_macvtap: entered promiscuous mode [ 177.615132][ T6789] veth1_macvtap: entered promiscuous mode [ 177.663349][ T6789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.049886][ T6789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 178.257739][ T6789] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.384937][ T6789] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.393891][ T6789] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.404026][ T6789] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.338004][ T7028] bridge: RTM_NEWNEIGH with invalid ether address [ 179.806754][ T1319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.837293][ T1319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.998391][ T6410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.022859][ T6410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.686436][ T7058] netlink: 24 bytes leftover after parsing attributes in process `syz.1.343'. [ 184.040458][ T7097] netlink: 'syz.1.356': attribute type 4 has an invalid length. [ 184.068417][ T7097] netlink: 'syz.1.356': attribute type 4 has an invalid length. [ 187.375141][ T5921] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 187.643278][ T5921] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 187.683601][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.713995][ T5921] usb 3-1: Product: syz [ 187.744802][ T5921] usb 3-1: Manufacturer: syz [ 187.755056][ T5921] usb 3-1: SerialNumber: syz [ 187.797729][ T5921] usb 3-1: config 0 descriptor?? [ 188.066268][ T5921] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 189.917112][ T7148] netlink: 104 bytes leftover after parsing attributes in process `syz.0.372'. [ 190.254146][ T5921] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 190.374893][ T5921] usb 3-1: USB disconnect, device number 2 [ 191.741297][ T7169] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 192.767246][ T5929] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 193.886475][ T5929] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 194.447456][ T7208] netlink: 4 bytes leftover after parsing attributes in process `syz.1.391'. [ 194.465777][ T7207] evm: overlay not supported [ 194.550133][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.557011][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.741368][ T7210] warning: `syz.3.393' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 197.421853][ T7230] netlink: 96 bytes leftover after parsing attributes in process `syz.1.400'. [ 198.457351][ T7241] block nbd1: NBD_DISCONNECT [ 198.610891][ T7241] block nbd1: Disconnected due to user request. [ 198.697751][ T7241] block nbd1: shutting down sockets [ 199.024496][ T7252] netlink: 20 bytes leftover after parsing attributes in process `syz.3.407'. [ 199.068485][ T7252] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 199.324611][ T7261] overlayfs: failed to clone upperpath [ 202.317464][ T7283] netlink: 'syz.0.416': attribute type 1 has an invalid length. [ 203.619043][ T7295] netlink: 20 bytes leftover after parsing attributes in process `syz.3.421'. [ 203.628785][ T7295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.421'. [ 204.141489][ T7276] cifs: Unknown parameter '[bIT&:"1:ӭ'4,Zz-#F<]%gC [ 204.141489][ T7276] SȘȞZ6' [ 209.877310][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 209.877328][ T30] audit: type=1326 audit(1754659292.242:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7332 comm="syz.5.431" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fec4fb8ebe9 code=0x0 [ 210.165342][ T30] audit: type=1804 audit(1754659292.312:79): pid=7361 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.441" name="/newroot/85/file0" dev="tmpfs" ino=484 res=1 errno=0 [ 210.185841][ C1] vkms_vblank_simulate: vblank timer overrun [ 211.988189][ T5849] Bluetooth: hci2: command 0x0406 tx timeout [ 211.996684][ T5157] Bluetooth: hci1: command 0x0406 tx timeout [ 212.373939][ T7396] sit0: entered promiscuous mode [ 212.413798][ T7396] netlink: 'syz.2.452': attribute type 1 has an invalid length. [ 212.440610][ T7396] netlink: 1 bytes leftover after parsing attributes in process `syz.2.452'. [ 213.034243][ T7410] tipc: Failed to remove unknown binding: 66,1,1/0:1886144413/1886144415 [ 213.764911][ T5929] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 213.925109][ T5929] usb 2-1: Using ep0 maxpacket: 8 [ 214.078303][ T5929] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.435389][ T5929] usb 2-1: config 0 has no interfaces? [ 214.496559][ T5929] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 214.507896][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.528580][ T5929] usb 2-1: Product: syz [ 214.545053][ T5929] usb 2-1: Manufacturer: syz [ 214.574849][ T5929] usb 2-1: SerialNumber: syz [ 214.596091][ T5929] usb 2-1: config 0 descriptor?? [ 214.655430][ T7433] netlink: 16 bytes leftover after parsing attributes in process `syz.0.464'. [ 215.385307][ T3098] usb 2-1: USB disconnect, device number 5 [ 216.713529][ T7456] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 216.775432][ T3098] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 216.975121][ T3098] usb 2-1: Using ep0 maxpacket: 32 [ 216.997029][ T3098] usb 2-1: config 0 has an invalid interface number: 247 but max is 0 [ 217.012955][ T3098] usb 2-1: config 0 has no interface number 0 [ 217.028179][ T3098] usb 2-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 217.092693][ T3098] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 217.148061][ T3098] usb 2-1: Product: syz [ 217.166004][ T3098] usb 2-1: Manufacturer: syz [ 217.222037][ T3098] usb 2-1: config 0 descriptor?? [ 217.486141][ T7454] QAT: Stopping all acceleration devices. [ 218.652306][ T24] usb 2-1: USB disconnect, device number 6 [ 222.827344][ T7510] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 222.858796][ T7510] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 223.255433][ T7517] input: syz0 as /devices/virtual/input/input8 [ 224.270410][ T7522] affs: No valid root block on device nullb0 [ 226.223794][ T30] audit: type=1800 audit(1754659308.582:80): pid=7533 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.495" name="bus" dev="overlay" ino=564 res=0 errno=0 [ 227.057657][ T7546] ptrace attach of "./syz-executor exec"[7547] was attempted by "./syz-executor exec"[7546] [ 230.613509][ T5851] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 230.623767][ T5851] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 230.643031][ T5851] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 230.655936][ T5851] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 230.665590][ T5851] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 230.932622][ T7577] netlink: 16 bytes leftover after parsing attributes in process `syz.0.509'. [ 231.707384][ T1332] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.044796][ T1332] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.056411][ T5921] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 232.364586][ T5921] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.376223][ T5921] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 232.386005][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.975308][ T5848] Bluetooth: hci5: command tx timeout [ 233.007561][ T1332] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.076712][ T5921] usb 1-1: config 0 descriptor?? [ 233.113464][ T5921] pwc: Askey VC010 type 2 USB webcam detected. [ 233.595549][ T5921] pwc: recv_control_msg error -32 req 02 val 2b00 [ 233.629524][ T5921] pwc: recv_control_msg error -32 req 02 val 2700 [ 233.657056][ T1332] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.672194][ T5921] pwc: recv_control_msg error -32 req 02 val 2c00 [ 233.698670][ T5921] pwc: recv_control_msg error -32 req 04 val 1000 [ 233.724255][ T5921] pwc: recv_control_msg error -32 req 04 val 1300 [ 233.758443][ T5921] pwc: recv_control_msg error -32 req 04 val 1400 [ 233.782228][ T5921] pwc: recv_control_msg error -32 req 02 val 2000 [ 233.831878][ T5921] pwc: recv_control_msg error -32 req 02 val 2100 [ 233.922975][ T7573] chnl_net:caif_netlink_parms(): no params data found [ 234.061681][ T5921] pwc: recv_control_msg error -71 req 02 val 2500 [ 234.090500][ T5921] pwc: recv_control_msg error -71 req 02 val 2400 [ 234.116620][ T5921] pwc: recv_control_msg error -71 req 02 val 2600 [ 234.133450][ T5921] pwc: recv_control_msg error -71 req 02 val 2900 [ 234.143648][ T5921] pwc: recv_control_msg error -71 req 02 val 2800 [ 234.155641][ T5921] pwc: recv_control_msg error -71 req 04 val 1100 [ 234.167727][ T5921] pwc: recv_control_msg error -71 req 04 val 1200 [ 234.238570][ T5921] pwc: Registered as video103. [ 234.309152][ T5921] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input9 [ 234.435804][ T5921] usb 1-1: USB disconnect, device number 3 [ 234.590183][ T1332] bridge_slave_1: left allmulticast mode [ 234.874766][ T1332] bridge_slave_1: left promiscuous mode [ 234.885380][ T1332] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.975406][ T1332] bridge_slave_0: left allmulticast mode [ 234.982258][ T1332] bridge_slave_0: left promiscuous mode [ 235.029233][ T5848] Bluetooth: hci5: command tx timeout [ 235.039447][ T1332] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.269934][ T7625] netlink: 165 bytes leftover after parsing attributes in process `syz.0.522'. [ 237.108154][ T5848] Bluetooth: hci5: command tx timeout [ 237.382590][ T30] audit: type=1326 audit(1754659319.742:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7636 comm="syz.1.526" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f145158ebe9 code=0x0 [ 237.942416][ T7645] netlink: 'syz.3.528': attribute type 10 has an invalid length. [ 238.156257][ T1332] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 238.250578][ T1332] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 238.291979][ T1332] bond0 (unregistering): Released all slaves [ 238.530898][ T7573] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.594637][ T7573] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.735102][ T7573] bridge_slave_0: entered allmulticast mode [ 238.814950][ T7573] bridge_slave_0: entered promiscuous mode [ 238.843709][ T7573] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.864993][ T7573] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.884301][ T7573] bridge_slave_1: entered allmulticast mode [ 238.904129][ T7573] bridge_slave_1: entered promiscuous mode [ 238.967425][ T7645] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.976582][ T7645] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.097359][ T7645] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.105289][ T7645] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.113813][ T7645] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.121453][ T7645] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.195106][ T5848] Bluetooth: hci5: command tx timeout [ 239.226023][ T7645] bridge0: entered promiscuous mode [ 239.233963][ T7645] bridge0: entered allmulticast mode [ 239.245606][ T7645] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 239.828195][ T7573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.513815][ T7667] overlayfs: failed to clone upperpath [ 240.646574][ T7573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.943902][ T7573] team0: Port device team_slave_0 added [ 240.959185][ T7573] team0: Port device team_slave_1 added [ 241.112447][ T1332] hsr_slave_0: left promiscuous mode [ 241.262024][ T1332] hsr_slave_1: left promiscuous mode [ 241.274249][ T1332] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 241.289522][ T1332] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 241.300818][ T1332] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 241.961528][ T1332] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.149916][ T1332] veth1_macvtap: left promiscuous mode [ 242.164852][ T1332] veth0_macvtap: left promiscuous mode [ 242.175387][ T1332] veth1_vlan: left promiscuous mode [ 242.185234][ T1332] veth0_vlan: left promiscuous mode [ 242.844350][ T5851] Bluetooth: hci4: command 0x0406 tx timeout [ 245.660893][ T1332] team0 (unregistering): Port device team_slave_1 removed [ 245.800539][ T1332] team0 (unregistering): Port device team_slave_0 removed [ 246.513121][ T7573] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 246.520747][ T7573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.548267][ T7573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.563658][ T7573] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.571810][ T7573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.600061][ T7573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.753672][ T7573] hsr_slave_0: entered promiscuous mode [ 247.761358][ T7573] hsr_slave_1: entered promiscuous mode [ 247.772219][ T7573] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 247.854003][ T7573] Cannot create hsr debugfs directory [ 248.406891][ T7727] syz.1.552 (7727) used greatest stack depth: 17992 bytes left [ 248.667913][ T30] audit: type=1800 audit(1754659331.032:82): pid=7739 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.556" name="bus" dev="ramfs" ino=16919 res=0 errno=0 [ 249.649198][ T7573] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 249.723172][ T7573] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 249.763669][ T7573] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 249.871440][ T7573] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 250.869239][ T7573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.879896][ T7769] netlink: 24 bytes leftover after parsing attributes in process `syz.2.563'. [ 251.479633][ T7573] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.593641][ T1332] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.601122][ T1332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.628554][ T1332] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.635931][ T1332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 252.054024][ T30] audit: type=1804 audit(1754659334.012:83): pid=7779 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.567" name="bus" dev="ramfs" ino=17013 res=1 errno=0 [ 252.075673][ T30] audit: type=1804 audit(1754659334.402:84): pid=7779 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.567" name="bus" dev="ramfs" ino=17013 res=1 errno=0 [ 252.844351][ T7796] netlink: 4 bytes leftover after parsing attributes in process `syz.3.573'. [ 253.232701][ T7573] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 253.404218][ T1137] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.612345][ T1137] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.912392][ T1137] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.263263][ T1137] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.796851][ T7573] veth0_vlan: entered promiscuous mode [ 255.858219][ T7573] veth1_vlan: entered promiscuous mode [ 256.057011][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 256.063485][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.068913][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 256.071923][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.087362][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 256.096035][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 256.112805][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 256.793141][ T7573] veth0_macvtap: entered promiscuous mode [ 256.906253][ T7573] veth1_macvtap: entered promiscuous mode [ 257.031191][ T7842] netlink: 48 bytes leftover after parsing attributes in process `syz.3.587'. [ 257.041755][ T7842] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 257.050064][ T7842] IPv6: NLM_F_CREATE should be set when creating new route [ 257.767883][ T1137] bridge_slave_1: left allmulticast mode [ 257.874882][ T1137] bridge_slave_1: left promiscuous mode [ 257.930593][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.991506][ T1137] bridge_slave_0: left allmulticast mode [ 258.156668][ T5848] Bluetooth: hci0: command tx timeout [ 258.169599][ T1137] bridge_slave_0: left promiscuous mode [ 258.187411][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.644646][ T1137] bond1 (unregistering): (slave gretap1): Releasing active interface [ 260.334749][ T5848] Bluetooth: hci0: command tx timeout [ 260.390966][ T7878] netlink: 12 bytes leftover after parsing attributes in process `syz.2.596'. [ 260.538961][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 260.624562][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 260.646793][ T1137] bond0 (unregistering): Released all slaves [ 260.670387][ T1137] bond1 (unregistering): Released all slaves [ 260.807047][ T7882] netlink: 96 bytes leftover after parsing attributes in process `syz.1.597'. [ 260.863651][ T7573] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 260.878720][ T7573] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 260.997251][ T7573] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.029402][ T7573] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.040629][ T7573] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.050305][ T7573] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.626867][ T7891] mmap: syz.1.599 (7891) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 262.236025][ T1137] hsr_slave_0: left promiscuous mode [ 262.407907][ T5848] Bluetooth: hci0: command tx timeout [ 263.567224][ T1137] hsr_slave_1: left promiscuous mode [ 263.669441][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 263.759624][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 263.956245][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 263.964289][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 264.200766][ T1137] veth1_macvtap: left promiscuous mode [ 264.272294][ T1137] veth0_macvtap: left promiscuous mode [ 264.333784][ T1137] veth1_vlan: left promiscuous mode [ 264.464801][ T5848] Bluetooth: hci0: command tx timeout [ 264.905060][ T1137] veth0_vlan: left promiscuous mode [ 267.044910][ T30] audit: type=1326 audit(1754659349.402:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7923 comm="syz.2.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545d38ebe9 code=0x7ffc0000 [ 267.135214][ T30] audit: type=1326 audit(1754659349.402:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7923 comm="syz.2.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545d38ebe9 code=0x7ffc0000 [ 267.272257][ T30] audit: type=1326 audit(1754659349.402:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7923 comm="syz.2.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f545d32add9 code=0x7ffc0000 [ 267.408500][ T30] audit: type=1326 audit(1754659349.402:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7923 comm="syz.2.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545d38ebe9 code=0x7ffc0000 [ 267.525082][ T30] audit: type=1326 audit(1754659349.402:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7923 comm="syz.2.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545d38ebe9 code=0x7ffc0000 [ 268.334940][ T30] audit: type=1326 audit(1754659349.402:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7923 comm="syz.2.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f545d32add9 code=0x7ffc0000 [ 268.436202][ T30] audit: type=1326 audit(1754659349.412:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7923 comm="syz.2.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f545d32add9 code=0x7ffc0000 [ 268.524837][ T30] audit: type=1326 audit(1754659349.412:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7923 comm="syz.2.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f545d32add9 code=0x7ffc0000 [ 268.634259][ T30] audit: type=1326 audit(1754659349.412:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7923 comm="syz.2.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f545d32add9 code=0x7ffc0000 [ 268.693709][ T30] audit: type=1326 audit(1754659349.412:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7923 comm="syz.2.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f545d32add9 code=0x7ffc0000 [ 270.765458][ T1137] team0 (unregistering): Port device team_slave_1 removed [ 270.854140][ T1137] team0 (unregistering): Port device team_slave_0 removed [ 272.030078][ T7955] bridge0: port 3(syz_tun) entered blocking state [ 272.065983][ T7955] bridge0: port 3(syz_tun) entered disabled state [ 272.073084][ T7955] syz_tun: entered allmulticast mode [ 272.090180][ T7955] syz_tun: entered promiscuous mode [ 272.145538][ T7834] chnl_net:caif_netlink_parms(): no params data found [ 272.613835][ T1332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.638456][ T1332] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.673072][ T7834] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.680602][ T7834] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.691755][ T7834] bridge_slave_0: entered allmulticast mode [ 272.701967][ T7834] bridge_slave_0: entered promiscuous mode [ 272.742855][ T7834] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.752347][ T7834] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.764085][ T7834] bridge_slave_1: entered allmulticast mode [ 272.778555][ T7834] bridge_slave_1: entered promiscuous mode [ 272.831659][ T1344] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.857894][ T1344] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.095598][ T7834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 273.459064][ T7834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 274.910432][ T7834] team0: Port device team_slave_0 added [ 275.038869][ T7834] team0: Port device team_slave_1 added [ 275.404659][ T7834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.425341][ T7834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.028687][ T7834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 276.044788][ T7834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.051947][ T7834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.080591][ T7834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 276.328481][ T7834] hsr_slave_0: entered promiscuous mode [ 276.432567][ T7834] hsr_slave_1: entered promiscuous mode [ 279.564443][ T7834] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 279.698292][ T7834] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 279.786019][ T7834] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 279.825563][ T7834] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 280.290599][ T7834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 280.441521][ T8055] netlink: 4 bytes leftover after parsing attributes in process `syz.2.641'. [ 280.479178][ T7834] 8021q: adding VLAN 0 to HW filter on device team0 [ 280.526502][ T1332] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.533681][ T1332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 280.644552][ T1332] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.651765][ T1332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.802548][ T8059] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 280.810251][ T8059] IPv6: NLM_F_CREATE should be set when creating new route [ 281.748092][ T8055] 8021q: adding VLAN 0 to HW filter on device team1 [ 281.990632][ T8059] lo: entered allmulticast mode [ 282.007332][ T8059] tunl0: entered allmulticast mode [ 282.080187][ T8059] gre0: entered allmulticast mode [ 282.109954][ T8059] gretap0: entered allmulticast mode [ 282.120013][ T8059] erspan0: entered allmulticast mode [ 282.129654][ T8059] ip_vti0: entered allmulticast mode [ 282.145582][ T8059] ip6_vti0: entered allmulticast mode [ 282.192858][ T8059] sit0: entered allmulticast mode [ 282.214070][ T8059] ip6tnl0: entered allmulticast mode [ 282.228713][ T8059] ip6gre0: entered allmulticast mode [ 282.240732][ T8059] syz_tun: entered allmulticast mode [ 282.496807][ T8059] ip6gretap0: entered allmulticast mode [ 282.511538][ T8059] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.519029][ T8059] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.527587][ T8059] bridge0: entered allmulticast mode [ 282.540825][ T8059] vcan0: entered allmulticast mode [ 282.555231][ T8059] bond0: entered allmulticast mode [ 282.560611][ T8059] bond_slave_0: entered allmulticast mode [ 282.568041][ T8059] bond_slave_1: entered allmulticast mode [ 282.580178][ T8059] team0: entered allmulticast mode [ 282.587221][ T8059] team_slave_0: entered allmulticast mode [ 282.593802][ T8059] team_slave_1: entered allmulticast mode [ 282.610316][ T8059] dummy0: entered allmulticast mode [ 282.711643][ T8059] nlmon0: entered allmulticast mode [ 282.726142][ T8059] caif0: entered allmulticast mode [ 282.731837][ T8059] batadv0: entered allmulticast mode [ 282.758284][ T8059] vxcan0: entered allmulticast mode [ 282.766059][ T8059] vxcan1: entered allmulticast mode [ 282.788015][ T8059] veth0: entered allmulticast mode [ 283.103292][ T8059] veth1: entered allmulticast mode [ 283.357174][ T8059] wg0: entered allmulticast mode [ 283.423399][ T8059] wg1: entered allmulticast mode [ 283.431420][ T8059] wg2: entered allmulticast mode [ 283.439865][ T8059] veth0_to_bridge: entered allmulticast mode [ 283.473347][ T8059] veth1_to_bridge: entered allmulticast mode [ 283.515509][ T8059] veth0_to_bond: entered allmulticast mode [ 283.549189][ T8059] veth1_to_bond: entered allmulticast mode [ 283.579852][ T8059] veth0_to_team: entered allmulticast mode [ 283.613594][ T8059] veth1_to_team: entered allmulticast mode [ 283.659152][ T8059] veth0_to_batadv: entered allmulticast mode [ 283.677959][ T8059] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.694504][ T8059] batadv_slave_0: entered allmulticast mode [ 283.718481][ T8059] veth1_to_batadv: entered allmulticast mode [ 283.733527][ T8059] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.744235][ T8059] batadv_slave_1: entered allmulticast mode [ 283.770494][ T8059] xfrm0: entered allmulticast mode [ 283.779680][ T8059] veth0_to_hsr: entered allmulticast mode [ 283.800912][ T8059] hsr_slave_0: entered allmulticast mode [ 283.820123][ T8059] veth1_to_hsr: entered allmulticast mode [ 283.845746][ T8080] binder: BINDER_SET_CONTEXT_MGR already set [ 283.846593][ T8059] hsr_slave_1: entered allmulticast mode [ 283.852040][ T8080] binder: 8077:8080 ioctl 4018620d 2000000002c0 returned -16 [ 283.865080][ T8059] hsr0: entered allmulticast mode [ 283.880608][ T8059] veth1_virt_wifi: entered allmulticast mode [ 283.892031][ T8059] veth0_virt_wifi: entered allmulticast mode [ 283.902324][ T8059] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 283.912753][ T8059] veth1_vlan: entered allmulticast mode [ 283.921912][ T8059] veth0_vlan: entered allmulticast mode [ 283.941381][ T8059] vlan0: entered allmulticast mode [ 283.949769][ T8059] vlan1: entered allmulticast mode [ 283.956371][ T8059] macvlan0: entered allmulticast mode [ 283.978947][ T8059] macvlan1: entered allmulticast mode [ 283.992514][ T8059] ipvlan0: entered allmulticast mode [ 283.998579][ T8059] ipvlan1: entered allmulticast mode [ 284.007400][ T8059] veth1_macvtap: entered allmulticast mode [ 284.065867][ T8059] veth0_macvtap: entered allmulticast mode [ 284.085489][ T8059] macvtap0: entered allmulticast mode [ 284.099339][ T8059] macsec0: entered allmulticast mode [ 284.109475][ T8059] geneve0: entered allmulticast mode [ 284.126896][ T8059] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.147548][ T8059] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.166480][ T8059] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.177762][ T8059] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.189597][ T8059] geneve1: entered allmulticast mode [ 284.200551][ T8059] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 284.213624][ T8059] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 284.229984][ T8059] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 284.254380][ T8059] netdevsim netdevsim1 netdevsim3: entered allmulticast mode [ 284.290810][ T8059] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 284.320564][ T8059] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 284.330462][ T8059] veth2: entered allmulticast mode [ 284.336465][ T8059] veth3: entered allmulticast mode [ 284.588068][ T8089] tipc: Started in network mode [ 284.600854][ T8089] tipc: Node identity 7f000001, cluster identity 4711 [ 284.622960][ T8089] tipc: Enabled bearer , priority 10 [ 284.689926][ T8089] tipc: Enabling of bearer rejected, failed to enable media [ 284.825298][ T8096] netlink: 4 bytes leftover after parsing attributes in process `syz.6.655'. [ 285.047933][ T8100] fuse: Bad value for 'fd' [ 285.613906][ T7834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 285.626884][ T43] tipc: Node number set to 2130706433 [ 287.687600][ T7834] veth0_vlan: entered promiscuous mode [ 287.729495][ T7834] veth1_vlan: entered promiscuous mode [ 287.876619][ T7834] veth0_macvtap: entered promiscuous mode [ 287.905098][ T7834] veth1_macvtap: entered promiscuous mode [ 287.974279][ T7834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 288.008010][ T7834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 288.033471][ T7834] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.121077][ T7834] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.172384][ T7834] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.190937][ T7834] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.374780][ T5929] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 288.555948][ T5929] usb 7-1: Using ep0 maxpacket: 16 [ 288.568386][ T5929] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 288.609848][ T6409] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.610143][ T5929] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x33, changing to 0x3 [ 288.657680][ T6409] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.707335][ T5929] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 288.778051][ T5929] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 57408, setting to 1024 [ 288.897540][ T5929] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024 [ 288.933245][ T6409] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.971586][ T6409] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.026398][ T5929] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 289.067184][ T5929] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 289.097334][ T5929] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 289.134965][ T5929] usb 7-1: Manufacturer: syz [ 289.177048][ T5929] usb 7-1: config 0 descriptor?? [ 289.814791][ T24] delete_channel: no stack [ 290.467345][ T43] usb 7-1: USB disconnect, device number 2 [ 292.599152][ T8192] netlink: 4 bytes leftover after parsing attributes in process `syz.1.684'. [ 294.546629][ T5848] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 294.560260][ T5848] CPU: 0 UID: 0 PID: 5848 Comm: kworker/u9:3 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 294.560290][ T5848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 294.560303][ T5848] Workqueue: hci0 hci_rx_work [ 294.560350][ T5848] Call Trace: [ 294.560361][ T5848] [ 294.560370][ T5848] dump_stack_lvl+0x189/0x250 [ 294.560396][ T5848] ? kernfs_path_from_node+0x2c/0x260 [ 294.560423][ T5848] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.560447][ T5848] ? __pfx__printk+0x10/0x10 [ 294.560476][ T5848] ? kernfs_path_from_node+0x2c/0x260 [ 294.560497][ T5848] ? kernfs_path_from_node+0x2c/0x260 [ 294.560522][ T5848] ? kernfs_path_from_node+0x22c/0x260 [ 294.560544][ T5848] ? kernfs_path_from_node+0x2c/0x260 [ 294.560571][ T5848] sysfs_create_dir_ns+0x259/0x280 [ 294.560597][ T5848] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 294.560623][ T5848] ? do_raw_spin_unlock+0x122/0x240 [ 294.560655][ T5848] kobject_add_internal+0x59f/0xb40 [ 294.560691][ T5848] kobject_add+0x155/0x220 [ 294.560721][ T5848] ? __pfx_kobject_add+0x10/0x10 [ 294.560746][ T5848] ? _raw_spin_unlock+0x28/0x50 [ 294.560778][ T5848] ? get_device_parent+0x366/0x3a0 [ 294.560812][ T5848] device_add+0x408/0xb50 [ 294.560845][ T5848] hci_conn_add_sysfs+0xd5/0x1e0 [ 294.560880][ T5848] le_conn_complete_evt+0xc3a/0x1220 [ 294.560921][ T5848] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 294.560948][ T5848] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 294.560968][ T5848] ? __asan_memcpy+0x40/0x70 [ 294.560998][ T5848] ? __pfx___mutex_lock+0x10/0x10 [ 294.561028][ T5848] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 294.561048][ T5848] ? skb_pull_data+0xfb/0x200 [ 294.561076][ T5848] hci_le_conn_complete_evt+0x187/0x450 [ 294.561110][ T5848] hci_event_packet+0x78c/0x1200 [ 294.561135][ T5848] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 294.561163][ T5848] ? __pfx_hci_event_packet+0x10/0x10 [ 294.561186][ T5848] ? kcov_remote_start+0x4d3/0x7f0 [ 294.561214][ T5848] ? lockdep_hardirqs_on+0x90/0x150 [ 294.561238][ T5848] ? hci_send_to_monitor+0xe2/0x570 [ 294.561268][ T5848] hci_rx_work+0x46a/0xe80 [ 294.561298][ T5848] ? process_scheduled_works+0x9ef/0x17b0 [ 294.561323][ T5848] process_scheduled_works+0xade/0x17b0 [ 294.561378][ T5848] ? __pfx_process_scheduled_works+0x10/0x10 [ 294.561419][ T5848] worker_thread+0x8a0/0xda0 [ 294.561472][ T5848] kthread+0x70e/0x8a0 [ 294.561502][ T5848] ? __pfx_worker_thread+0x10/0x10 [ 294.561522][ T5848] ? __pfx_kthread+0x10/0x10 [ 294.561549][ T5848] ? _raw_spin_unlock_irq+0x23/0x50 [ 294.561567][ T5848] ? lockdep_hardirqs_on+0x9c/0x150 [ 294.561585][ T5848] ? __pfx_kthread+0x10/0x10 [ 294.561612][ T5848] ret_from_fork+0x3fc/0x770 [ 294.561661][ T5848] ? __pfx_ret_from_fork+0x10/0x10 [ 294.561693][ T5848] ? __switch_to_asm+0x39/0x70 [ 294.561715][ T5848] ? __switch_to_asm+0x33/0x70 [ 294.561738][ T5848] ? __pfx_kthread+0x10/0x10 [ 294.561765][ T5848] ret_from_fork_asm+0x1a/0x30 [ 294.561808][ T5848] [ 294.561843][ T5848] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 294.885117][ T5848] Bluetooth: hci0: failed to register connection device [ 297.329692][ T30] kauditd_printk_skb: 291 callbacks suppressed [ 297.329709][ T30] audit: type=1804 audit(1754659379.692:386): pid=8238 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.7.698" name="/newroot/4/bus/file1" dev="overlay" ino=46 res=1 errno=0 [ 297.432984][ T30] audit: type=1800 audit(1754659379.702:387): pid=8238 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.7.698" name="file1" dev="overlay" ino=46 res=0 errno=0 [ 297.736453][ T8245] netlink: 'syz.3.699': attribute type 21 has an invalid length. [ 302.646580][ T8304] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 314.206760][ T8452] netlink: 40 bytes leftover after parsing attributes in process `syz.1.751'. [ 314.710858][ T8463] netlink: 12 bytes leftover after parsing attributes in process `syz.1.754'. [ 314.767829][ T8462] netlink: 28 bytes leftover after parsing attributes in process `syz.6.753'. [ 314.785178][ T8462] netlink: 28 bytes leftover after parsing attributes in process `syz.6.753'. [ 317.430471][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.442397][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 325.025471][ T8544] fuse: Bad value for 'fd' [ 325.303860][ T8549] tipc: Started in network mode [ 325.309187][ T8549] tipc: Node identity 7f000001, cluster identity 4711 [ 325.317256][ T8549] tipc: Enabled bearer , priority 10 [ 325.502834][ T8555] random: crng reseeded on system resumption [ 326.445114][ T5926] tipc: Node number set to 2130706433 [ 329.143350][ T8589] overlayfs: failed to clone upperpath [ 329.301604][ T8599] netlink: 28 bytes leftover after parsing attributes in process `syz.6.794'. [ 329.313557][ T8599] tipc: Started in network mode [ 329.320472][ T8599] tipc: Node identity 7, cluster identity 5 [ 329.333033][ T8599] tipc: Node number set to 7 [ 332.897640][ T8632] fuse: Bad value for 'fd' [ 332.983891][ T8635] netlink: 4 bytes leftover after parsing attributes in process `syz.6.804'. [ 334.238429][ T8648] vlan0: entered promiscuous mode [ 334.243860][ T8648] vlan0: entered allmulticast mode [ 334.292571][ T8648] hsr_slave_1: entered allmulticast mode [ 334.397969][ T8651] netlink: 28 bytes leftover after parsing attributes in process `syz.3.809'. [ 334.434846][ T8651] netlink: 8 bytes leftover after parsing attributes in process `syz.3.809'. [ 334.776356][ T8658] netlink: 24 bytes leftover after parsing attributes in process `syz.6.810'. [ 336.730951][ T8670] syz.1.813 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 339.432985][ T43] kernel read not supported for file /video37 (pid: 43 comm: kworker/1:1) [ 340.514876][ T43] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 340.926961][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 340.959177][ T43] usb 2-1: config 2 has an invalid interface number: 21 but max is 0 [ 340.994944][ T43] usb 2-1: config 2 has no interface number 0 [ 341.001289][ T43] usb 2-1: config 2 interface 21 has no altsetting 0 [ 341.018701][ T43] usb 2-1: New USB device found, idVendor=061d, idProduct=c140, bcdDevice=31.1e [ 341.048528][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.077202][ T43] usb 2-1: Product: syz [ 341.097464][ T43] usb 2-1: Manufacturer: syz [ 341.102208][ T43] usb 2-1: SerialNumber: syz [ 341.398812][ T8694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 341.452688][ T8694] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 341.501736][ T43] quatech2 2-1:2.21: Quatech 2nd gen USB to Serial Driver converter detected [ 341.545605][ T43] usb 2-1: qt2_attach - failed to power on unit: -71 [ 341.569051][ T43] quatech2 2-1:2.21: probe with driver quatech2 failed with error -71 [ 341.624824][ T43] usb 2-1: USB disconnect, device number 7 [ 341.764267][ T8722] bridge0: port 2(bridge_slave_1) entered disabled state [ 341.772046][ T8722] bridge0: port 1(bridge_slave_0) entered disabled state [ 341.859269][ T8722] bridge0: entered allmulticast mode [ 341.908517][ T8723] bridge_slave_1: left allmulticast mode [ 342.007661][ T8723] bridge_slave_1: left promiscuous mode [ 342.015783][ T8723] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.071895][ T8723] bridge_slave_0: left allmulticast mode [ 342.080676][ T8723] bridge_slave_0: left promiscuous mode [ 342.086804][ T8723] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.193079][ T8727] SET target dimension over the limit! [ 344.615405][ T8751] netlink: 'syz.2.836': attribute type 1 has an invalid length. [ 344.663085][ T8749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 344.700786][ T43] wlan1: No legacy rates in association response [ 344.765134][ T8748] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 347.447476][ T8778] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000083: 0000 [#1] SMP KASAN PTI [ 347.459593][ T8778] KASAN: null-ptr-deref in range [0x0000000000000418-0x000000000000041f] [ 347.468130][ T8778] CPU: 0 UID: 0 PID: 8778 Comm: syz.2.846 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 347.478053][ T8778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 347.488252][ T8778] RIP: 0010:fib_lookup_good_nhc+0x85/0x3d0 [ 347.494471][ T8778] Code: 4c 89 24 24 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 5b 77 2c f8 41 bc 18 04 00 00 4c 03 23 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 3c 77 2c f8 4d 8b 24 24 e8 13 fa [ 347.514200][ T8778] RSP: 0018:ffffc9000ed1f490 EFLAGS: 00010202 [ 347.520473][ T8778] RAX: 0000000000000083 RBX: ffff88805ba31320 RCX: 0000000000000002 [ 347.528640][ T8778] RDX: ffff888077c5da00 RSI: 0000000000000000 RDI: 0000000000000000 [ 347.536803][ T8778] RBP: ffff88805ba31337 R08: 0000000000000000 R09: ffffffff89f9895f [ 347.545136][ T8778] R10: 0000000000000008 R11: 0000000000000002 R12: 0000000000000418 [ 347.553204][ T8778] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff1100b746266 [ 347.561288][ T8778] FS: 00007f545e14b6c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000 [ 347.570547][ T8778] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 347.577246][ T8778] CR2: 000000110c2dcfb2 CR3: 000000006d3b6000 CR4: 00000000003526f0 [ 347.585427][ T8778] Call Trace: [ 347.588729][ T8778] [ 347.591858][ T8778] nexthop_get_nhc_lookup+0x1af/0x400 [ 347.597451][ T8778] fib_table_lookup+0xf26/0x16e0 [ 347.602507][ T8778] ? fib4_rule_action+0x8f/0x330 [ 347.607573][ T8778] fib4_rule_action+0x1fb/0x330 [ 347.612575][ T8778] ? __pfx_fib4_rule_action+0x10/0x10 [ 347.617969][ T8778] fib_rules_lookup+0x8a6/0xe90 [ 347.622898][ T8778] ? fib_rules_lookup+0x96/0xe90 [ 347.627961][ T8778] ? __pfx_fib_rules_lookup+0x10/0x10 [ 347.633364][ T8778] ? l3mdev_update_flow+0x29/0x640 [ 347.638662][ T8778] ? l3mdev_update_flow+0x4d1/0x640 [ 347.643861][ T8778] __fib_lookup+0xf9/0x200 [ 347.648394][ T8778] ? __pfx___fib_lookup+0x10/0x10 [ 347.653508][ T8778] ? __lock_acquire+0xab9/0xd20 [ 347.658409][ T8778] ? fib_lookup+0x49/0x440 [ 347.662835][ T8778] ? ip_route_output_key_hash_rcu+0x2d8/0x23a0 [ 347.668987][ T8778] ip_route_output_key_hash_rcu+0x2fb/0x23a0 [ 347.675058][ T8778] ? ip_route_output_key_hash+0xde/0x2e0 [ 347.680944][ T8778] ? ip_route_output_key_hash+0xde/0x2e0 [ 347.686684][ T8778] ip_route_output_key_hash+0x1b9/0x2e0 [ 347.692402][ T8778] ? register_lock_class+0x51/0x320 [ 347.697599][ T8778] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 347.703921][ T8778] tcp_v4_connect+0x73a/0x19d0 [ 347.709208][ T8778] ? __pfx_tcp_v4_connect+0x10/0x10 [ 347.714462][ T8778] mptcp_connect+0x52d/0x790 [ 347.719146][ T8778] __inet_stream_connect+0x2ab/0xe80 [ 347.724866][ T8778] ? __local_bh_enable_ip+0x12d/0x1c0 [ 347.730333][ T8778] ? __pfx___inet_stream_connect+0x10/0x10 [ 347.736304][ T8778] ? __local_bh_enable_ip+0x12d/0x1c0 [ 347.741940][ T8778] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 347.747839][ T8778] inet_stream_connect+0x66/0xa0 [ 347.752775][ T8778] __sys_connect+0x316/0x440 [ 347.757571][ T8778] ? __pfx___sys_connect+0x10/0x10 [ 347.763032][ T8778] ? rcu_is_watching+0x15/0xb0 [ 347.767875][ T8778] __x64_sys_connect+0x7a/0x90 [ 347.772647][ T8778] do_syscall_64+0xfa/0x3b0 [ 347.777256][ T8778] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.783438][ T8778] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 347.789172][ T8778] ? clear_bhb_loop+0x60/0xb0 [ 347.793844][ T8778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.799729][ T8778] RIP: 0033:0x7f545d38ebe9 [ 347.804143][ T8778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.825315][ T8778] RSP: 002b:00007f545e14b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 347.833836][ T8778] RAX: ffffffffffffffda RBX: 00007f545d5b5fa0 RCX: 00007f545d38ebe9 [ 347.842119][ T8778] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000004 [ 347.850195][ T8778] RBP: 00007f545d411e19 R08: 0000000000000000 R09: 0000000000000000 [ 347.858334][ T8778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 347.866381][ T8778] R13: 00007f545d5b6038 R14: 00007f545d5b5fa0 R15: 00007ffdfc26f898 [ 347.874362][ T8778] [ 347.877463][ T8778] Modules linked in: [ 347.882073][ T8778] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 347.950100][ T8778] RIP: 0010:fib_lookup_good_nhc+0x85/0x3d0 [ 348.096395][ T8778] Code: 4c 89 24 24 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 5b 77 2c f8 41 bc 18 04 00 00 4c 03 23 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 3c 77 2c f8 4d 8b 24 24 e8 13 fa [ 348.164779][ T8778] RSP: 0018:ffffc9000ed1f490 EFLAGS: 00010202 [ 348.188026][ T8778] RAX: 0000000000000083 RBX: ffff88805ba31320 RCX: 0000000000000002 [ 348.202078][ T8778] RDX: ffff888077c5da00 RSI: 0000000000000000 RDI: 0000000000000000 [ 348.210132][ T8778] RBP: ffff88805ba31337 R08: 0000000000000000 R09: ffffffff89f9895f [ 348.218255][ T8778] R10: 0000000000000008 R11: 0000000000000002 R12: 0000000000000418 [ 348.226696][ T8778] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff1100b746266 [ 348.245042][ T8778] FS: 00007f545e14b6c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000 [ 348.275185][ T8778] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 348.282163][ T8778] CR2: 00002000000a0030 CR3: 000000006d3b6000 CR4: 00000000003526f0 [ 348.304796][ T8778] Kernel panic - not syncing: Fatal exception [ 348.311309][ T8778] Kernel Offset: disabled [ 348.315825][ T8778] Rebooting in 86400 seconds..