last executing test programs: 8.887692015s ago: executing program 4 (id=1242): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r1, 0x4068aea3, &(0x7f0000000600)) 8.755725641s ago: executing program 1 (id=1243): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c) sendto$inet6(r0, &(0x7f0000000000)='\x00', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) shutdown(r0, 0x0) 8.348423923s ago: executing program 1 (id=1247): socket$inet(0x2, 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) open_tree(0xffffffffffffffff, 0x0, 0x89901) r2 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x3f73, 0x100, 0x0, 0x1a}, &(0x7f0000000340)=0x0, &(0x7f0000000600)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0xffffffffffffff3a, 0x3, 0xf4}]}, 0xffffffffffffff60, 0x1}, 0x1) r5 = socket$netlink(0x10, 0x3, 0x0) writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013000318680907070000000f0000ff3f3f000000170a001700000000040037000d00030001332564aa58b9a64411f6bbf44dc48f57", 0x39}], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r6, 0x0, 0x0, 0x0, 0x262, 0x1, {0x1}}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r7 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000200)) syz_genetlink_get_family_id$l2tp(&(0x7f0000000280), r5) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2020, 0x0) ioctl$USBDEVFS_IOCTL(r7, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$USBDEVFS_SETCONFIGURATION(r7, 0x80045505, &(0x7f0000000000)=0x1) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB]) 8.347350841s ago: executing program 4 (id=1248): socket$inet6(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac141400340008"], 0x2c}}, 0x4044) unshare(0x20400) socket$inet6_sctp(0xa, 0x801, 0x84) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$unix(r1, 0x0, 0x1) socket$can_bcm(0x1d, 0x2, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20) socket$unix(0x1, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x38}}, 0x10) 8.30610717s ago: executing program 2 (id=1249): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$kcm(0x10, 0x2, 0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) 8.121650768s ago: executing program 4 (id=1251): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet_smc(0x2b, 0x1, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x202) r3 = socket$key(0xf, 0x3, 0x2) sendmsg(r3, 0x0, 0xe0) fanotify_init(0x200, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r6 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0x27d}, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r6, 0x47f6, 0x0, 0x4, 0x0, 0x0) sendto$inet(r2, &(0x7f0000001780)='%U', 0x2, 0x24000015, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001", @ANYRES8=r1, @ANYRES32=r1], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e0003000f000000028000001294", 0x2e}], 0x1}, 0x0) 7.506074938s ago: executing program 2 (id=1253): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000) socketpair$unix(0x1, 0x3, 0x0, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000500)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r1, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x1000}, {0x0}], 0x2}}], 0x1, 0x700, 0x0) sendfile(r2, r1, 0x0, 0x578410eb) r4 = socket$kcm(0x10, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) socket$kcm(0x29, 0x5, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) timer_create(0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r4, 0x0, &(0x7f0000000280), 0x2, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000000000000080003851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1e, '\x00', 0x0, 0x0, r5}, 0x94) syz_open_dev$hiddev(&(0x7f0000000040), 0x7, 0x20000) 6.803875596s ago: executing program 0 (id=1254): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x28, 0x3e, 0x107, 0xfffffffe, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x909'}]}, @typed={0x4, 0x7}]}, 0x28}, 0x1, 0x0, 0x0, 0x404c001}, 0xc000) 6.395886932s ago: executing program 0 (id=1255): setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r5 = fanotify_init(0xf00, 0x0) fanotify_mark(r5, 0x105, 0x5000003a, r4, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x700, 0x0) 6.395278436s ago: executing program 2 (id=1256): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup(0xffffffffffffffff) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) sched_setscheduler(0x0, 0x2, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x8c) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1e) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890b, &(0x7f0000000000)) connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0xfffc, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) 5.922547977s ago: executing program 2 (id=1259): bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x1, 0x1, 0x1001, 0x4}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x13, 0x51, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5333}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.120104279s ago: executing program 1 (id=1262): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, &(0x7f0000000240)) 4.925122031s ago: executing program 2 (id=1264): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) removexattr(0x0, 0x0) accept4$bt_l2cap(0xffffffffffffffff, 0x0, 0x0, 0x800) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x3c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}]}, 0x3c}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000780)=@data_frame={@a_msdu=@type01={{0x0, 0x2, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0xa5}, @device_b, @random="c12b4ffb0bbb", @from_mac=@broadcast, {0x6, 0xb4d}, "", @void, @value=@ver_80211n={0x0, 0x5, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, @random="66bb6e4d789e59f4c919eada2d77789199bf31b1e660b80ed90cef68f6ce05d2d6bd8082d910bf3e7a0953043f3c54fd6d254742db3a9bac31499fce92972ae6ead14530605d4c0639"}, 0x65) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000001040)={'wlan1\x00'}) 4.898253219s ago: executing program 4 (id=1265): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r1, @ANYBLOB], 0x4c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newlink={0x68, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, r1, 0x0, 0x1c0d}, [@IFLA_LINKINFO={0x48, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x34, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e20}, @IFLA_GRE_TTL={0x5, 0x8, 0x4}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x7ef80}, @IFLA_GRE_REMOTE={0x14, 0x7, @mcast2}]}}}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x12) 4.787137978s ago: executing program 1 (id=1266): r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84242, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001ac0)={r3, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200"}}) socket(0x11, 0x1, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x40080) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$netlink(0x10, 0x3, 0x14) r5 = dup(0xffffffffffffffff) setsockopt$packet_buf(r5, 0x107, 0x16, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x30, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 4.786197446s ago: executing program 3 (id=1267): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 4.664737218s ago: executing program 4 (id=1268): pipe2(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x60680, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f00000000c0)=0x3ff) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) capset(0x0, 0x0) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'gretap0\x00'}) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000400ff0f0000"], 0x44}, 0x1, 0x0, 0x0, 0x20000881}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) sendmmsg$inet6(r4, 0x0, 0x0, 0x240008c8) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r6 = syz_io_uring_setup(0x4e1, &(0x7f0000000100)={0x0, 0x1ffffd, 0x10100, 0xfffffffe, 0x9}, &(0x7f0000000300)=0x0, 0x0) syz_io_uring_submit(r7, 0x0, 0x0) io_uring_enter(r6, 0x468f, 0xc4bc, 0x2c, 0x0, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) mq_open(0x0, 0x40, 0x9, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000045, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r1, 0x0, 0x110003) 3.211890578s ago: executing program 0 (id=1269): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000063010600000000009500000000000000f23a7a01924ebc046130943008df6282546a7d26d9ccbea16231036fad0421f5874da5c2714f54b36ebf9e75e79d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff8001}, 0x94) r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0xc8) fcntl$notify(r2, 0x402, 0x8000001c) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2) socket(0x15, 0x5, 0x0) openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r3 = gettid() setpriority(0x0, r3, 0x1ff) pselect6(0x40, &(0x7f0000000080)={0x5, 0x0, 0x120000000000, 0x2, 0x500, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x80000002}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) inotify_init() 3.130702847s ago: executing program 3 (id=1270): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, &(0x7f0000000080)={@hyper}) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper}) close_range(r0, 0xffffffffffffffff, 0x0) 1.696657276s ago: executing program 1 (id=1271): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0xa, 0x1, 0x106) setsockopt$sock_int(r1, 0x1, 0x7, 0x0, 0x0) sendmsg$kcm(r1, 0x0, 0x20000001) r2 = socket$tipc(0x1e, 0x5, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000140)={0x42, 0xf5, 0x1}, 0x10) sendmsg$tipc(r2, &(0x7f0000000400)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x0, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x8084) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000140), 0x0) vmsplice(r5, 0x0, 0x0, 0x100000000000000) close(r4) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000040)) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0303000000000a0000000c0000000700"], 0x1c}}, 0x0) getsockopt$SO_TIMESTAMP(r6, 0x1, 0x3f, &(0x7f0000000300), &(0x7f0000000380)=0x4) syz_emit_ethernet(0x10f, &(0x7f0000000480)={@remote, @broadcast, @void, {@ipv4={0x800, @icmp={{0xb, 0x4, 0x3, 0x3, 0x101, 0x66, 0x0, 0x2, 0x1, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x2a}, {[@noop, @timestamp={0x44, 0x14, 0x59, 0x0, 0x5, [0x5, 0x1, 0x0, 0x4]}]}}, @echo={0x8, 0x0, 0x0, 0x401, 0x6b, "fa8bd2c5730008a0a125896733541e16105e019c3eab7d49494a63752101ec31b3b941f792edb1635eb37150ada26c3003f541a0ac4bff3beb8207149a2956570527ee3be2ab6f96a9b9740a23b21386203902ebad3792250e61eea99a9b4ac883fe525be5ffb5b8bfa09a0cf014f8d6bf0852a7b24444f1a5e74f9d387ac8af38dce9b1b298faeda52dc7535e6871f6fc27d7e8f4ac92276d884208a2e02090695ce025d84ab6d14f148f872096ebf5e42e2328eaed407a798c1df5e83baa4fa14a94aeed41de3f033fa19d1f"}}}}}, &(0x7f0000000080)={0x0, 0x1, [0xf1a, 0x6db, 0x82f, 0x715]}) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r9 = accept4(r8, 0x0, 0x0, 0x800) sendmmsg$alg(r9, &(0x7f00000063c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x7f05}, @assoc={0x18, 0x117, 0x4, 0x7}, @iv={0x70, 0x117, 0x2, 0x56, "18683452325bb46b65f94e30334b735b1a84f414c59517ff643dc7e10b41331860163e1bc8a98014de29d1b932777c8739a9e61e997dc0792eb1e34f60703d49b9a14b7509ac241be3202ed4e1fbb4cd664b6c2b9f93"}, @iv={0x108, 0x117, 0x2, 0xf1, "78b5984a759df731539ee819bdf531be2c8ec4434db513ebbe7ae91f72ea4d669f53a50b8ef825cbeb871eb95af48cf1b9d3ffd9badc433941322e32eff27da31fe2af9b56e1c2dbc828625609394eb1a9b3be832e40bedfe5f14f55cd464c8f79bade43f247a57d6a8e66340bf5824ba409492a0d3b00ec0bead3d539b53c075d38b925751e990dd7d8fe0e6383c074593f5818901080f41d69573e61ae75c63054d9ed66bea997fd0be0ffc5d03975ed9952399ee80b36d60f8a8807ed0e66693b372bfaa75c9644611122a548fc3cb4573f63eae4f55c53e28753428e411603a4bd73ad23f1569c8c00ebb0449ca63f"}], 0x1c0, 0x14}], 0x1, 0x800) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000005"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0) bind$alg(r5, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-224-x86\x00'}, 0x58) 1.596601865s ago: executing program 0 (id=1272): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) 1.301122511s ago: executing program 3 (id=1273): socket$inet6(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac141400340008"], 0x2c}}, 0x4044) unshare(0x20400) socket$inet6_sctp(0xa, 0x801, 0x84) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$unix(r1, 0x0, 0x1) socket$can_bcm(0x1d, 0x2, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20) socket$unix(0x1, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x38}}, 0x10) 1.148344504s ago: executing program 1 (id=1274): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080000000000000010000009400000007ad416085"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c310001001000000950074000000000031fb0d3a42319fa204399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b60ac5ea9fca11027d19e93adb603deb92de3141e8fd7ac5b87a2070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba5fc4a5a17d103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e603950c6367587e8ece17d5c6e7c7514386f5125c0e2aa441cda5630047b770bc93868c63db6b6c27786aaff609c902fd65b951074957e967a8a3a405eaafbfafacdb7c2f6f32c251fadcd5a2e34b2efc310dae213aaad007975c26f6001f9b9dd2bf699781e0bbff554630fd9f9fff61813814a65b8e3bb2156ea642519206f26eb7359f732d497c0d4fdb4a735b9a7edd66dbed5f9e04c0fd41bd80a60d6b2508d0318bb94edcbda8ecbd30b320f9bab6efc65de00cdeac3c7383"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/packet\x00') lseek(r3, 0x6be5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000002480)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='devtmpfs\x00', 0x2200892, 0x0) pread64(r4, &(0x7f0000002240)=""/237, 0xed, 0x4eb) 929.988107ms ago: executing program 3 (id=1275): write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x5, 0x0, 0x2, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xffffffffffffff03, 0xfa00, {0x2, 0x0, 0x13f, 0x1}}, 0xfed7) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000580)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0x2ec66, 0x8, 0x8, 0x7, 0x800000000000009, 0x1, 0x1, 0x10000, 0x100, 0x9004, 0x40000000000000, 0x3, 0x5, 0x5, 0x49, 0x3ff, 0x2, 0x0, 0xb, 0x8000000008, 0x7, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0x96, 0x5, 0xffffffff00000000, 0x0, 0x9, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0x8, 0x8, 0x6, 0x6, 0xffffffffffffffff, 0xa3de, 0x20000000006, 0x8, 0x5c3e, 0x400, 0x1, 0x5, 0xfffffffffffffffa, 0x1, 0x11, 0x7, 0x4, 0x100000000, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffefffffffb, 0xc, 0xd, 0x9, 0xe8, 0x80000000, 0xfffffffffffffc00, 0x2, 0x9, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x8, 0xfff, 0x6, 0x4, 0x6, 0xab6, 0x0, 0x4, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x5, 0xff8, 0x5, 0x400000000008061d, 0x6, 0x8, 0xf6, 0x7, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x2, 0x2, 0x6, 0x5, 0x0, 0xd, 0xffffffffffffffff, 0x5, 0x2, 0x2, 0x7, 0xdfd7, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0x3ffc00000, 0x8, 0x3]}) ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 810.362225ms ago: executing program 0 (id=1276): sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x800) r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x34, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a72601"], 0x26c0}}, 0x4010) sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r0, 0x800, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_MRU={0x6, 0x1d, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008044}, 0x40800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004a40)=ANY=[@ANYBLOB="c0260000410007010000000007000000027c00000400fc80a72601"], 0x26c0}}, 0x4010) 547.592925ms ago: executing program 4 (id=1277): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r1, &(0x7f0000000080)=ANY=[], 0x6) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)={0x28, r4, 0x1, 0xfffffd, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'eth', 0x3a, 'gre0\x00'}}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000040)={0x0, 0x1, 0xba, 0x757}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000002c0)={'gre0\x00', &(0x7f0000000440)={'sit0\x00', 0x0, 0x7800, 0x10, 0xff, 0x2, {{0x26, 0x4, 0x1, 0x1, 0x98, 0x68, 0x0, 0x2, 0x4, 0x0, @broadcast, @local, {[@end, @end, @timestamp_addr={0x44, 0x3c, 0x80, 0x1, 0x9, [{@broadcast, 0x6}, {@empty, 0x2}, {@multicast1, 0x8}, {@private=0xa010101, 0x6}, {@broadcast, 0x5e4}, {@private=0xa010102, 0x7fffffff}, {@rand_addr=0x64010101, 0x10000}]}, @cipso={0x86, 0x30, 0x2, [{0x0, 0xd, "fc03c3386427e4d9cf6d26"}, {0x6, 0xc, "07571d50550851f3886c"}, {0x7, 0x11, "6940e8da5475d8ecf04efdb6d7430e"}]}, @timestamp_addr={0x44, 0x14, 0x1b, 0x1, 0x9, [{@broadcast, 0x6}, {@private=0xa010102, 0x92f}]}]}}}}}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)={0x2, 0x4, 0x8, 0x1, 0x80, r5, 0xfc, '\x00', r6, 0xffffffffffffffff, 0x0, 0x3, 0x3}, 0x50) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)={0x11c, r4, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x38, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x46e}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7f}]}, @TIPC_NLA_LINK={0x98, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x40}, 0x4044) sendmsg$kcm(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000400)=[{0x0, 0x50}, {&(0x7f00000003c0)="8f78c0e8b122c99d431db6ab0cc587ff79a24e3ad68dc34803e8220924a4", 0x1e}], 0x2}, 0x90) 324.650522ms ago: executing program 2 (id=1278): r0 = socket$kcm(0x10, 0x2, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x70bd26, 0x0, {}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r2}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048050}, 0x0) 227.493382ms ago: executing program 0 (id=1279): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040)) 216.798755ms ago: executing program 3 (id=1280): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000002140)={0x1c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x880}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x6c}}, 0x8040) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, 0x0, 0x32600) syz_emit_ethernet(0x46, &(0x7f0000000680)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '!\x00', 0x10, 0x6, 0x0, @private0, @mcast2, {[], @ndisc_ra}}}}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r3, 0x1, 0x37, 0xffffffffffffffff, &(0x7f0000000540)) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002280)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000002200)=@newspdinfo={0x1c, 0x24, 0x1, 0x70bd28, 0x25dfdbfc, 0x1, [@XFRMA_SPD_IPV6_HTHRESH={0x6}]}, 0x1c}}, 0x8080) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0xb, 0x10, r2, 0x2bfa7000) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r5, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x85, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x85, 0x0, 0x0) 0s ago: executing program 3 (id=1281): openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.208' (ED25519) to the list of known hosts. [ 82.948413][ T5822] cgroup: Unknown subsys name 'net' [ 83.063719][ T5822] cgroup: Unknown subsys name 'cpuset' [ 83.072824][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.790060][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.572787][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.600367][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.608541][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.617591][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.625649][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.633951][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.642765][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.650844][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.658976][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.667113][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.675074][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.676576][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.682842][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.689678][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.697661][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.711272][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.712093][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.720116][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.726014][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.742985][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.743709][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.768794][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.776185][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.809118][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.825275][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.519508][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 88.651395][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 88.817452][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 88.914322][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 88.933456][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 88.962711][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.970064][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.977418][ T5843] bridge_slave_0: entered allmulticast mode [ 88.986505][ T5843] bridge_slave_0: entered promiscuous mode [ 89.032931][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.040600][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.047822][ T5843] bridge_slave_1: entered allmulticast mode [ 89.055902][ T5843] bridge_slave_1: entered promiscuous mode [ 89.063416][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.071659][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.079537][ T5836] bridge_slave_0: entered allmulticast mode [ 89.086666][ T5836] bridge_slave_0: entered promiscuous mode [ 89.144183][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.151421][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.158950][ T5836] bridge_slave_1: entered allmulticast mode [ 89.167053][ T5836] bridge_slave_1: entered promiscuous mode [ 89.289279][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.302873][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.329714][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.396518][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.421060][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.428429][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.435670][ T5840] bridge_slave_0: entered allmulticast mode [ 89.443465][ T5840] bridge_slave_0: entered promiscuous mode [ 89.451597][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.459408][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.466561][ T5837] bridge_slave_0: entered allmulticast mode [ 89.474821][ T5837] bridge_slave_0: entered promiscuous mode [ 89.511727][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.519120][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.526280][ T5832] bridge_slave_0: entered allmulticast mode [ 89.534616][ T5832] bridge_slave_0: entered promiscuous mode [ 89.542315][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.549933][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.557087][ T5840] bridge_slave_1: entered allmulticast mode [ 89.565684][ T5840] bridge_slave_1: entered promiscuous mode [ 89.572650][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.580275][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.587432][ T5837] bridge_slave_1: entered allmulticast mode [ 89.594874][ T5837] bridge_slave_1: entered promiscuous mode [ 89.622057][ T5843] team0: Port device team_slave_0 added [ 89.643608][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.650885][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.658655][ T5832] bridge_slave_1: entered allmulticast mode [ 89.665805][ T5832] bridge_slave_1: entered promiscuous mode [ 89.716207][ T5843] team0: Port device team_slave_1 added [ 89.741499][ T5836] team0: Port device team_slave_0 added [ 89.776327][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.789488][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.799206][ T5848] Bluetooth: hci0: command tx timeout [ 89.807575][ T5836] team0: Port device team_slave_1 added [ 89.828247][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.835300][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.861383][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.878768][ T5834] Bluetooth: hci3: command tx timeout [ 89.878781][ T5838] Bluetooth: hci2: command tx timeout [ 89.878915][ T5838] Bluetooth: hci1: command tx timeout [ 89.884422][ T5848] Bluetooth: hci4: command tx timeout [ 89.907714][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.932473][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.971549][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.978679][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.005078][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.017171][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.024500][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.051085][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.065093][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.102616][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.109650][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.135740][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.164947][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.194596][ T5840] team0: Port device team_slave_0 added [ 90.203535][ T5837] team0: Port device team_slave_0 added [ 90.213303][ T5837] team0: Port device team_slave_1 added [ 90.238886][ T5840] team0: Port device team_slave_1 added [ 90.300572][ T5832] team0: Port device team_slave_0 added [ 90.352098][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.359498][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.386455][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.413204][ T5832] team0: Port device team_slave_1 added [ 90.435925][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.443442][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.469828][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.487756][ T5843] hsr_slave_0: entered promiscuous mode [ 90.494321][ T5843] hsr_slave_1: entered promiscuous mode [ 90.502477][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.509712][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.536397][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.554137][ T5836] hsr_slave_0: entered promiscuous mode [ 90.560576][ T5836] hsr_slave_1: entered promiscuous mode [ 90.566751][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.574628][ T5836] Cannot create hsr debugfs directory [ 90.595728][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.603196][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.630186][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.700324][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.707394][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.733765][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.746508][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.753632][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.785381][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.012753][ T5840] hsr_slave_0: entered promiscuous mode [ 91.019888][ T5840] hsr_slave_1: entered promiscuous mode [ 91.026366][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.084141][ T5840] Cannot create hsr debugfs directory [ 91.129976][ T5837] hsr_slave_0: entered promiscuous mode [ 91.136259][ T5837] hsr_slave_1: entered promiscuous mode [ 91.143464][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.151168][ T5837] Cannot create hsr debugfs directory [ 91.164181][ T5832] hsr_slave_0: entered promiscuous mode [ 91.171118][ T5832] hsr_slave_1: entered promiscuous mode [ 91.177170][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.185094][ T5832] Cannot create hsr debugfs directory [ 91.687614][ T5843] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.702624][ T5843] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.740842][ T5843] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.762217][ T5843] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.828464][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.860780][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.878982][ T5848] Bluetooth: hci0: command tx timeout [ 91.887275][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.914572][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.959427][ T5838] Bluetooth: hci3: command tx timeout [ 91.960190][ T5846] Bluetooth: hci2: command tx timeout [ 91.964875][ T5838] Bluetooth: hci1: command tx timeout [ 91.965012][ T5848] Bluetooth: hci4: command tx timeout [ 91.984131][ T5836] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.992555][ T3201] cfg80211: failed to load regulatory.db [ 92.011218][ T5836] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.046359][ T5836] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.060223][ T5836] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.153389][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.172858][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.214852][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.265110][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.382955][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.396945][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.407868][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.427334][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.449687][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.542975][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.595730][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.603073][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.615278][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.622454][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.656894][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.727313][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.779633][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.803405][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.810882][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.836351][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.853315][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.860613][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.893672][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.923046][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.983797][ T993] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.991057][ T993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.025744][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.053020][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.071768][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.078927][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.111924][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.119280][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.135871][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.143114][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.206846][ T2983] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.214115][ T2983] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.236926][ T993] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.244124][ T993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.323812][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.511617][ T5837] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.695095][ T5843] veth0_vlan: entered promiscuous mode [ 93.777261][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.838115][ T5843] veth1_vlan: entered promiscuous mode [ 93.976693][ T5848] Bluetooth: hci0: command tx timeout [ 94.030544][ T5843] veth0_macvtap: entered promiscuous mode [ 94.038611][ T5848] Bluetooth: hci2: command tx timeout [ 94.038783][ T5846] Bluetooth: hci4: command tx timeout [ 94.044037][ T5848] Bluetooth: hci1: command tx timeout [ 94.049594][ T5834] Bluetooth: hci3: command tx timeout [ 94.122576][ T5843] veth1_macvtap: entered promiscuous mode [ 94.137184][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.187419][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.217862][ T5840] veth0_vlan: entered promiscuous mode [ 94.262799][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.283331][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.303229][ T5843] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.316263][ T5843] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.325980][ T5843] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.340252][ T5843] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.364527][ T5840] veth1_vlan: entered promiscuous mode [ 94.405661][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.532931][ T5840] veth0_macvtap: entered promiscuous mode [ 94.598086][ T5840] veth1_macvtap: entered promiscuous mode [ 94.654462][ T993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.660854][ T5837] veth0_vlan: entered promiscuous mode [ 94.674972][ T993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.686445][ T5832] veth0_vlan: entered promiscuous mode [ 94.745579][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.756973][ T5837] veth1_vlan: entered promiscuous mode [ 94.780241][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.794121][ T5832] veth1_vlan: entered promiscuous mode [ 94.802729][ T2983] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.818873][ T2983] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.825619][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.835891][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.845417][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.855460][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.952858][ T5836] veth0_vlan: entered promiscuous mode [ 94.973455][ T5836] veth1_vlan: entered promiscuous mode [ 94.980616][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.984678][ T5837] veth0_macvtap: entered promiscuous mode [ 95.022296][ T5837] veth1_macvtap: entered promiscuous mode [ 95.070228][ T5832] veth0_macvtap: entered promiscuous mode [ 95.120328][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.165742][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.172780][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.199169][ T5832] veth1_macvtap: entered promiscuous mode [ 95.199971][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.266134][ T5958] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4'. [ 95.269915][ T5836] veth0_macvtap: entered promiscuous mode [ 95.286991][ T5837] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.298974][ T5837] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.307841][ T5837] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.317409][ T5837] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.344340][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.366813][ T993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.367760][ T5836] veth1_macvtap: entered promiscuous mode [ 95.385349][ T993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.466626][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.543328][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.572305][ T5832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.586679][ T5832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.600139][ T5832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.609260][ T5832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.663227][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.738853][ T5965] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 95.812253][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.824763][ T5836] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.842649][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.844854][ T5836] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.867404][ T5836] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.876648][ T5836] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.991532][ T5940] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.006044][ T5940] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.039606][ T5848] Bluetooth: hci0: command tx timeout [ 96.120794][ T5838] Bluetooth: hci3: command tx timeout [ 96.120813][ T5846] Bluetooth: hci2: command tx timeout [ 96.120852][ T5846] Bluetooth: hci1: command tx timeout [ 96.126270][ T5848] Bluetooth: hci4: command tx timeout [ 96.154547][ T993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.170364][ T993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.389763][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.397657][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.581638][ T5940] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.618107][ T5940] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.874422][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.904043][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.310700][ T6000] Zero length message leads to an empty skb [ 97.551550][ T6005] syzkaller0: entered promiscuous mode [ 97.573560][ T6005] syzkaller0: entered allmulticast mode [ 97.630697][ T6014] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 97.897329][ T6018] team0: No ports can be present during mode change [ 98.045257][ T6020] tipc: Started in network mode [ 98.099064][ T6020] tipc: Node identity 1607d8409b7f, cluster identity 4711 [ 98.106479][ T6020] tipc: Enabled bearer , priority 0 [ 98.167103][ T6022] syzkaller0: entered promiscuous mode [ 98.172997][ T6022] syzkaller0: entered allmulticast mode [ 98.207889][ T6020] tipc: Resetting bearer [ 98.268332][ T6019] tipc: Resetting bearer [ 98.350340][ T6019] tipc: Disabling bearer [ 98.751189][ T6046] netlink: 8 bytes leftover after parsing attributes in process `syz.4.30'. [ 98.818673][ T6046] ip_vti0: Master is either lo or non-ether device [ 98.889562][ T3201] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 99.089292][ T3201] usb 1-1: Using ep0 maxpacket: 16 [ 99.111966][ T3201] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 99.146949][ T3201] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 99.167031][ T3201] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.179942][ T3201] usb 1-1: Product: syz [ 99.184242][ T3201] usb 1-1: Manufacturer: syz [ 99.193371][ T3201] usb 1-1: SerialNumber: syz [ 99.217589][ T3201] usb 1-1: config 0 descriptor?? [ 99.271341][ T3201] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 99.307149][ T3201] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 99.651859][ T6067] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.880274][ T3201] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 99.918221][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!! [ 100.265111][ T6080] netlink: 20 bytes leftover after parsing attributes in process `syz.2.44'. [ 100.368665][ T3201] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 100.399885][ T3201] em28xx 1-1:0.0: board has no eeprom [ 100.604798][ T6086] syzkaller1: entered promiscuous mode [ 100.612734][ T6086] syzkaller1: entered allmulticast mode [ 101.001358][ T6084] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.388607][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 101.480346][ T6044] em28xx 1-1:0.0: reading from i2c device at 0x138 failed (error=-5) [ 101.538134][ T3201] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 101.584821][ T3201] em28xx 1-1:0.0: dvb set to bulk mode. [ 101.611300][ T44] em28xx 1-1:0.0: Binding DVB extension [ 101.651560][ T3201] usb 1-1: USB disconnect, device number 2 [ 101.710224][ T3201] em28xx 1-1:0.0: Disconnecting em28xx [ 101.759674][ T6099] netlink: 'syz.3.52': attribute type 1 has an invalid length. [ 101.766733][ T6096] syz_tun: entered promiscuous mode [ 101.825538][ T6096] syz_tun: left promiscuous mode [ 101.849624][ T44] em28xx 1-1:0.0: Registering input extension [ 101.898619][ T3201] em28xx 1-1:0.0: Closing input extension [ 101.939204][ T3201] em28xx 1-1:0.0: Freeing device [ 102.056935][ T6106] veth3: entered promiscuous mode [ 102.689121][ T6129] netlink: 180 bytes leftover after parsing attributes in process `syz.1.59'. [ 103.674626][ T6141] syz_tun: entered promiscuous mode [ 103.720370][ T6141] syz_tun: left promiscuous mode [ 104.168736][ T977] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 104.328265][ T977] usb 5-1: Using ep0 maxpacket: 16 [ 104.342607][ T977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 104.378330][ T977] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 104.401112][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.418326][ T977] usb 5-1: Product: syz [ 104.425900][ T6160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.72'. [ 104.428090][ T977] usb 5-1: Manufacturer: syz [ 104.451566][ T6160] netlink: 16 bytes leftover after parsing attributes in process `syz.2.72'. [ 104.456414][ T977] usb 5-1: SerialNumber: syz [ 104.487546][ T977] usb 5-1: config 0 descriptor?? [ 104.511723][ T977] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 104.531595][ T977] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 104.653000][ T6164] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 105.111939][ T977] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 105.227088][ T6175] syz_tun: entered promiscuous mode [ 105.262519][ T6175] syz_tun: left promiscuous mode [ 105.567630][ T6178] netlink: 180 bytes leftover after parsing attributes in process `syz.2.78'. [ 105.578737][ T6179] netlink: 180 bytes leftover after parsing attributes in process `syz.2.78'. [ 105.681539][ T977] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 105.704859][ T977] em28xx 5-1:0.0: board has no eeprom [ 105.800924][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 106.601649][ T6191] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 106.841386][ T6145] em28xx 5-1:0.0: reading from i2c device at 0x138 failed (error=-5) [ 106.898239][ T977] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 106.923668][ T977] em28xx 5-1:0.0: dvb set to bulk mode. [ 106.938129][ T10] em28xx 5-1:0.0: Binding DVB extension [ 106.978569][ T977] usb 5-1: USB disconnect, device number 2 [ 107.149768][ T977] em28xx 5-1:0.0: Disconnecting em28xx [ 107.197176][ T10] em28xx 5-1:0.0: Registering input extension [ 107.248430][ T977] em28xx 5-1:0.0: Closing input extension [ 107.313085][ T977] em28xx 5-1:0.0: Freeing device [ 108.180975][ T6226] netlink: zone id is out of range [ 108.186632][ T6226] netlink: zone id is out of range [ 108.193160][ T6226] netlink: zone id is out of range [ 108.209593][ T6226] netlink: zone id is out of range [ 108.221892][ T6226] netlink: zone id is out of range [ 108.273581][ T6226] netlink: zone id is out of range [ 108.370292][ T6226] netlink: zone id is out of range [ 108.494111][ T6227] netlink: del zone limit has 4 unknown bytes [ 108.554174][ T6226] netlink: zone id is out of range [ 109.409467][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.420166][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.431121][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.513289][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.522536][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.531979][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.540641][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.398193][ T3201] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 110.416137][ T6262] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 110.472689][ T6262] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 110.511369][ T6262] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 110.523583][ T6262] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 110.534079][ T6262] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 110.558546][ T6262] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 110.570572][ T6262] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 110.608751][ T3201] usb 4-1: Using ep0 maxpacket: 16 [ 110.618525][ T6262] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 110.627886][ T3201] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 110.650992][ T3201] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 110.678559][ T3201] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.693693][ T6262] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 110.705342][ T3201] usb 4-1: Product: syz [ 110.713491][ T3201] usb 4-1: Manufacturer: syz [ 110.718285][ T3201] usb 4-1: SerialNumber: syz [ 110.726148][ T3201] usb 4-1: config 0 descriptor?? [ 110.734991][ T3201] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 110.748704][ T3201] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 110.764365][ T6262] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 110.813315][ T6262] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 110.837964][ T6262] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 110.877693][ T6262] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 110.923538][ T6262] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 111.134065][ T6262] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 111.344243][ T3201] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 111.814908][ T3201] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 111.828459][ T3201] em28xx 4-1:0.0: board has no eeprom [ 112.358645][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 112.598591][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 112.601835][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 112.849716][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 112.918253][ T5834] Bluetooth: hci4: command 0x0c1a tx timeout [ 112.927921][ T6259] em28xx 4-1:0.0: reading from i2c device at 0x138 failed (error=-5) [ 112.978552][ T3201] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 113.012301][ T3201] em28xx 4-1:0.0: dvb set to bulk mode. [ 113.046151][ T5905] em28xx 4-1:0.0: Binding DVB extension [ 113.135714][ T3201] usb 4-1: USB disconnect, device number 2 [ 113.172129][ T3201] em28xx 4-1:0.0: Disconnecting em28xx [ 113.320065][ T5905] em28xx 4-1:0.0: Registering input extension [ 113.345810][ T3201] em28xx 4-1:0.0: Closing input extension [ 113.429547][ T3201] em28xx 4-1:0.0: Freeing device [ 114.438962][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 114.599148][ T6359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.124'. [ 114.608285][ T6359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.124'. [ 114.697587][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 114.703734][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 114.779740][ T6351] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 114.808590][ T6351] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 114.875387][ T6351] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 114.911089][ T6351] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 114.985362][ T6351] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 115.764717][ T6376] tipc: Started in network mode [ 115.791456][ T6376] tipc: Node identity ca55b45b72a5, cluster identity 4711 [ 115.855466][ T6376] tipc: Enabled bearer , priority 0 [ 115.913348][ T6377] syzkaller0: entered promiscuous mode [ 115.959972][ T6377] syzkaller0: entered allmulticast mode [ 116.112056][ T6375] tipc: Resetting bearer [ 116.275395][ T6375] tipc: Disabling bearer [ 116.761037][ T6399] bridge0: entered promiscuous mode [ 116.783967][ T6399] vlan2: entered promiscuous mode [ 116.809467][ T6399] bridge0: port 3(vlan2) entered blocking state [ 116.845084][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 116.851986][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 116.853897][ T6399] bridge0: port 3(vlan2) entered disabled state [ 116.879623][ T6399] vlan2: entered allmulticast mode [ 116.889534][ T6399] bridge0: entered allmulticast mode [ 116.903944][ T6399] vlan2: left allmulticast mode [ 116.916227][ T6399] bridge0: left allmulticast mode [ 116.924619][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 116.924650][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 117.003963][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout [ 117.019773][ T6395] syz.1.134 (6395) used greatest stack depth: 16184 bytes left [ 117.112714][ T6410] netlink: 180 bytes leftover after parsing attributes in process `syz.4.137'. [ 117.829373][ T6423] net_ratelimit: 12 callbacks suppressed [ 117.829396][ T6423] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 118.174242][ T6418] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 118.238143][ T6418] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 118.330416][ T6418] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 118.418670][ T6418] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 118.425070][ T6418] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 118.641146][ T6438] tipc: Started in network mode [ 118.678294][ T6438] tipc: Node identity 4a2f6a79b1d1, cluster identity 4711 [ 118.711907][ T6438] tipc: Enabled bearer , priority 0 [ 118.730722][ T6438] tipc: Resetting bearer [ 118.885189][ T6437] tipc: Disabling bearer [ 120.132500][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 120.249636][ T6445] fuse: Unknown parameter 'grou00000000000000000000' [ 120.282424][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 120.289166][ T5905] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 120.362722][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 120.458230][ T5905] usb 1-1: Using ep0 maxpacket: 16 [ 120.470176][ T5905] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 120.480993][ T5905] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 120.526933][ T5834] Bluetooth: hci4: command 0x0c1a tx timeout [ 120.533284][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 120.882480][ T5905] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 120.924583][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.954007][ T5905] usb 1-1: Product: syz [ 120.964151][ T5905] usb 1-1: Manufacturer: syz [ 120.981415][ T5905] usb 1-1: SerialNumber: syz [ 121.035777][ T5905] usb 1-1: config 0 descriptor?? [ 121.627550][ T6483] tipc: Enabled bearer , priority 0 [ 121.645570][ T6483] tipc: Resetting bearer [ 121.851393][ T6482] tipc: Disabling bearer [ 121.861954][ T6487] netlink: 8 bytes leftover after parsing attributes in process `syz.1.156'. [ 121.877991][ T6487] netlink: 4 bytes leftover after parsing attributes in process `syz.1.156'. [ 122.325814][ T6494] netlink: 28 bytes leftover after parsing attributes in process `syz.1.159'. [ 122.336939][ T6494] netlink: 28 bytes leftover after parsing attributes in process `syz.1.159'. [ 122.390776][ T6492] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 122.390776][ T6492] program syz.3.158 not setting count and/or reply_len properly [ 122.408741][ T6494] batman_adv: batadv0: Adding interface: dummy0 [ 122.415035][ T6494] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.496196][ T6494] batman_adv: batadv0: Interface activated: dummy0 [ 122.555695][ T6497] batadv0: mtu less than device minimum [ 122.567163][ T6497] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.578836][ T6497] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.590116][ T6497] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.601372][ T6497] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.612611][ T6497] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.623887][ T6497] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.635138][ T6497] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.646379][ T6497] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.942777][ T977] usb 1-1: USB disconnect, device number 3 [ 123.639469][ T6522] netlink: 8 bytes leftover after parsing attributes in process `syz.4.169'. [ 123.663932][ T6522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.169'. [ 124.092854][ T6513] fuse: Unknown parameter 'grou00000000000000000000' [ 124.617896][ T6539] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 124.617896][ T6539] program syz.4.175 not setting count and/or reply_len properly [ 124.634381][ T6541] netlink: 4 bytes leftover after parsing attributes in process `syz.1.174'. [ 126.168460][ T6584] tipc: Enabling of bearer rejected, failed to enable media [ 126.239976][ T6576] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 126.280543][ T6576] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 126.375813][ T6576] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.395453][ T6579] syzkaller0: entered promiscuous mode [ 126.403119][ T6579] syzkaller0: entered allmulticast mode [ 126.415052][ T6576] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 126.475287][ T6576] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 127.070783][ T6605] netlink: 4 bytes leftover after parsing attributes in process `syz.4.192'. [ 127.236291][ T6614] netlink: 360 bytes leftover after parsing attributes in process `syz.0.194'. [ 127.480438][ T6620] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 127.480438][ T6620] program syz.4.196 not setting count and/or reply_len properly [ 127.649488][ T6625] tipc: Enabled bearer , priority 0 [ 127.660614][ T6625] tipc: Resetting bearer [ 127.708952][ T6623] tipc: Disabling bearer [ 128.082945][ T6639] netlink: 8 bytes leftover after parsing attributes in process `syz.1.206'. [ 128.118210][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 128.119068][ T6639] netlink: 4 bytes leftover after parsing attributes in process `syz.1.206'. [ 128.276430][ T6641] netlink: 4 bytes leftover after parsing attributes in process `syz.3.207'. [ 128.358219][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 128.441326][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 128.441335][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 128.495267][ T6654] ieee802154 phy0 wpan0: encryption failed: -22 [ 128.498789][ T6651] syzkaller0: entered promiscuous mode [ 128.519326][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout [ 128.538153][ T6651] syzkaller0: entered allmulticast mode [ 128.852165][ T6650] fuse: Unknown parameter 'group_i00000000000000000000' [ 129.285925][ T6679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.221'. [ 129.318487][ T6679] netlink: 4 bytes leftover after parsing attributes in process `syz.0.221'. [ 129.516360][ T6686] netlink: 8 bytes leftover after parsing attributes in process `syz.2.219'. [ 129.525483][ T6686] netlink: 4 bytes leftover after parsing attributes in process `syz.2.219'. [ 131.395084][ T6724] netlink: 360 bytes leftover after parsing attributes in process `syz.3.235'. [ 131.482357][ T6716] fuse: Unknown parameter 'group_i00000000000000000000' [ 132.427852][ T6755] __nla_validate_parse: 1 callbacks suppressed [ 132.427887][ T6755] netlink: 360 bytes leftover after parsing attributes in process `syz.2.247'. [ 132.546747][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.1.246'. [ 132.555958][ T6756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.246'. [ 132.766688][ T6759] syz_tun: entered promiscuous mode [ 132.795253][ T6759] vlan2: entered promiscuous mode [ 132.929159][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.937707][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.964032][ T6764] netlink: 8 bytes leftover after parsing attributes in process `syz.3.250'. [ 132.997826][ T6764] netlink: 4 bytes leftover after parsing attributes in process `syz.3.250'. [ 133.511078][ T6771] syzkaller0: entered promiscuous mode [ 133.552302][ T6771] syzkaller0: entered allmulticast mode [ 133.641269][ T6765] fuse: Unknown parameter 'group_i00000000000000000000' [ 134.028280][ T6776] netlink: 44 bytes leftover after parsing attributes in process `syz.4.255'. [ 134.342897][ T6782] netlink: 360 bytes leftover after parsing attributes in process `syz.4.259'. [ 134.661245][ T6795] net_ratelimit: 11 callbacks suppressed [ 134.661268][ T6795] netlink: zone id is out of range [ 134.678739][ T6795] netlink: zone id is out of range [ 134.686136][ T6795] netlink: zone id is out of range [ 134.707228][ T6795] netlink: zone id is out of range [ 134.985752][ T6797] netlink: del zone limit has 4 unknown bytes [ 135.113721][ T6795] netlink: set zone limit has 4 unknown bytes [ 135.180059][ T6806] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 135.180059][ T6806] program syz.2.266 not setting count and/or reply_len properly [ 135.875811][ T6814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.268'. [ 135.908168][ T6814] netlink: 4 bytes leftover after parsing attributes in process `syz.0.268'. [ 136.074986][ T6807] fuse: Unknown parameter 'group_id00000000000000000000' [ 136.571768][ T6822] netlink: 8 bytes leftover after parsing attributes in process `syz.4.272'. [ 137.130948][ T6834] syzkaller0: entered promiscuous mode [ 137.159527][ T6834] syzkaller0: entered allmulticast mode [ 137.226060][ T6837] netlink: zone id is out of range [ 137.235565][ T6837] netlink: zone id is out of range [ 137.265671][ T6837] netlink: zone id is out of range [ 137.285925][ T6837] netlink: zone id is out of range [ 137.999297][ T6849] netlink: 8 bytes leftover after parsing attributes in process `syz.0.281'. [ 138.008389][ T6849] netlink: 4 bytes leftover after parsing attributes in process `syz.0.281'. [ 138.110456][ T6850] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 138.110456][ T6850] program syz.3.282 not setting count and/or reply_len properly [ 139.219200][ T6868] syzkaller0: entered promiscuous mode [ 139.224860][ T6868] syzkaller0: entered allmulticast mode [ 140.880799][ T6901] net_ratelimit: 8 callbacks suppressed [ 140.880821][ T6901] netlink: zone id is out of range [ 140.920669][ T6901] netlink: zone id is out of range [ 140.925997][ T6901] netlink: zone id is out of range [ 140.953313][ T6901] netlink: zone id is out of range [ 141.063960][ T6906] netlink: del zone limit has 4 unknown bytes [ 141.106584][ T6908] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 141.106584][ T6908] program syz.2.305 not setting count and/or reply_len properly [ 141.679057][ T6901] netlink: set zone limit has 4 unknown bytes [ 141.954594][ T6924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.310'. [ 142.059668][ T6927] netlink: 4 bytes leftover after parsing attributes in process `syz.0.310'. [ 142.346906][ T6927] team0: Port device team_slave_0 removed [ 142.632339][ T5933] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.711824][ T5933] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 142.929005][ T6939] netlink: 8 bytes leftover after parsing attributes in process `syz.0.312'. [ 142.938225][ T6939] netlink: 4 bytes leftover after parsing attributes in process `syz.0.312'. [ 143.743172][ T6942] fuse: Bad value for 'user_id' [ 143.778071][ T6942] fuse: Bad value for 'user_id' [ 144.555567][ T6962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.322'. [ 144.564599][ T6962] netlink: 4 bytes leftover after parsing attributes in process `syz.1.322'. [ 144.663135][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.2.323'. [ 144.862509][ T6972] ieee802154 phy0 wpan0: encryption failed: -22 [ 145.047972][ T6969] syzkaller1: entered promiscuous mode [ 145.055716][ T6969] syzkaller1: entered allmulticast mode [ 145.163313][ T6976] tipc: Enabled bearer , priority 0 [ 145.192936][ T5933] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 145.197966][ T6976] tipc: Resetting bearer [ 145.244513][ T5933] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 145.545539][ T6975] tipc: Disabling bearer [ 145.695206][ T6994] syzkaller0: entered promiscuous mode [ 145.798227][ T6994] syzkaller0: entered allmulticast mode [ 145.834048][ T6990] fuse: Bad value for 'user_id' [ 145.844184][ T6990] fuse: Bad value for 'user_id' [ 145.950509][ T6997] netlink: 4 bytes leftover after parsing attributes in process `syz.4.335'. [ 146.097929][ T7004] netlink: 28 bytes leftover after parsing attributes in process `syz.4.336'. [ 146.107308][ T7004] netlink: 28 bytes leftover after parsing attributes in process `syz.4.336'. [ 146.135299][ T7004] batman_adv: batadv0: Adding interface: dummy0 [ 146.151306][ T7004] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.233068][ T7004] batman_adv: batadv0: Interface activated: dummy0 [ 146.267929][ T7004] batadv0: mtu less than device minimum [ 146.278702][ T7004] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 146.290002][ T7004] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 146.301232][ T7004] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 146.312470][ T7004] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 146.323691][ T7004] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 146.335043][ T7004] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 146.346343][ T7004] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 146.357757][ T7004] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 146.369226][ T7004] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 146.445866][ T7009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.338'. [ 146.518386][ T7009] netlink: 4 bytes leftover after parsing attributes in process `syz.0.338'. [ 146.783268][ T7019] syzkaller1: entered promiscuous mode [ 146.814634][ T7019] syzkaller1: entered allmulticast mode [ 147.082324][ T7028] netlink: 4 bytes leftover after parsing attributes in process `syz.4.347'. [ 147.352134][ T44] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 147.375281][ T44] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 147.641396][ T7032] fuse: Bad value for 'user_id' [ 147.646558][ T7032] fuse: Bad value for 'user_id' [ 147.656246][ T7048] netlink: 24 bytes leftover after parsing attributes in process `syz.2.354'. [ 148.232966][ T7053] team0: Port device team_slave_0 removed [ 148.766657][ T7074] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 148.766657][ T7074] program syz.3.363 not setting count and/or reply_len properly [ 149.834774][ T7082] fuse: Bad value for 'fd' [ 149.912509][ T5905] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 149.969146][ T7099] __nla_validate_parse: 3 callbacks suppressed [ 149.969169][ T7099] netlink: 360 bytes leftover after parsing attributes in process `syz.4.377'. [ 150.016820][ T5905] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 150.359204][ T7100] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 150.378632][ T7100] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 150.384982][ T7100] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 150.428420][ T7100] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 150.474735][ T7100] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 150.591673][ T7107] netlink: 28 bytes leftover after parsing attributes in process `syz.4.378'. [ 150.623954][ T7107] netlink: 28 bytes leftover after parsing attributes in process `syz.4.378'. [ 150.809393][ T7116] netlink: 24 bytes leftover after parsing attributes in process `syz.3.383'. [ 150.859755][ T7117] tipc: Started in network mode [ 150.872497][ T7117] tipc: Node identity 9aa2b555423b, cluster identity 4711 [ 150.891940][ T7117] tipc: Enabled bearer , priority 0 [ 150.997903][ T7124] netlink: 56 bytes leftover after parsing attributes in process `syz.4.385'. [ 151.000596][ T7115] tipc: Disabling bearer [ 151.124372][ T7122] netlink: 4 bytes leftover after parsing attributes in process `syz.3.386'. [ 151.276939][ T7132] netlink: 360 bytes leftover after parsing attributes in process `syz.2.388'. [ 152.045078][ T7135] fuse: Bad value for 'fd' [ 152.144708][ T7157] netlink: 56 bytes leftover after parsing attributes in process `syz.0.399'. [ 152.210934][ T7154] tipc: Started in network mode [ 152.215880][ T7154] tipc: Node identity 320cb779489, cluster identity 4711 [ 152.258291][ T7154] tipc: Enabled bearer , priority 0 [ 152.315189][ T7153] tipc: Disabling bearer [ 152.347671][ T7152] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 152.360808][ T7159] netlink: 4 bytes leftover after parsing attributes in process `syz.3.400'. [ 152.360939][ T7152] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 152.420132][ T7152] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 152.426556][ T7152] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 152.434967][ T7152] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 152.472957][ T7163] netlink: 360 bytes leftover after parsing attributes in process `syz.0.401'. [ 152.903076][ T977] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 152.953289][ T7176] team0: Port device team_slave_0 removed [ 152.982234][ T977] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 154.058860][ T7200] syzkaller0: entered promiscuous mode [ 154.064494][ T7200] syzkaller0: entered allmulticast mode [ 154.281551][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 154.498257][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout [ 154.498537][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 154.504366][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 154.510445][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout [ 156.032907][ T7218] ieee802154 phy0 wpan0: encryption failed: -22 [ 156.478329][ T7226] __nla_validate_parse: 2 callbacks suppressed [ 156.478350][ T7226] netlink: 56 bytes leftover after parsing attributes in process `syz.4.422'. [ 157.451816][ T7221] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 157.478887][ T7221] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 157.529390][ T7221] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 157.538471][ T7221] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 157.564354][ T7221] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 157.886782][ T7235] fuse: Bad value for 'fd' [ 158.362582][ T7248] netlink: 8 bytes leftover after parsing attributes in process `syz.0.429'. [ 158.470990][ T7251] ieee802154 phy0 wpan0: encryption failed: -22 [ 158.615428][ T5896] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 158.705737][ T5896] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 158.818806][ T7256] syzkaller0: entered promiscuous mode [ 158.834595][ T7256] syzkaller0: entered allmulticast mode [ 159.001386][ T7260] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 159.001386][ T7260] program syz.1.433 not setting count and/or reply_len properly [ 159.042888][ T7260] kernel profiling enabled (shift: 6) [ 159.478197][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 159.479527][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 159.568203][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 159.568652][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 159.642749][ T5834] Bluetooth: hci4: command 0x0c1a tx timeout [ 160.009689][ T7266] netlink: 8 bytes leftover after parsing attributes in process `syz.1.434'. [ 160.163268][ T7268] netlink: 56 bytes leftover after parsing attributes in process `syz.0.435'. [ 160.419021][ T7271] syzkaller0: entered promiscuous mode [ 160.424645][ T7271] syzkaller0: entered allmulticast mode [ 160.459305][ T7276] Illegal XDP return value 70 on prog (id 55) dev syz_tun, expect packet loss! [ 160.737137][ T7284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.442'. [ 160.764610][ T7285] ieee802154 phy0 wpan0: encryption failed: -22 [ 160.987933][ T7281] fuse: Bad value for 'fd' [ 162.703868][ T7291] netlink: 8 bytes leftover after parsing attributes in process `syz.1.445'. [ 162.728112][ T7291] netlink: 4 bytes leftover after parsing attributes in process `syz.1.445'. [ 163.151200][ T7311] netlink: 4 bytes leftover after parsing attributes in process `syz.1.450'. [ 163.209856][ T7313] netlink: 8 bytes leftover after parsing attributes in process `syz.3.449'. [ 163.452806][ T44] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 163.538844][ T44] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 164.095226][ T7336] ieee802154 phy0 wpan0: encryption failed: -22 [ 164.866754][ T7346] netlink: 8 bytes leftover after parsing attributes in process `syz.1.458'. [ 165.306475][ T7350] syzkaller0: entered promiscuous mode [ 165.344987][ T7350] syzkaller0: entered allmulticast mode [ 165.371219][ T7353] netlink: 8 bytes leftover after parsing attributes in process `syz.3.460'. [ 165.430872][ T7353] netlink: 4 bytes leftover after parsing attributes in process `syz.3.460'. [ 166.547828][ T7374] ieee802154 phy0 wpan0: encryption failed: -22 [ 166.605319][ T7376] netlink: 44 bytes leftover after parsing attributes in process `syz.2.469'. [ 168.155679][ T977] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 168.230124][ T977] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 168.269110][ T7397] syzkaller0: entered promiscuous mode [ 168.274803][ T7397] syzkaller0: entered allmulticast mode [ 168.721287][ T7407] netlink: 8 bytes leftover after parsing attributes in process `syz.4.480'. [ 168.754285][ T7407] netlink: 4 bytes leftover after parsing attributes in process `syz.4.480'. [ 168.970408][ T7410] syzkaller0: entered promiscuous mode [ 168.976043][ T7410] syzkaller0: entered allmulticast mode [ 169.005936][ T7415] ieee802154 phy0 wpan0: encryption failed: -22 [ 169.137692][ T7420] netlink: 44 bytes leftover after parsing attributes in process `syz.2.484'. [ 170.510949][ T7416] syzkaller1: entered promiscuous mode [ 170.516621][ T7416] syzkaller1: entered allmulticast mode [ 171.020284][ T5933] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 171.054478][ T5933] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 171.490346][ T7463] netlink: 44 bytes leftover after parsing attributes in process `syz.0.498'. [ 171.686940][ T7465] syzkaller0: entered promiscuous mode [ 171.722196][ T7465] syzkaller0: entered allmulticast mode [ 174.672871][ T7489] syzkaller1: entered promiscuous mode [ 174.681247][ T7489] syzkaller1: entered allmulticast mode [ 174.947973][ T7501] syz.2.505 uses obsolete (PF_INET,SOCK_PACKET) [ 175.308917][ T7511] netlink: 44 bytes leftover after parsing attributes in process `syz.3.510'. [ 175.382928][ T5933] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 175.488884][ T5933] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 175.509503][ T7516] warning: `syz.4.511' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 175.612499][ T7527] netlink: 8 bytes leftover after parsing attributes in process `syz.3.515'. [ 175.982064][ T7533] syzkaller0: entered promiscuous mode [ 175.987679][ T7533] syzkaller0: entered allmulticast mode [ 176.362896][ T7543] ieee802154 phy0 wpan0: encryption failed: -22 [ 179.023249][ T7560] netlink: 44 bytes leftover after parsing attributes in process `syz.2.525'. [ 180.521790][ T7563] netlink: 56 bytes leftover after parsing attributes in process `syz.1.526'. [ 180.702994][ T7577] netlink: 8 bytes leftover after parsing attributes in process `syz.4.529'. [ 180.748378][ T7575] netlink: 360 bytes leftover after parsing attributes in process `syz.2.530'. [ 181.504692][ T5905] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 181.609939][ T5905] hid-generic 0000:0000:0000.000B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 182.368535][ T7599] netlink: 72 bytes leftover after parsing attributes in process `syz.4.536'. [ 182.450959][ T7599] netlink: 4 bytes leftover after parsing attributes in process `syz.4.536'. [ 183.149419][ T7599] team0: Port device team_slave_0 removed [ 183.443989][ T7604] syzkaller0: entered promiscuous mode [ 183.449638][ T7604] syzkaller0: entered allmulticast mode [ 183.798953][ T7614] netlink: 360 bytes leftover after parsing attributes in process `syz.3.542'. [ 184.230638][ T7553] net_ratelimit: 15 callbacks suppressed [ 184.230660][ T7553] Set syz1 is full, maxelem 65536 reached [ 184.300651][ T7622] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 184.300651][ T7622] program syz.2.544 not setting count and/or reply_len properly [ 184.707944][ T44] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 184.732753][ T44] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 186.697971][ T7631] tipc: Enabling of bearer rejected, failed to enable media [ 186.888704][ T7657] netlink: 360 bytes leftover after parsing attributes in process `syz.0.553'. [ 187.266902][ T3201] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 187.334343][ T3201] hid-generic 0000:0000:0000.000D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 187.553671][ T7684] mmap: syz.3.561 (7684) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 188.976975][ T7696] syzkaller0: entered promiscuous mode [ 188.982629][ T7696] syzkaller0: entered allmulticast mode [ 189.306531][ T7709] netlink: 360 bytes leftover after parsing attributes in process `syz.1.569'. [ 189.452310][ T7718] netlink: 72 bytes leftover after parsing attributes in process `syz.0.570'. [ 189.506504][ T7720] netlink: 4 bytes leftover after parsing attributes in process `syz.0.570'. [ 190.903595][ T7707] tipc: Enabling of bearer rejected, failed to enable media [ 191.430837][ T977] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 191.457536][ T977] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 191.951690][ T7765] netlink: 360 bytes leftover after parsing attributes in process `syz.2.582'. [ 192.588247][ T7773] netlink: 72 bytes leftover after parsing attributes in process `syz.1.585'. [ 192.610806][ T7773] netlink: 4 bytes leftover after parsing attributes in process `syz.1.585'. [ 193.250007][ T7779] tipc: Enabling of bearer rejected, failed to enable media [ 193.262370][ T7779] syzkaller0: entered promiscuous mode [ 193.270384][ T7779] syzkaller0: entered allmulticast mode [ 194.150397][ T7794] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 194.178913][ T7803] netlink: 28 bytes leftover after parsing attributes in process `syz.1.597'. [ 194.220345][ T7800] netlink: 14 bytes leftover after parsing attributes in process `syz.3.593'. [ 194.248174][ T7803] netlink: 28 bytes leftover after parsing attributes in process `syz.1.597'. [ 194.365024][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.374116][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.490718][ T7800] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 194.545078][ T7800] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 194.565562][ T7800] bond0 (unregistering): Released all slaves [ 194.724447][ T7815] syzkaller1: entered promiscuous mode [ 194.730205][ T7815] syzkaller1: entered allmulticast mode [ 194.911586][ T7825] netlink: 72 bytes leftover after parsing attributes in process `syz.4.601'. [ 194.999994][ T7826] netlink: 4 bytes leftover after parsing attributes in process `syz.4.601'. [ 195.704965][ T7845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.608'. [ 196.139890][ T5905] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 196.326632][ T5905] hid-generic 0000:0000:0000.000F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 196.646609][ T7858] netlink: 28 bytes leftover after parsing attributes in process `syz.0.612'. [ 196.720117][ T7858] batman_adv: batadv0: Adding interface: dummy0 [ 196.755266][ T7858] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.832384][ T7858] batman_adv: batadv0: Interface activated: dummy0 [ 196.864808][ T7863] batadv0: mtu less than device minimum [ 196.893433][ T7863] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 196.904825][ T7863] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 196.916128][ T7863] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 196.927437][ T7863] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 196.938822][ T7863] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 196.950359][ T7863] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 196.961631][ T7863] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 196.972977][ T7863] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 196.984269][ T7863] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 197.139005][ T7866] syzkaller1: entered promiscuous mode [ 197.144560][ T7866] syzkaller1: entered allmulticast mode [ 198.021869][ T7888] __nla_validate_parse: 1 callbacks suppressed [ 198.021891][ T7888] netlink: 360 bytes leftover after parsing attributes in process `syz.3.619'. [ 198.089494][ T7890] tipc: Enabling of bearer rejected, failed to enable media [ 198.119029][ T7890] syzkaller0: entered promiscuous mode [ 198.138623][ T7890] syzkaller0: entered allmulticast mode [ 198.504313][ T7896] syzkaller0: entered promiscuous mode [ 198.510016][ T7896] syzkaller0: entered allmulticast mode [ 199.391051][ T7917] tipc: Enabling of bearer rejected, failed to enable media [ 199.401154][ T7917] syzkaller0: entered promiscuous mode [ 199.413172][ T7917] syzkaller0: entered allmulticast mode [ 201.490068][ T3201] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 201.544733][ T3201] hid-generic 0000:0000:0000.0010: hidraw0: HID v0.00 Device [syz1] on syz0 [ 201.586024][ T7963] netlink: 360 bytes leftover after parsing attributes in process `syz.2.636'. [ 202.530382][ T7983] ..@ÿ: renamed from bond_slave_0 (while UP) [ 202.635654][ T7986] netlink: 24 bytes leftover after parsing attributes in process `syz.1.642'. [ 203.339870][ T8000] netlink: 28 bytes leftover after parsing attributes in process `syz.2.647'. [ 203.348917][ T8000] netlink: 28 bytes leftover after parsing attributes in process `syz.2.647'. [ 203.368547][ T8000] batman_adv: batadv0: Adding interface: dummy0 [ 203.374921][ T8000] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.462366][ T8000] batman_adv: batadv0: Interface activated: dummy0 [ 203.477280][ T8002] net_ratelimit: 10 callbacks suppressed [ 203.477297][ T8002] batadv0: mtu less than device minimum [ 203.494308][ T8002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 203.505630][ T8002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 203.516926][ T8002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 203.528335][ T8002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 203.539714][ T8002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 203.551108][ T8002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 203.562490][ T8002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 203.573728][ T8002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 203.585017][ T8002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 206.640193][ T3201] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 206.748098][ T3201] hid-generic 0000:0000:0000.0011: hidraw0: HID v0.00 Device [syz1] on syz0 [ 208.850723][ T8078] fuse: Bad value for 'fd' [ 209.368270][ T8090] batadv_slave_1: entered promiscuous mode [ 209.394169][ T8089] batadv_slave_1: left promiscuous mode [ 210.211965][ T8114] net_ratelimit: 21 callbacks suppressed [ 210.211987][ T8114] netlink: zone id is out of range [ 210.241416][ T8114] netlink: zone id is out of range [ 210.277935][ T8114] netlink: zone id is out of range [ 210.308271][ T8116] netlink: del zone limit has 4 unknown bytes [ 210.447188][ T8114] netlink: set zone limit has 4 unknown bytes [ 210.479774][ T44] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 210.538471][ T44] hid-generic 0000:0000:0000.0012: hidraw0: HID v0.00 Device [syz1] on syz0 [ 211.023488][ T8133] netlink: 4 bytes leftover after parsing attributes in process `syz.4.686'. [ 211.755038][ T8135] fuse: Unknown parameter '0x0000000000000006' [ 212.046068][ T8142] ieee802154 phy0 wpan0: encryption failed: -22 [ 212.886184][ T8155] netlink: zone id is out of range [ 212.892472][ T8155] netlink: zone id is out of range [ 212.900377][ T8155] netlink: zone id is out of range [ 213.044794][ T8159] netlink: del zone limit has 4 unknown bytes [ 213.056808][ T8162] Bluetooth: MGMT ver 1.23 [ 213.096509][ T8155] netlink: set zone limit has 4 unknown bytes [ 213.241299][ T8162] tipc: Enabled bearer , priority 10 [ 213.668989][ T8177] ieee802154 phy0 wpan0: encryption failed: -22 [ 214.380948][ T977] tipc: Node number set to 3102782555 [ 214.646263][ T8196] netlink: 4 bytes leftover after parsing attributes in process `syz.2.705'. [ 214.743003][ T8173] fuse: Unknown parameter '0x0000000000000006' [ 215.278265][ T8212] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 215.278265][ T8212] program syz.1.706 not setting count and/or reply_len properly [ 215.746207][ T8218] syzkaller0: entered promiscuous mode [ 215.796618][ T8218] syzkaller0: entered allmulticast mode [ 216.437195][ T8226] netlink: 228 bytes leftover after parsing attributes in process `syz.4.713'. [ 216.600577][ T8230] ieee802154 phy0 wpan0: encryption failed: -22 [ 217.887101][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806b095400: rx timeout, send abort [ 217.896613][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88806b095400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 217.967844][ T8237] netlink: 24 bytes leftover after parsing attributes in process `syz.1.717'. [ 218.251493][ T8243] syzkaller0: entered promiscuous mode [ 218.269051][ T8243] syzkaller0: entered allmulticast mode [ 218.413752][ T8252] fuse: Unknown parameter '0x0000000000000006' [ 218.718421][ T8260] netlink: 28 bytes leftover after parsing attributes in process `syz.2.723'. [ 219.759342][ T8273] netlink: 24 bytes leftover after parsing attributes in process `syz.4.729'. [ 219.927532][ T8277] ieee802154 phy0 wpan0: encryption failed: -22 [ 220.199442][ T8283] netlink: 28 bytes leftover after parsing attributes in process `syz.1.734'. [ 220.208461][ T8283] netlink: 28 bytes leftover after parsing attributes in process `syz.1.734'. [ 220.612146][ T8285] fuse: Unknown parameter '0x0000000000000006' [ 220.617658][ T8291] netlink: 104 bytes leftover after parsing attributes in process `syz.2.738'. [ 220.946690][ T8309] syzkaller1: entered promiscuous mode [ 220.952960][ C1] vcan0: j1939_tp_rxtimer: 0xffff888057a23000: rx timeout, send abort [ 220.961469][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888057a23000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 220.986240][ T8309] syzkaller1: entered allmulticast mode [ 221.362587][ T8320] ieee802154 phy0 wpan0: encryption failed: -22 [ 221.387508][ T8317] netlink: 24 bytes leftover after parsing attributes in process `syz.3.744'. [ 221.598311][ T8322] netlink: 28 bytes leftover after parsing attributes in process `syz.4.747'. [ 221.690937][ T8322] netlink: 28 bytes leftover after parsing attributes in process `syz.4.747'. [ 221.768407][ T8325] netlink: 4 bytes leftover after parsing attributes in process `syz.3.749'. [ 221.932530][ T8334] netlink: 28 bytes leftover after parsing attributes in process `syz.2.748'. [ 222.267072][ T8338] syzkaller0: entered promiscuous mode [ 222.328537][ T8338] syzkaller0: entered allmulticast mode [ 222.980983][ T8356] ieee802154 phy0 wpan0: encryption failed: -22 [ 223.165189][ T8343] fuse: Unknown parameter '0x0000000000000006' [ 223.340695][ T8360] syzkaller1: entered promiscuous mode [ 223.353670][ T8360] syzkaller1: entered allmulticast mode [ 223.643994][ T8369] netlink: 24 bytes leftover after parsing attributes in process `syz.4.759'. [ 223.936726][ T8377] batadv_slave_1: entered promiscuous mode [ 223.982410][ T8380] batadv_slave_1: left promiscuous mode [ 224.014413][ T8375] netlink: 4 bytes leftover after parsing attributes in process `syz.3.762'. [ 224.194215][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806b12b000: rx timeout, send abort [ 224.202865][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88806b12b000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 224.357079][ T8387] syzkaller0: entered promiscuous mode [ 224.380134][ T8387] syzkaller0: entered allmulticast mode [ 225.343322][ T8397] fuse: Unknown parameter '0x0000000000000006' [ 225.875741][ T8425] batadv_slave_1: entered promiscuous mode [ 225.918545][ T8425] batadv_slave_1: left promiscuous mode [ 226.464477][ T8451] netlink: 4 bytes leftover after parsing attributes in process `syz.0.782'. [ 227.294699][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806b140800: rx timeout, send abort [ 227.303309][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88806b140800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 228.571429][ T8483] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 229.196615][ T8492] syzkaller1: entered promiscuous mode [ 229.221194][ T8492] syzkaller1: entered allmulticast mode [ 229.804287][ T8524] syzkaller0: entered promiscuous mode [ 229.818473][ T8524] syzkaller0: entered allmulticast mode [ 230.100551][ T8531] netlink: 8 bytes leftover after parsing attributes in process `syz.3.807'. [ 230.504518][ C1] vcan0: j1939_tp_rxtimer: 0xffff888028e45000: rx timeout, send abort [ 230.514140][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888028e45000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 232.604979][ T8574] netlink: 28 bytes leftover after parsing attributes in process `syz.2.818'. [ 232.628877][ T8574] netlink: 28 bytes leftover after parsing attributes in process `syz.2.818'. [ 232.968250][ T5933] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 233.128220][ T5933] usb 1-1: device descriptor read/64, error -71 [ 233.431643][ T5933] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 233.621457][ T5933] usb 1-1: device descriptor read/64, error -71 [ 233.742591][ T5933] usb usb1-port1: attempt power cycle [ 234.088100][ T5933] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 234.119243][ T5933] usb 1-1: device descriptor read/8, error -71 [ 234.136538][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806b239c00: rx timeout, send abort [ 234.145161][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88806b239c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 234.378122][ T5933] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 234.442478][ T5933] usb 1-1: device descriptor read/8, error -71 [ 234.618500][ T5933] usb usb1-port1: unable to enumerate USB device [ 236.328686][ T8632] tipc: Enabled bearer , priority 0 [ 236.377508][ T8632] tipc: Resetting bearer [ 236.676557][ T8645] netlink: zone id is out of range [ 236.695407][ T8645] netlink: zone id is out of range [ 236.716903][ T8645] netlink: zone id is out of range [ 236.743129][ T8645] netlink: zone id is out of range [ 236.757044][ T8646] netlink: del zone limit has 4 unknown bytes [ 236.766672][ T8630] tipc: Disabling bearer [ 236.866761][ T8645] netlink: set zone limit has 4 unknown bytes [ 237.338949][ T977] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 237.541384][ T8673] netlink: 4 bytes leftover after parsing attributes in process `syz.4.843'. [ 237.579108][ T977] usb 2-1: device descriptor read/64, error -71 [ 237.747014][ T8668] syzkaller0: entered promiscuous mode [ 237.753030][ T8668] syzkaller0: entered allmulticast mode [ 237.828554][ T977] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 237.998121][ T977] usb 2-1: device descriptor read/64, error -71 [ 238.054892][ T8686] netlink: 12 bytes leftover after parsing attributes in process `syz.2.846'. [ 238.113710][ T977] usb usb2-port1: attempt power cycle [ 238.468151][ T977] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 238.532248][ T977] usb 2-1: device descriptor read/8, error -71 [ 238.799310][ T977] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 238.845496][ T977] usb 2-1: device descriptor read/8, error -71 [ 238.989574][ T977] usb usb2-port1: unable to enumerate USB device [ 240.205621][ T8696] netlink: 28 bytes leftover after parsing attributes in process `syz.2.847'. [ 240.216868][ T8696] netlink: 28 bytes leftover after parsing attributes in process `syz.2.847'. [ 240.536267][ T8717] tipc: Enabled bearer , priority 0 [ 240.574673][ T8717] tipc: Resetting bearer [ 241.050453][ T8716] tipc: Disabling bearer [ 241.167204][ C1] vcan0: j1939_tp_rxtimer: 0xffff888055f05400: rx timeout, send abort [ 241.176694][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888055f05400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 241.569062][ T8747] netlink: 12 bytes leftover after parsing attributes in process `syz.2.857'. [ 242.240026][ T8733] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 242.756934][ T8771] netlink: 28 bytes leftover after parsing attributes in process `syz.0.860'. [ 242.756967][ T8771] netlink: 28 bytes leftover after parsing attributes in process `syz.0.860'. [ 242.829835][ T5905] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 242.958276][ T5905] usb 3-1: device descriptor read/64, error -71 [ 243.225364][ T5905] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 243.658572][ T5905] usb 3-1: device descriptor read/64, error -71 [ 243.769163][ T5905] usb usb3-port1: attempt power cycle [ 244.119651][ T8790] syzkaller0: entered promiscuous mode [ 244.151024][ T5905] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 244.158784][ T8790] syzkaller0: entered allmulticast mode [ 244.228683][ T5905] usb 3-1: device descriptor read/8, error -71 [ 244.525606][ T5905] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 244.584474][ T5905] usb 3-1: device descriptor read/8, error -71 [ 244.708522][ T5905] usb usb3-port1: unable to enumerate USB device [ 245.423939][ T8813] netlink: 12 bytes leftover after parsing attributes in process `syz.2.868'. [ 245.613297][ T8817] tipc: Enabled bearer , priority 0 [ 245.668750][ T8817] syzkaller0: entered promiscuous mode [ 245.683872][ T8817] syzkaller0: entered allmulticast mode [ 245.745413][ T8815] tipc: Resetting bearer [ 245.830337][ C1] vcan0: j1939_tp_rxtimer: 0xffff888030d78000: rx timeout, send abort [ 245.838861][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888030d78000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 245.936908][ T8815] tipc: Disabling bearer [ 246.210363][ T8834] netlink: 28 bytes leftover after parsing attributes in process `syz.1.871'. [ 246.268374][ T8834] netlink: 28 bytes leftover after parsing attributes in process `syz.1.871'. [ 246.377698][ T8839] netlink: zone id is out of range [ 246.397521][ T8839] netlink: zone id is out of range [ 246.430757][ T8844] netlink: del zone limit has 4 unknown bytes [ 246.438103][ T8839] netlink: zone id is out of range [ 246.445231][ T8839] netlink: zone id is out of range [ 246.460279][ T8843] netlink: 4 bytes leftover after parsing attributes in process `syz.0.874'. [ 246.600931][ T30] audit: type=1326 audit(1755655067.679:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8848 comm="syz.2.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 246.632779][ T8847] syzkaller0: entered promiscuous mode [ 246.638548][ T8847] syzkaller0: entered allmulticast mode [ 246.692224][ T30] audit: type=1326 audit(1755655067.689:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8848 comm="syz.2.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 246.739835][ T8839] netlink: set zone limit has 4 unknown bytes [ 246.818964][ T30] audit: type=1326 audit(1755655067.699:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8848 comm="syz.2.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 246.942757][ T30] audit: type=1326 audit(1755655067.699:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8848 comm="syz.2.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 246.996580][ T30] audit: type=1326 audit(1755655067.699:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8848 comm="syz.2.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 247.056277][ T30] audit: type=1326 audit(1755655067.709:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8848 comm="syz.2.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 247.096145][ T30] audit: type=1326 audit(1755655067.709:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8848 comm="syz.2.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 247.123200][ T30] audit: type=1326 audit(1755655067.709:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8848 comm="syz.2.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 247.155978][ T30] audit: type=1326 audit(1755655067.709:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8848 comm="syz.2.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 247.417514][ T30] audit: type=1326 audit(1755655067.709:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8848 comm="syz.2.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 248.984127][ T8893] tipc: Resetting bearer [ 249.077206][ C1] vcan0: j1939_tp_rxtimer: 0xffff888033e5e400: rx timeout, send abort [ 249.085892][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888033e5e400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 249.304310][ T8893] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.312291][ T8893] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.323709][ T8897] netlink: 32 bytes leftover after parsing attributes in process `syz.3.887'. [ 249.474305][ T8893] batman_adv: batadv0: Interface deactivated: dummy0 [ 249.636930][ T8893] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 249.667640][ T8893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 249.845509][ T8908] netlink: zone id is out of range [ 249.851071][ T8908] netlink: zone id is out of range [ 249.856646][ T8908] netlink: zone id is out of range [ 249.867132][ T8908] netlink: zone id is out of range [ 249.920859][ T8893] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.939485][ T8893] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.950173][ T8893] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.961054][ T8893] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.145750][ T8918] sch_tbf: burst 19869 is lower than device lo mtu (65550) ! [ 251.344746][ T8925] netlink: 4 bytes leftover after parsing attributes in process `syz.2.894'. [ 251.429590][ T8928] ieee802154 phy0 wpan0: encryption failed: -22 [ 251.533800][ T8930] tipc: Enabled bearer , priority 10 [ 252.407659][ T3201] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 252.994991][ T5905] tipc: Node number set to 2373507136 [ 253.223516][ T3201] usb 1-1: Using ep0 maxpacket: 32 [ 253.242943][ T3201] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 253.258393][ T3201] usb 1-1: config 0 has no interface number 0 [ 253.300832][ T3201] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 253.328166][ T3201] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.341996][ T3201] usb 1-1: Product: syz [ 253.359592][ T3201] usb 1-1: Manufacturer: syz [ 253.373966][ T3201] usb 1-1: SerialNumber: syz [ 253.403854][ T3201] usb 1-1: config 0 descriptor?? [ 253.452431][ T3201] smsc95xx v2.0.0 [ 253.468697][ T3201] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 253.515917][ T3201] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -22 [ 255.103015][ T3201] usb 1-1: USB disconnect, device number 8 [ 255.411529][ T8980] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.459720][ T8985] tipc: Enabling of bearer rejected, already enabled [ 255.804600][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.811406][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.467816][ T9027] ieee802154 phy0 wpan0: encryption failed: -22 [ 259.639989][ T9039] netlink: 4 bytes leftover after parsing attributes in process `syz.1.931'. [ 260.545484][ T9042] delete_channel: no stack [ 262.612429][ T9114] ieee802154 phy0 wpan0: encryption failed: -22 [ 263.086112][ T9116] syzkaller0: entered promiscuous mode [ 263.120178][ T9116] syzkaller0: entered allmulticast mode [ 265.227733][ T9142] netlink: 4 bytes leftover after parsing attributes in process `syz.0.944'. [ 265.316241][ T9150] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.473751][ T9167] netlink: 32 bytes leftover after parsing attributes in process `syz.4.954'. [ 266.858775][ T9174] tipc: Enabled bearer , priority 0 [ 266.907932][ T9174] syzkaller0: entered promiscuous mode [ 266.914007][ T5896] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 266.928196][ T9174] syzkaller0: entered allmulticast mode [ 266.964890][ T9174] tipc: Resetting bearer [ 266.982171][ T9172] tipc: Resetting bearer [ 267.044768][ T9172] tipc: Disabling bearer [ 267.088392][ T5896] usb 4-1: Using ep0 maxpacket: 16 [ 267.097326][ T5896] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 267.111120][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 267.139612][ T5896] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 267.175243][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.242944][ T9179] netlink: 4 bytes leftover after parsing attributes in process `syz.1.959'. [ 267.252822][ T5896] usb 4-1: Product: syz [ 267.282352][ T9180] kvm: pic: non byte write [ 267.290587][ T5896] usb 4-1: Manufacturer: syz [ 267.295811][ T5896] usb 4-1: SerialNumber: syz [ 267.315016][ T5896] usb 4-1: config 0 descriptor?? [ 267.332376][ T9186] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 267.381721][ T5896] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 267.448043][ T5896] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 267.998219][ T5896] em28xx 4-1:0.0: chip ID is em28178 [ 268.218756][ T5896] usb 4-1: USB disconnect, device number 3 [ 268.252007][ T5896] em28xx 4-1:0.0: Disconnecting em28xx [ 268.307135][ T5896] em28xx 4-1:0.0: Freeing device [ 268.393085][ T9210] netlink: 'syz.4.964': attribute type 5 has an invalid length. [ 268.436278][ T9211] netlink: 32 bytes leftover after parsing attributes in process `syz.1.967'. [ 269.138494][ T5905] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 269.408730][ T9223] tipc: Enabled bearer , priority 0 [ 269.417459][ T9223] syzkaller0: entered promiscuous mode [ 269.423334][ T9223] syzkaller0: entered allmulticast mode [ 269.494026][ T9223] tipc: Resetting bearer [ 269.555210][ T5905] usb 2-1: Using ep0 maxpacket: 16 [ 269.555411][ T9222] tipc: Resetting bearer [ 269.577690][ T5905] usb 2-1: config 0 has an invalid interface number: 74 but max is 0 [ 269.596399][ T5905] usb 2-1: config 0 has no interface number 0 [ 269.615462][ T5905] usb 2-1: config 0 interface 74 has no altsetting 0 [ 269.635665][ T5905] usb 2-1: New USB device found, idVendor=0565, idProduct=0001, bcdDevice=66.36 [ 269.665312][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.674597][ T9222] tipc: Disabling bearer [ 269.688050][ T5905] usb 2-1: Product: syz [ 269.692266][ T5905] usb 2-1: Manufacturer: syz [ 269.728073][ T5905] usb 2-1: SerialNumber: syz [ 269.755455][ T5905] usb 2-1: config 0 descriptor?? [ 269.998958][ T5905] belkin_sa 2-1:0.74: Belkin / Peracom / GoHubs USB Serial Adapter converter detected [ 270.341048][ T5905] usb 2-1: bcdDevice: 6636, bfc: 0 [ 270.385525][ T5905] usb 2-1: Belkin / Peracom / GoHubs USB Serial Adapter converter now attached to ttyUSB0 [ 270.503274][ T9235] tipc: Resetting bearer [ 270.600766][ T5905] usb 2-1: USB disconnect, device number 6 [ 270.717703][ T5905] belkin ttyUSB0: Belkin / Peracom / GoHubs USB Serial Adapter converter now disconnected from ttyUSB0 [ 270.741091][ T5905] belkin_sa 2-1:0.74: device disconnected [ 271.001428][ T9240] netlink: 4 bytes leftover after parsing attributes in process `syz.4.976'. [ 271.065993][ T9235] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.074814][ T9235] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.321537][ T9235] batman_adv: batadv0: Interface deactivated: dummy0 [ 271.969109][ T9235] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 272.789161][ T9235] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 273.141774][ T9235] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.171152][ T9235] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.191238][ T9268] netlink: 'syz.2.984': attribute type 10 has an invalid length. [ 273.208090][ T9235] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.237464][ T9235] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.868788][ T9268] batman_adv: batadv0: Interface deactivated: dummy0 [ 273.972935][ T9268] batman_adv: batadv0: Removing interface: dummy0 [ 274.144195][ T9268] team0: Port device dummy0 added [ 274.423814][ T9286] syz.0.986: attempt to access beyond end of device [ 274.423814][ T9286] nbd0: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 274.458700][ T9286] hfsplus: unable to find HFS+ superblock [ 275.512292][ T9297] netlink: 5 bytes leftover after parsing attributes in process `syz.3.992'. [ 275.522311][ T9297] 0ªX¹¦D: renamed from macvtap0 (while UP) [ 275.580656][ T9297] 0ªX¹¦D: entered allmulticast mode [ 275.585972][ T9297] veth0_macvtap: entered allmulticast mode [ 275.592497][ T9297] net_ratelimit: 2 callbacks suppressed [ 275.592514][ T9297] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 275.627944][ T9297] hub 1-0:1.0: USB hub found [ 275.638335][ T9297] hub 1-0:1.0: 1 port detected [ 276.937770][ T9308] netlink: 4 bytes leftover after parsing attributes in process `syz.0.996'. [ 277.231699][ T9315] syzkaller0: entered promiscuous mode [ 277.248660][ T9315] syzkaller0: entered allmulticast mode [ 280.827645][ T9332] tipc: Enabled bearer , priority 10 [ 281.891494][ T5904] tipc: Node number set to 4227754617 [ 282.818990][ T9363] tipc: Enabling of bearer rejected, failed to enable media [ 282.928362][ T9371] netdevsim netdevsim0 : renamed from netdevsim0 [ 283.823104][ T9383] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1020'. [ 286.765584][ T9415] tipc: Enabling of bearer rejected, failed to enable media [ 287.037034][ T9415] syzkaller0: entered promiscuous mode [ 287.049399][ T9415] syzkaller0: entered allmulticast mode [ 292.200362][ T9433] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 296.215699][ T9506] loop6: detected capacity change from 0 to 63 [ 296.229985][ T9506] Buffer I/O error on dev loop6, logical block 0, async page read [ 296.238284][ T9506] Buffer I/O error on dev loop6, logical block 1, async page read [ 296.246400][ T9506] Buffer I/O error on dev loop6, logical block 2, async page read [ 296.254525][ T9506] Buffer I/O error on dev loop6, logical block 3, async page read [ 296.262887][ T9506] Buffer I/O error on dev loop6, logical block 0, async page read [ 296.270998][ T9506] Buffer I/O error on dev loop6, logical block 1, async page read [ 296.279995][ T9506] Buffer I/O error on dev loop6, logical block 2, async page read [ 296.418777][ T9506] Buffer I/O error on dev loop6, logical block 3, async page read [ 296.430048][ T9506] Buffer I/O error on dev loop6, logical block 0, async page read [ 296.453023][ T9506] Buffer I/O error on dev loop6, logical block 1, async page read [ 299.368786][ T9545] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1063'. [ 299.412962][ T9548] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1064'. [ 299.428770][ T9547] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1062'. [ 299.498693][ T9547] vlan2: entered promiscuous mode [ 299.504008][ T9547] bridge0: entered promiscuous mode [ 301.497167][ T9579] syzkaller0: entered promiscuous mode [ 301.502734][ T9579] syzkaller0: entered allmulticast mode [ 301.732938][ T9588] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1076'. [ 301.758916][ T9592] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1078'. [ 301.793100][ T9588] 0ªX¹¦D: renamed from macvtap0 (while UP) [ 301.846868][ T9588] 0ªX¹¦D: entered allmulticast mode [ 301.955760][ T9588] veth0_macvtap: entered allmulticast mode [ 302.125357][ T9588] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 302.335925][ T9588] hub 1-0:1.0: USB hub found [ 302.430069][ T9588] hub 1-0:1.0: 1 port detected [ 307.457523][ T9652] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1095'. [ 307.619683][ T9656] netlink: zone id is out of range [ 307.823951][ T9656] netlink: set zone limit has 4 unknown bytes [ 307.990531][ T9665] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1098'. [ 308.304300][ T9659] netlink: del zone limit has 4 unknown bytes [ 310.805349][ T9695] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1109'. [ 311.111851][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 311.111871][ T30] audit: type=1326 audit(1755655130.050:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9698 comm="syz.1.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f8ebe9 code=0x7ffc0000 [ 311.142593][ T9702] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1111'. [ 311.175692][ T9707] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1112'. [ 311.212697][ T9702] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1111'. [ 311.222038][ T30] audit: type=1326 audit(1755655130.050:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9698 comm="syz.1.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f63d2f8ebe9 code=0x7ffc0000 [ 311.266506][ T30] audit: type=1326 audit(1755655130.060:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9698 comm="syz.1.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f63d2f8ec23 code=0x7ffc0000 [ 311.304756][ T30] audit: type=1326 audit(1755655130.060:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9698 comm="syz.1.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f63d2f8ec23 code=0x7ffc0000 [ 311.356633][ T9709] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1111'. [ 311.600372][ T30] audit: type=1326 audit(1755655130.060:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9698 comm="syz.1.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f8ebe9 code=0x7ffc0000 [ 311.624437][ T30] audit: type=1326 audit(1755655130.060:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9698 comm="syz.1.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f63d2f8ebe9 code=0x7ffc0000 [ 311.647727][ T30] audit: type=1326 audit(1755655130.060:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9698 comm="syz.1.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f8ebe9 code=0x7ffc0000 [ 311.964729][ T30] audit: type=1326 audit(1755655130.060:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9698 comm="syz.1.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d2f8ebe9 code=0x7ffc0000 [ 312.077438][ T30] audit: type=1326 audit(1755655130.060:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9698 comm="syz.1.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f63d2f8ebe9 code=0x7ffc0000 [ 312.407878][ T9713] infiniband syz1: set down [ 312.412639][ T9713] infiniband syz1: added ipvlan0 [ 312.495471][ T9719] syzkaller0: entered promiscuous mode [ 312.555440][ T9719] syzkaller0: entered allmulticast mode [ 312.568902][ T9713] RDS/IB: syz1: added [ 312.612372][ T9713] smc: adding ib device syz1 with port count 1 [ 312.642980][ T9713] smc: ib device syz1 port 1 has pnetid [ 312.830230][ T9726] netlink: 'syz.2.1119': attribute type 10 has an invalid length. [ 317.063904][ T5834] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 318.572270][ T9788] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1139'. [ 318.829463][ T9792] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.808935][ T9811] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1148'. [ 319.861489][ T9811] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1148'. [ 319.946242][ T9812] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1148'. [ 319.975579][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.982158][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.325648][ T9816] nftables ruleset with unbound chain [ 320.705532][ T9821] ieee802154 phy0 wpan0: encryption failed: -22 [ 320.863315][ T9826] netlink: zone id is out of range [ 320.888177][ T9826] netlink: zone id is out of range [ 320.957077][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1158'. [ 321.057983][ T9826] netlink: set zone limit has 4 unknown bytes [ 321.247794][ T9829] netlink: del zone limit has 4 unknown bytes [ 322.890384][ T9863] ieee802154 phy0 wpan0: encryption failed: -22 [ 323.356925][ T9870] netlink: zone id is out of range [ 323.429744][ T9872] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1170'. [ 323.453488][ T9870] netlink: zone id is out of range [ 323.644895][ T9871] netlink: del zone limit has 4 unknown bytes [ 323.827093][ T9870] netlink: set zone limit has 4 unknown bytes [ 325.022680][ T9900] ieee802154 phy0 wpan0: encryption failed: -22 [ 325.862467][ T9907] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1186'. [ 327.274110][ T30] audit: type=1326 audit(1755655145.166:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9936 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9aad8ebe9 code=0x7ffc0000 [ 327.335920][ T30] audit: type=1326 audit(1755655145.166:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9936 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9aad8ebe9 code=0x7ffc0000 [ 327.428710][ T30] audit: type=1326 audit(1755655145.166:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9936 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9aad8ebe9 code=0x7ffc0000 [ 327.477667][ T30] audit: type=1326 audit(1755655145.166:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9936 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9aad8ebe9 code=0x7ffc0000 [ 327.542495][ T30] audit: type=1326 audit(1755655145.166:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9936 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fd9aad8ebe9 code=0x7ffc0000 [ 327.604743][ T30] audit: type=1326 audit(1755655145.204:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9938 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd9aadc14a5 code=0x7ffc0000 [ 327.709977][ T30] audit: type=1326 audit(1755655145.204:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9936 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9aad8ebe9 code=0x7ffc0000 [ 327.760073][ T30] audit: type=1326 audit(1755655145.204:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9936 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9aad8ebe9 code=0x7ffc0000 [ 327.847245][ T30] audit: type=1326 audit(1755655145.269:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9936 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9aad8ebe9 code=0x7ffc0000 [ 327.939765][ T30] audit: type=1326 audit(1755655145.279:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9936 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fd9aad8ebe9 code=0x7ffc0000 [ 330.038337][ T9988] sctp: [Deprecated]: syz.0.1219 (pid 9988) Use of int in max_burst socket option deprecated. [ 330.038337][ T9988] Use struct sctp_assoc_value instead [ 330.843765][ T9818] Set syz1 is full, maxelem 65536 reached [ 335.054471][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 335.054493][ T30] audit: type=1326 audit(1755655152.444:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10066 comm="syz.2.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 335.149641][ T30] audit: type=1326 audit(1755655152.444:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10066 comm="syz.2.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 335.211691][T10069] netlink: 'syz.3.1246': attribute type 29 has an invalid length. [ 335.247193][ T30] audit: type=1326 audit(1755655152.444:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10066 comm="syz.2.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 335.268299][T10069] netlink: 'syz.3.1246': attribute type 29 has an invalid length. [ 335.291147][ T30] audit: type=1326 audit(1755655152.444:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10066 comm="syz.2.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 335.315036][ T30] audit: type=1326 audit(1755655152.444:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10066 comm="syz.2.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f665d18ebe9 code=0x7ffc0000 [ 335.856584][T10080] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1247'. [ 335.866185][T10080] 1ªX¹¦D: renamed from 30ªX¹¦D (while UP) [ 335.903869][T10080] A link change request failed with some changes committed already. Interface 31ªX¹¦D may have been left with an inconsistent configuration, please check. [ 336.038470][T10080] hub 1-0:1.0: USB hub found [ 336.049043][T10080] hub 1-0:1.0: 1 port detected [ 336.458569][T10092] netdevsim netdevsim4 : renamed from netdevsim0 [ 338.591632][T10116] tipc: Enabling of bearer rejected, already enabled [ 338.732738][T10121] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1265'. [ 338.860602][T10128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 338.911829][T10129] loop6: detected capacity change from 0 to 63 [ 338.922442][T10129] buffer_io_error: 2466 callbacks suppressed [ 338.922462][T10129] Buffer I/O error on dev loop6, logical block 0, async page read [ 338.936879][T10129] Buffer I/O error on dev loop6, logical block 1, async page read [ 338.946315][T10129] Buffer I/O error on dev loop6, logical block 2, async page read [ 338.954575][T10129] Buffer I/O error on dev loop6, logical block 3, async page read [ 338.962699][T10129] Buffer I/O error on dev loop6, logical block 0, async page read [ 338.971905][T10129] Buffer I/O error on dev loop6, logical block 1, async page read [ 338.980092][T10129] Buffer I/O error on dev loop6, logical block 2, async page read [ 338.988148][T10129] Buffer I/O error on dev loop6, logical block 3, async page read [ 338.996374][T10129] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.004509][T10129] Buffer I/O error on dev loop6, logical block 1, async page read [ 339.483167][T10130] tipc: Enabled bearer , priority 0 [ 339.699180][T10130] syzkaller0: entered promiscuous mode [ 339.729610][T10130] syzkaller0: entered allmulticast mode [ 339.909416][T10135] tipc: Resetting bearer [ 340.024007][T10127] tipc: Resetting bearer [ 340.177723][T10127] tipc: Disabling bearer [ 342.219059][T10145] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1271'. [ 342.818281][T10160] netlink: zone id is out of range [ 342.825641][T10160] netlink: zone id is out of range [ 342.843290][T10160] netlink: zone id is out of range [ 343.073450][T10161] netlink: del zone limit has 4 unknown bytes [ 343.081226][T10160] netlink: set zone limit has 4 unknown bytes [ 343.119334][T10164] tipc: Enabling of bearer rejected, already enabled [ 343.313995][T10166] netlink: 'syz.2.1278': attribute type 10 has an invalid length. [ 343.404958][T10166] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 343.508877][T10167] [ 343.511345][T10167] ====================================================== [ 343.518396][T10167] WARNING: possible circular locking dependency detected [ 343.525451][T10167] 6.16.0-syzkaller #0 Not tainted [ 343.530591][T10167] ------------------------------------------------------ [ 343.537820][T10167] syz.2.1278/10167 is trying to acquire lock: [ 343.543903][T10167] ffff88807ec40e00 (team->team_lock_key#3){+.+.}-{4:4}, at: team_device_event+0x544/0xa20 [ 343.554136][T10167] [ 343.554136][T10167] but task is already holding lock: [ 343.561516][T10167] ffff888028746d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0 [ 343.571228][T10167] [ 343.571228][T10167] which lock already depends on the new lock. [ 343.571228][T10167] [ 343.581655][T10167] [ 343.581655][T10167] the existing dependency chain (in reverse order) is: [ 343.590703][T10167] [ 343.590703][T10167] -> #1 (&dev_instance_lock_key#3){+.+.}-{4:4}: [ 343.599247][T10167] lock_acquire+0x120/0x360 [ 343.604356][T10167] __mutex_lock+0x182/0xe80 [ 343.609491][T10167] dev_set_mtu+0x10e/0x260 [ 343.614466][T10167] team_add_slave+0x8b8/0x2840 [ 343.619782][T10167] do_set_master+0x530/0x6d0 [ 343.624912][T10167] do_setlink+0xcf0/0x41c0 [ 343.629864][T10167] rtnl_newlink+0x160b/0x1c70 [ 343.635080][T10167] rtnetlink_rcv_msg+0x7cc/0xb70 [ 343.640551][T10167] netlink_rcv_skb+0x205/0x470 [ 343.645849][T10167] netlink_unicast+0x75c/0x8e0 [ 343.651146][T10167] netlink_sendmsg+0x805/0xb30 [ 343.656442][T10167] __sock_sendmsg+0x21c/0x270 [ 343.661650][T10167] ____sys_sendmsg+0x505/0x830 [ 343.666945][T10167] ___sys_sendmsg+0x21f/0x2a0 [ 343.672155][T10167] __x64_sys_sendmsg+0x19b/0x260 [ 343.677630][T10167] do_syscall_64+0xfa/0x3b0 [ 343.682662][T10167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.689081][T10167] [ 343.689081][T10167] -> #0 (team->team_lock_key#3){+.+.}-{4:4}: [ 343.697272][T10167] validate_chain+0xb9b/0x2140 [ 343.702566][T10167] __lock_acquire+0xab9/0xd20 [ 343.707769][T10167] lock_acquire+0x120/0x360 [ 343.712796][T10167] __mutex_lock+0x182/0xe80 [ 343.717846][T10167] team_device_event+0x544/0xa20 [ 343.723312][T10167] notifier_call_chain+0x1b3/0x3e0 [ 343.728951][T10167] netif_state_change+0x284/0x3a0 [ 343.734504][T10167] do_setlink+0x35de/0x41c0 [ 343.739548][T10167] rtnl_newlink+0x149f/0x1c70 [ 343.744754][T10167] rtnetlink_rcv_msg+0x7cc/0xb70 [ 343.750220][T10167] netlink_rcv_skb+0x205/0x470 [ 343.755576][T10167] netlink_unicast+0x75c/0x8e0 [ 343.760869][T10167] netlink_sendmsg+0x805/0xb30 [ 343.766179][T10167] __sock_sendmsg+0x21c/0x270 [ 343.771411][T10167] ____sys_sendmsg+0x505/0x830 [ 343.776722][T10167] ___sys_sendmsg+0x21f/0x2a0 [ 343.781946][T10167] __x64_sys_sendmsg+0x19b/0x260 [ 343.787421][T10167] do_syscall_64+0xfa/0x3b0 [ 343.792486][T10167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.798918][T10167] [ 343.798918][T10167] other info that might help us debug this: [ 343.798918][T10167] [ 343.809175][T10167] Possible unsafe locking scenario: [ 343.809175][T10167] [ 343.816641][T10167] CPU0 CPU1 [ 343.822027][T10167] ---- ---- [ 343.827395][T10167] lock(&dev_instance_lock_key#3); [ 343.832633][T10167] lock(team->team_lock_key#3); [ 343.840150][T10167] lock(&dev_instance_lock_key#3); [ 343.847895][T10167] lock(team->team_lock_key#3); [ 343.852860][T10167] [ 343.852860][T10167] *** DEADLOCK *** [ 343.852860][T10167] [ 343.861008][T10167] 2 locks held by syz.2.1278/10167: [ 343.866300][T10167] #0: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 343.875377][T10167] #1: ffff888028746d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0 [ 343.885498][T10167] [ 343.885498][T10167] stack backtrace: [ 343.891392][T10167] CPU: 1 UID: 0 PID: 10167 Comm: syz.2.1278 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 343.891413][T10167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 343.891422][T10167] Call Trace: [ 343.891431][T10167] [ 343.891439][T10167] dump_stack_lvl+0x189/0x250 [ 343.891460][T10167] ? __pfx_dump_stack_lvl+0x10/0x10 [ 343.891477][T10167] ? __pfx__printk+0x10/0x10 [ 343.891497][T10167] ? print_lock_name+0xde/0x100 [ 343.891516][T10167] print_circular_bug+0x2ee/0x310 [ 343.891537][T10167] check_noncircular+0x134/0x160 [ 343.891559][T10167] validate_chain+0xb9b/0x2140 [ 343.891586][T10167] __lock_acquire+0xab9/0xd20 [ 343.891602][T10167] ? team_device_event+0x544/0xa20 [ 343.891616][T10167] lock_acquire+0x120/0x360 [ 343.891629][T10167] ? team_device_event+0x544/0xa20 [ 343.891648][T10167] __mutex_lock+0x182/0xe80 [ 343.891665][T10167] ? team_device_event+0x544/0xa20 [ 343.891678][T10167] ? do_raw_spin_lock+0x121/0x290 [ 343.891700][T10167] ? team_device_event+0x544/0xa20 [ 343.891715][T10167] ? __pfx___mutex_lock+0x10/0x10 [ 343.891733][T10167] ? fib_sync_up+0xe4/0x7b0 [ 343.891758][T10167] team_device_event+0x544/0xa20 [ 343.891774][T10167] notifier_call_chain+0x1b3/0x3e0 [ 343.891802][T10167] netif_state_change+0x284/0x3a0 [ 343.891821][T10167] ? __pfx_bpf_prog_put+0x10/0x10 [ 343.891840][T10167] ? __pfx_netif_state_change+0x10/0x10 [ 343.891861][T10167] ? dev_change_xdp_fd+0x1da/0x220 [ 343.891877][T10167] do_setlink+0x35de/0x41c0 [ 343.891900][T10167] ? trace_sched_exit_tp+0x38/0x120 [ 343.891926][T10167] ? __pfx_do_setlink+0x10/0x10 [ 343.891947][T10167] ? __lock_acquire+0xab9/0xd20 [ 343.891964][T10167] ? do_raw_spin_lock+0x121/0x290 [ 343.891986][T10167] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 343.892010][T10167] ? lockdep_hardirqs_on+0x9c/0x150 [ 343.892026][T10167] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 343.892049][T10167] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 343.892074][T10167] ? rcu_is_watching+0x15/0xb0 [ 343.892092][T10167] ? __mutex_lock+0xa6d/0xe80 [ 343.892108][T10167] ? __mutex_lock+0x51b/0xe80 [ 343.892126][T10167] ? rtnl_newlink+0x8db/0x1c70 [ 343.892146][T10167] ? __pfx___mutex_lock+0x10/0x10 [ 343.892166][T10167] ? ns_capable+0x8a/0xf0 [ 343.892182][T10167] ? rtnl_link_get_net_capable+0x16a/0x350 [ 343.892205][T10167] rtnl_newlink+0x149f/0x1c70 [ 343.892224][T10167] ? netlink_sendmsg+0x805/0xb30 [ 343.892250][T10167] ? __pfx_rtnl_newlink+0x10/0x10 [ 343.892277][T10167] ? kasan_quarantine_put+0xdd/0x220 [ 343.892300][T10167] ? lockdep_hardirqs_on+0x9c/0x150 [ 343.892317][T10167] ? nlmon_xmit+0xb0/0x100 [ 343.892335][T10167] ? kmem_cache_free+0x18f/0x400 [ 343.892352][T10167] ? __local_bh_enable_ip+0x12d/0x1c0 [ 343.892368][T10167] ? lockdep_hardirqs_on+0x9c/0x150 [ 343.892383][T10167] ? __local_bh_enable_ip+0x12d/0x1c0 [ 343.892398][T10167] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 343.892415][T10167] ? __dev_queue_xmit+0x27e/0x3a70 [ 343.892430][T10167] ? __dev_queue_xmit+0x27e/0x3a70 [ 343.892444][T10167] ? __dev_queue_xmit+0x27e/0x3a70 [ 343.892459][T10167] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 343.892475][T10167] ? __lock_acquire+0xab9/0xd20 [ 343.892498][T10167] ? __pfx_rtnl_newlink+0x10/0x10 [ 343.892517][T10167] rtnetlink_rcv_msg+0x7cc/0xb70 [ 343.892537][T10167] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 343.892556][T10167] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 343.892574][T10167] ? ref_tracker_free+0x63a/0x7d0 [ 343.892591][T10167] ? __copy_skb_header+0xa7/0x550 [ 343.892606][T10167] ? __pfx_ref_tracker_free+0x10/0x10 [ 343.892626][T10167] netlink_rcv_skb+0x205/0x470 [ 343.892646][T10167] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 343.892666][T10167] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 343.892691][T10167] ? netlink_deliver_tap+0x2e/0x1b0 [ 343.892711][T10167] ? netlink_deliver_tap+0x2e/0x1b0 [ 343.892733][T10167] netlink_unicast+0x75c/0x8e0 [ 343.892755][T10167] netlink_sendmsg+0x805/0xb30 [ 343.892779][T10167] ? __pfx_netlink_sendmsg+0x10/0x10 [ 343.892810][T10167] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 343.892825][T10167] ? __pfx_netlink_sendmsg+0x10/0x10 [ 343.892846][T10167] __sock_sendmsg+0x21c/0x270 [ 343.892865][T10167] ____sys_sendmsg+0x505/0x830 [ 343.892890][T10167] ? __pfx_____sys_sendmsg+0x10/0x10 [ 343.892917][T10167] ? import_iovec+0x74/0xa0 [ 343.892938][T10167] ___sys_sendmsg+0x21f/0x2a0 [ 343.892962][T10167] ? __pfx____sys_sendmsg+0x10/0x10 [ 343.892997][T10167] ? __fget_files+0x2a/0x420 [ 343.893013][T10167] ? __fget_files+0x3a0/0x420 [ 343.893033][T10167] __x64_sys_sendmsg+0x19b/0x260 [ 343.893057][T10167] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 343.893083][T10167] ? rcu_is_watching+0x15/0xb0 [ 343.893101][T10167] ? do_syscall_64+0xbe/0x3b0 [ 343.893119][T10167] do_syscall_64+0xfa/0x3b0 [ 343.893135][T10167] ? lockdep_hardirqs_on+0x9c/0x150 [ 343.893149][T10167] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.893165][T10167] ? clear_bhb_loop+0x60/0xb0 [ 343.893182][T10167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.893198][T10167] RIP: 0033:0x7f665d18ebe9 [ 343.893213][T10167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.893226][T10167] RSP: 002b:00007f665e0ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 343.893242][T10167] RAX: ffffffffffffffda RBX: 00007f665d3b6090 RCX: 00007f665d18ebe9 [ 343.893254][T10167] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000006 [ 343.893264][T10167] RBP: 00007f665d211e19 R08: 0000000000000000 R09: 0000000000000000 [ 343.893273][T10167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 343.893282][T10167] R13: 00007f665d3b6128 R14: 00007f665d3b6090 R15: 00007fff1c26cd38 [ 343.893299][T10167] [ 344.445777][T10167] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 344.644121][ T5904] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 344.804271][ T5904] usb 1-1: Using ep0 maxpacket: 8 [ 344.810663][ T5904] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 344.821862][ T5904] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 344.831880][ T5904] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 344.841818][ T5904] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 344.854913][ T5904] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 344.863999][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.092018][ T5904] usb 1-1: GET_CAPABILITIES returned 0 [ 345.097615][ T5904] usbtmc 1-1:16.0: can't read capabilities [ 345.308906][ T5904] usb 1-1: USB disconnect, device number 9