last executing test programs: 1m16.006488637s ago: executing program 0 (id=1147): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00'}) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x6c, r4, 0x4, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0x2e, 0x1, "735202a4316a5a5f14dc34dda4f9b78b4214d43449f1ef941ee7391c0a894ea55a3567c218d2f3c9e568"}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x20400}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x1ff}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x800}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48012}, 0x40031) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000480), 0x0, &(0x7f0000000280)) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) ioctl$BLKREPORTZONE(r5, 0xc0101282, &(0x7f0000000340)={0x6, 0x4, 0x0, [{0x8, 0xcbc, 0x1000000100000000, 0x67, 0x7, 0x4b, 0x6, '\x00', 0xa}, {0x8, 0x2, 0x1, 0x4, 0x6, 0x0, 0x7f, '\x00', 0x3ac8}, {0x11, 0x37, 0x2, 0x6, 0x0, 0x7, 0x7, '\x00', 0x6}, {0xac, 0x76, 0x7, 0x4, 0x9, 0x6, 0x2f, '\x00', 0x5}]}) 1m12.208925753s ago: executing program 0 (id=1153): mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x12) r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x40, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) getpgid(0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r4, r3, 0x80000001, 0x6) vmsplice(r5, &(0x7f0000000340)=[{&(0x7f0000000380)="22e8", 0x2}], 0x1, 0x1) getsockopt$inet6_mreq(r2, 0x29, 0x1c, 0x0, &(0x7f0000000340)) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80) socket$nl_generic(0x10, 0x3, 0x10) mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r6, &(0x7f00000002c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x142) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000080), &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x21, &(0x7f0000000240), 0x0, 0x10, &(0x7f00000002c0), &(0x7f0000000100), 0x8, 0xc7, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x6, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r7], 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x27, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r8}, 0x94) socket$inet_smc(0x2b, 0x1, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r9) sendmsg$BATADV_CMD_TP_METER(r9, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000003af1c23c6ea010f06107e9c2bb9494fe03f5a44eb6e16c9e320f5d06bb109695a5eae896dc391e87a63bf62cd818d60653fd3276353e453b5682140761afae70cd5cd848e40daa924a2d17dfc11c72523ff32074aac702b6c1583ea5e50d3b4f677ce2ca31c02d2bfaa006c95958f22df2e15c334d520e167cd8d24f1ee758054851833ad20f9aa315fb6de5574e032cf1bd0d6485ea51ecb29158efa5b8bbabdbd89f", @ANYRES16=r10, @ANYBLOB="01002bbd7000fbdbdf2502000000"], 0x14}}, 0x20040084) 1m11.35753231s ago: executing program 0 (id=1154): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_TUNER(r3, 0xc054561d, 0x0) connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x0, 0x0) lchown(0x0, 0x0, 0xffffffffffffffff) connect$netrom(0xffffffffffffffff, 0x0, 0x0) listen(r0, 0x1ad72f7) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x500, 0x0) accept4(r1, 0x0, 0x0, 0x80000) 1m10.312700337s ago: executing program 0 (id=1156): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000080)=0x8, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="010029bd7000fedbdf250100000008000300", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x20000040}, 0x40040d0) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$sock_int(r7, 0x1, 0x2d, &(0x7f0000000200)=0x7, 0x4) syz_mount_image$udf(&(0x7f0000000140), &(0x7f0000000b40)='./file1\x00', 0x2014c44, &(0x7f0000000180)=ANY=[@ANYBLOB="696f636861727365743d6b6f69382d72752c766f6c756d653d3030303030303030303030300000000063686f723d30303030303030303030303030303030303030342c6e6f6164696e6963622c6769643d69676e6f72652c7569643d6967ee6f7200006769643dc7865530221d5cf1ffa33f314577d414dd0f02989f344aa1daf1517b816480770a92f1eaeab3d78957fc83df545faf189820845d1a3ae48728ee6ed8684b4f3acff28b7d51848813c91e8e6278a3cfa72eec120ebbc7baaaf78c062300000000000000", @ANYRES32, @ANYRES64], 0xfe, 0xc25, &(0x7f0000000b80)="$eJzs3UFsHNd9B+D/Gy1Fym4qJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkI22ZXnroIUBR9JATgdYokKKB0RRBj2zrAsnFhyKnnogWNoKiB7YIkF4CBjP7VlxSlCWZIkXa32dTv9mZ92bem1nPyILevAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIn73lYunn0+PuhUAwH66PP6V02c8/wHgY+WK//8HAAAAAAAAAAAAAICDLkURT0SK+cvrabL63DFwqT1789bEyOjO1Y6lquaRqnz5M/D8mbPnvvjC8PlufnD9h+2peG38ysX6y3M35hdai4ut6frEbHtqbrp133vYbf3thqoTUL/x+s3pa9cW62eeO7tl863B9/sfPzF4YfiZU093y06MjI6O95Sp9X3oo9/hbiM8jkYRpyLFs9/9cWpGRBG7Pxf3+O7stWNVJ4aqTkyMjFYdmWk3Z5fKjWPdE1FE1HsqNbrnaB+uxa40IpbL5pcNHiq7Nz7fXGhenWnVx5oLS+2l9tzsWOq0tuxPPYo4nyJWImKt/87d9UURtUjx7ePr6WpEHOmehy9UA4Pv3o5iD/t4H8p21vsiVooHuWaf2N9GHgL9UcSrkeIn7xQxVZ6z/BOfj3i1zO9HvFXmSxGp/GKci3hvh+8Rh1Mtivjz8vpfWE/T1f2ge1+59NX6l2evzfWU7d5XDv3zYT8d8OfJQBTRrO746+nD/2YHAAAAAAAAAAAAAAAAgIftWBTxVKR45d//sBpXHNW49OMXhn9v8BO9Y8afvMd+yrLPRcRycX9jco/mIcRjaSylBxhL/P8bHQ/SR+5uIIr4ozz+75uPujEAAAAAAAAAAAAAAAAAAAAfa0X8KFK8+O7JtBK9c4q3Z6/XrzSvznRmhe3O/dudM31jY2OjnjrZyDmZcznnSs7VnGs5o8j1czZyTuZczrmSczXnWs44kuvnbOSczLmccyXnas61nFHL9XM2ck7mXM65knM151rOOCBz9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfJQUUcTPIsW3vr6eIkVEI2IyOrna3y0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxK/amI70WK+u83bq+rRUSq/u04Wf5yLhpHy/xUNIbLfCkaF3M2q6w1vvkI2s/u9KUifhgp+gfevn3B8/Xv63y6/TWIt76x+emXa5080t04+H7/4yeOXxge/dUn77acdmrA0KX27M1b9YmR0dHxntW1fPRP9awbzMctHk7XiYjFN958vTkz01qw8PFYqHUWanFA2rNfC/l+FQelPdsXGgejGZsLj/jGxL4on//vRYrfevc/ug/87vP/Fzqfbj/h46d/vPn8f3H7jvbo+f9Ez7oX8+9G+moRA0s35vtORAwsvvHmqfaN5vXW9dbsudOnvzQ8/KWzp/uORgxca8+0epZ2faoAAAAAAAAAAAAAAAAA9lcq4nciRfOH66keEbeq8VqDF4afOfX0kThSjbfaMm7rtfErF+svz92YX2gtLram6xOz7am56db9Hm6gGu41MTK6J525p2N73P5jAy/Pzb+x0L7+B0s7bn9s4OLVxaWF5tTOm+NYFBGN3jVDVYMnRkarRs+0m7NV1bEdB9M9uL5UxH9Giqlz9fS5vC6P/9s+wn/L+P/l7Tvao/F/n+xZVx4zpSJ+Gil+8y+ejM9V7Xws7jhnudzfRIqh85/N5eJoWa7bhs57BTojA8uy/xsp/uFnW8t2x0M+sVn2+fs+sYdEef2PR4rv/dl34tfyuq3vf9j5+j+2fUd7dP0/3bPusS3vK9h118nX/1SkeOmJt+PX87oPev9HERsbG38ScTIXvv1+jj26/p/pWTcYneP+xsPrPgAAAAAAAAAAwKHVl4r420jx9GgtvZDX3c/f/5vevqM9+vtfv9Szbnqf5ivaPOLRD39iAQAAAOAA6EtF/ChSXF96+/YY6q3jv3vGf/725tzrI2nb1urP+X6xem/Aw/zzv16D+biTu+82AAAAAAAAAAAAAAAAAAAAHCgpFfFCnk998h7zqa9Gilf++9lcLp0oy3XngR+sfh24PDd76uLMzNxUc6l5daZVH59vTrXKup+OFOt//dlct6jmV+/ON9+Z431gozsX+0KkGP27btnOXOzduck784F35mIvy34yUvzX328t253H+jObZc+UZf8qUnztn3Yue2Kz7Nmy7HcixQ++Vu+Wfaws230/auedpAO1mGk9NzU3c8erUAEAAAAAAAAAAAAAAAAAAOBB9aUi/jRS/M+NlVjOw/7z/P/dGfhr3bJvfaNnvv9tblXz/A9W8//fbfnDzP8/+NB6CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAh0eKIt6MFPOX19Nqf/m5Y+BSe/bmrYmR0Z2rHUtVzSNV+fJn4PkzZ8998YXh89384PoP21Px2viVi/WX527ML7QWF1vT9YnZ9tTcdOu+97Db+punrmOoOgH1G6/fnL52bbF+5rmzWzbfGny///ETgxeGnzn1dLfsxMjo6HhPmVrfAxz9gRq36WgU8ZeR4tnv/jj9c39EEbs/F/f47uy1Y1UnhqpOTIyMVh2ZaTdnl8qNY90TUUTUeyo1uudoH67FrjQilsvmlw0eKrs3Pt9caF6dadXHmgtL7aX23OxY6rS27E89ijifIlYiYq3/zt31RRGvR4pvH19P/9IfcaR7Hr5wefwrp8/cvR3FHvbxPpTtrPdFrBSH4JodYP1RxD9Gip+8czL+tT+iFp2f+HzEq2V+P+KtMl+KSOUX41zEezt8jzicalHE/5XX/8J6eqe/vB907yuXvlr/8uy1uZ6y3fvKoX8+7KcDfm8aiCJ+UN3x19O/+e8aAAAAAAAAAAAAAAAA4AAp4lcixYvvnkzV+ODbY4rbs9frV5pXZzrD+rpj/7pjpjc2NjbqqZONnJM5l3Ou5FzNuZYzilw/ZyPnZM7lnCs5V3Ou5YwjuX7ORs7JnMs5V3Ku5lzLGbVcP2cj52TO5ZwrOVdzruWMAzJ2DwAAAAAAAAAAAAAAAAAA+Ggpqn9SfOvr62mjvzO/9GR0ctV8oB95Pw8AAP//w8oFHg==") openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) mknod$loop(&(0x7f00000017c0)='./bus\x00', 0x40, 0x0) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) recvmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 1m7.984880815s ago: executing program 0 (id=1159): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x8}, 0x9) write(r0, &(0x7f00000000c0)="240000001e005f0214f6fffffffffff8070000000000000000000000080009000d000000", 0x24) 1m6.431833329s ago: executing program 0 (id=1162): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x89b8, 0x8, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{0x0}], 0x1, 0x12}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 50.25496423s ago: executing program 32 (id=1162): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x89b8, 0x8, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{0x0}], 0x1, 0x12}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 13.831894836s ago: executing program 4 (id=1264): mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x12) r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x40, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) getpgid(0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r4, r3, 0x80000001, 0x6) vmsplice(r5, &(0x7f0000000340)=[{&(0x7f0000000380)="22e8", 0x2}], 0x1, 0x1) getsockopt$inet6_mreq(r2, 0x29, 0x1c, 0x0, &(0x7f0000000340)) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80) socket$nl_generic(0x10, 0x3, 0x10) mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r6, &(0x7f00000002c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x142) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000080), &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x21, &(0x7f0000000240), 0x0, 0x10, &(0x7f00000002c0), &(0x7f0000000100), 0x8, 0xc7, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x6, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r7], 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x27, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r8}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) 12.972342484s ago: executing program 4 (id=1266): socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x5d032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) syz_emit_ethernet(0x4e, 0x0, 0x0) r3 = getpgrp(0x0) ptrace$ARCH_GET_UNTAG_MASK(0x1e, r3, &(0x7f0000000080), 0x4001) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000100)={{&(0x7f0000611000/0x2000)=nil, 0x2000}}) sendmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000010010000"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r2, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) 11.696357942s ago: executing program 4 (id=1268): syz_open_dev$sg(0x0, 0x5, 0x280) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCMIWAIT(r1, 0x545c, 0x0) 11.484174694s ago: executing program 1 (id=1269): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000200)={'ip6gretap0\x00', @remote}) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"/13], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x24}, 0x94) prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) 11.211776074s ago: executing program 1 (id=1271): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) fcntl$dupfd(r0, 0x0, r0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18) openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x101403, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) syz_open_procfs$namespace(r2, &(0x7f0000000040)='ns/mnt\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x12, 0xb, 0x8, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={0xffffffffffffffff, 0x0, &(0x7f0000000240)=""/47}, 0x20) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) r4 = semget$private(0x0, 0x6, 0x0) semtimedop(r4, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) semop(r4, &(0x7f00000000c0)=[{0x4}, {0x2}], 0x2) semctl$IPC_RMID(r4, 0x0, 0x0) 10.459284099s ago: executing program 4 (id=1273): r0 = memfd_secret(0x80000) openat(r0, &(0x7f0000000080)='./file0\x00', 0x2000, 0x3a) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) add_key(0x0, &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) syz_open_dev$dri(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44804) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000ac0)={0x2, &(0x7f0000000a80)=[{0x40}, {0x16}]}, 0x10) sendmmsg(r4, &(0x7f0000003180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000000)={0x8}, 0x9) write(r7, &(0x7f00000000c0)="240000001e005f0214f6fffffffffff8070000000000000000000000080009000d000000", 0x24) ioctl$TUNSETOFFLOAD(r6, 0x400454c9, 0xba98575a95aeb70d) ioctl$TUNSETNOCSUM(r6, 0x400454c8, 0x1) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000400)={0x1, 0x0, 0x16, 0x0, 0xe54}, 0xc) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40004) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0}, 0x8000) 10.373458563s ago: executing program 1 (id=1274): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)='T', 0x1, 0x8910, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = syz_open_dev$vbi(0x0, 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0xfffffffe) r3 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x5, 0x2, 0x2d9b, 0x7, 0x1, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4}, 0x48) ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, &(0x7f0000000940)=0xffffffffffffffff) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r4, 0x7c81, 0x0) socket$kcm(0x2, 0x5, 0x84) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, 0x0, 0x4000) recvmmsg(r5, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000001700)=""/213, 0xd5}, {&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000003e00)=""/4098, 0x1002}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f0000000600)}, 0x8}, {{0x0, 0x0, 0x0}, 0xc}], 0x7, 0x40000020, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c0c0}, 0x0) membarrier(0x10, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d8", 0xe) 9.208389071s ago: executing program 4 (id=1276): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0x6c, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@encap={0x1c, 0x4, {0xfffffffffffffffe, 0x4e24, 0x4e23, @in6=@private1}}]}, 0x6c}}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000000c0), 0x10012, &(0x7f0000000340)={[{@release_agent={'release_agent', 0x3d, './file0'}}, {@release_agent={'release_agent', 0x3d, './file0'}}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$binfmt_register(r3, &(0x7f0000000240)={0x3a, 'syz1', 0x3a, 'E', 0x3a, 0xffff, 0x3a, 'lowerdir', 0x3a, '-][^u%\x12[4&(', 0x3a, './file0/../file0', 0x3a, [0x46, 0x43]}, 0x45) 7.648215322s ago: executing program 3 (id=1278): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0x0, 0x2b, @empty, @empty}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 7.23956715s ago: executing program 3 (id=1279): socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x8000) openat$vsock(0xffffffffffffff9c, 0x0, 0x1b5040, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r6, r5], 0x2, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}) ioctl$DRM_IOCTL_MODE_GETENCODER(r7, 0xc01464a6, &(0x7f0000000180)={r8}) 5.649285166s ago: executing program 2 (id=1281): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f00000005c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x121d, &(0x7f0000000100)={0x0, 0x7d10, 0x10, 0x2, 0x1000034e}, &(0x7f0000000040)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r3 = socket(0x2a, 0x2, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x3) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x23457}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 5.645633204s ago: executing program 3 (id=1282): syz_open_dev$sg(0x0, 0x5, 0x280) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCMIWAIT(r1, 0x545c, 0x0) 5.472151263s ago: executing program 2 (id=1283): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) fcntl$dupfd(r0, 0x0, r0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18) openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x101403, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) syz_open_procfs$namespace(r2, &(0x7f0000000040)='ns/mnt\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x12, 0xb, 0x8, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={0xffffffffffffffff, 0x0, &(0x7f0000000240)=""/47}, 0x20) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) r4 = semget$private(0x0, 0x6, 0x0) semtimedop(r4, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) semop(r4, &(0x7f00000000c0)=[{0x4}, {0x2}], 0x2) semctl$IPC_RMID(r4, 0x0, 0x0) 5.301499412s ago: executing program 4 (id=1284): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) recvmmsg(r0, &(0x7f0000000400)=[{{&(0x7f0000000380)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f0000000080)=[{&(0x7f00000004c0)=""/164, 0xa4}, {&(0x7f0000001640)=""/4096, 0x1000}], 0x2}, 0x1}], 0x1, 0x40000002, &(0x7f0000000440)={0x77359400}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x401, 0xffffffffffffffff, 0x0, 0xa002a0}, 0x38) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000400)=@overlay={0x8, 0x0, 0x4, 0x0, 0xfffffffd, {0x0, 0xea60}, {0x1, 0x1, 0x3, 0x9, 0x21, 0x3, "bc5c938a"}, 0x1ff, 0x3, {}, 0x9, 0x0, 0xffffffffffffffff}) syz_open_dev$vim2m(&(0x7f0000000000), 0xa194, 0x2) r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) write$FUSE_INIT(r6, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x1282, 0x400c6001, 0x5, 0x8, 0x10, 0xc40b, 0x0, 0x0, 0x40, 0x6}}, 0x50) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') read$qrtrtun(r7, 0x0, 0x0) close_range(r5, r7, 0x2) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) 5.300762839s ago: executing program 1 (id=1285): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x25b9, 0x100, 0x0, 0x215}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r4, 0x32, &(0x7f00000000c0)=@un=@abs={0x1, 0x0, 0x4e20}}) io_uring_enter(r5, 0x3516, 0x483, 0x0, 0x0, 0x0) 3.79618852s ago: executing program 1 (id=1286): mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x12) r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x40, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) getpgid(0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r4, r3, 0x80000001, 0x6) vmsplice(r5, &(0x7f0000000340)=[{&(0x7f0000000380)="22e8", 0x2}], 0x1, 0x1) getsockopt$inet6_mreq(r2, 0x29, 0x1c, 0x0, &(0x7f0000000340)) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80) socket$nl_generic(0x10, 0x3, 0x10) mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r6, &(0x7f00000002c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x142) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000080), &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x21, &(0x7f0000000240), 0x0, 0x10, &(0x7f00000002c0), &(0x7f0000000100), 0x8, 0xc7, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) 3.729406034s ago: executing program 2 (id=1287): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x54, r4, 0xfe12482fe0801d67, 0x0, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xfffffffffffffc52, 0x8f, 0x1}, {0xc, 0x90, 0xa3}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040010}, 0x600c000) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) bind$xdp(r5, &(0x7f0000000100)={0x2c, 0x18, r6}, 0x10) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, 0x2, 0x6, 0x3, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4004800}, 0x0) 3.683435166s ago: executing program 3 (id=1288): io_setup(0x2, &(0x7f0000000040)=0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume_offset', 0x1, 0x82) io_submit(r0, 0x1, &(0x7f0000000400)=[0x0]) 2.567508842s ago: executing program 2 (id=1289): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[], 0x50) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r5 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c) 2.39864483s ago: executing program 3 (id=1290): ioperm(0x7, 0x81, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0) ftruncate(r0, 0x8800000) r1 = gettid() timer_create(0x0, &(0x7f0000001640)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff}) sendfile(r2, r0, 0x0, 0x578410eb) sendfile(r2, r0, 0x0, 0x100000000) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000400)={'ipvlan1\x00', &(0x7f0000000300)=@ethtool_drvinfo={0x3, "cfae1e8610332aaf073c8d7e23e24149747696f72937d0eaa72f3f6db551129c", "88525cd14f8eed12a8efcbb486d5f94e1f7192a907767ee928726d8541593048", "94ed2609f31e59a9041429955c25747ddc5a9aa68b65f79d739539ff50fe6bbc", "e6ece6330b875a499a782bbd0bde05326e338adc8f3a60c5212b04fb64fff642", "a4e30583baf6fdc385302137f3f6b686903632a36dd691e2f0de22424c816b2b", "69dcedab10ae79d6206beff9", 0x7fffffff, 0x0, 0x4, 0x1, 0x1000}}) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) write$binfmt_register(0xffffffffffffffff, &(0x7f0000000100)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x7, 0x3a, '*.-*', 0x3a, '', 0x3a, './file0'}, 0x2b) setsockopt$inet_tcp_int(r6, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r6, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) 2.266379172s ago: executing program 5 (id=1190): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0xeeee8000, 0x8, 0x1}, {0x0, 0x2000, 0xf, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5}, {0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80, 0x4}, {0x10000, 0xeeee8000, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfc}, {0x0, 0xffff1000, 0xc, 0x2, 0x3, 0x10, 0x6, 0x0, 0x1, 0x0, 0x4}, {0x8080000, 0x10000, 0x0, 0x0, 0x0, 0xfd}, {0x0, 0x0, 0xa, 0x0, 0x80, 0xf9, 0x0, 0x7, 0x3a, 0x2}, {0x0, 0x3000, 0x0, 0x2, 0x0, 0x54, 0x7, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x2000, 0x400}, {}, 0xddf8ffdb, 0x0, 0x6000, 0x100, 0x8, 0x8000, 0x3000, [0x0, 0x1000000, 0x39f]}) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, &(0x7f0000001280)={0x0, 0xdddd0000, 0x2, 0x5, 0x50}) 821.449619ms ago: executing program 2 (id=1291): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000200)={'ip6gretap0\x00', @remote}) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"/15], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x24}, 0x94) prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) 796.896601ms ago: executing program 1 (id=1292): r0 = syz_open_dev$sg(0x0, 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x1c) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r4, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x82, 0x200000007}) fcntl$lock(r4, 0x24, &(0x7f0000000180)={0x2, 0x2, 0x20000000010000, 0x80000003}) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44041}, 0x4000000) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20) ioctl$KVM_RUN(r7, 0xae80, 0x0) 729.328307ms ago: executing program 3 (id=1293): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) gettid() timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) pread64(r0, 0x0, 0x0, 0xce2) 120.012507ms ago: executing program 5 (id=1294): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x1c, r1, 0x917, 0xa7, 0x1000000, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}}, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(0x0, r3) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$PTP_PIN_SETFUNC(r5, 0x40603d07, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) socket$rxrpc(0x21, 0x2, 0x2) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000000)={r7, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10) sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)={0x38, r4, 0x100, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x44000) r9 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x4040, 0x0) ioctl$RNDZAPENTCNT(r9, 0x5204, &(0x7f0000000100)=0x4) sendmsg$nl_route_sched(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0x13}}}, 0x24}}, 0x20044810) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0x10001, 0x0, 0x3, 0x0, 0x41d6}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x9, 0x4, 0x401, 0x5f}, 0x3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x40}, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000632ac6a260000aaaaaaaaaa188100140008004500005a0000200000329078ac1e0101000000004e230000004690782d7d05e9e667b490dabb5af83745cc076fea7e29abdc17c8c3480a137527e4d48b3b648bd5f0798c4fee13b0dc7c028132176121d1b0ae0397d444"], 0x70) socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 0s ago: executing program 2 (id=1295): pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000780)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) recvmmsg(r1, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x80, &(0x7f0000001400)=[{&(0x7f0000000300)=""/102, 0x66}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/111, 0x6f}], 0x3}}], 0x1, 0x40002002, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x9004) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r3, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x800000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) recvmmsg(r3, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001d40)=""/4078, 0xfee}, {&(0x7f0000000340)=""/141, 0x8d}, {&(0x7f0000002d40)=""/4116, 0x1005}, {&(0x7f0000000400)=""/6, 0x6}, {&(0x7f0000000440)=""/231, 0xe7}], 0x5}}], 0x3ffffbd, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.70' (ED25519) to the list of known hosts. [ 84.607756][ T5817] cgroup: Unknown subsys name 'net' [ 84.744137][ T5817] cgroup: Unknown subsys name 'cpuset' [ 84.753780][ T5817] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.384821][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.326704][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.355207][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.357751][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.369780][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.371649][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.384284][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.393258][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.401336][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.401869][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.408484][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.424671][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.433290][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.433574][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.443278][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.460721][ T5151] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.468658][ T5151] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.476181][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.483185][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.484079][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.492432][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.498814][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.513632][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.518194][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.531732][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.533386][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.120917][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 90.223358][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 90.249577][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 90.519079][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.527596][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.541972][ T5846] bridge_slave_0: entered allmulticast mode [ 90.552453][ T5846] bridge_slave_0: entered promiscuous mode [ 90.602316][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.609575][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.617053][ T5846] bridge_slave_1: entered allmulticast mode [ 90.624511][ T5846] bridge_slave_1: entered promiscuous mode [ 90.637669][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 90.666695][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.674040][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.682043][ T5828] bridge_slave_0: entered allmulticast mode [ 90.689346][ T5828] bridge_slave_0: entered promiscuous mode [ 90.744418][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 90.757043][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.765057][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.773741][ T5828] bridge_slave_1: entered allmulticast mode [ 90.781551][ T5828] bridge_slave_1: entered promiscuous mode [ 90.800096][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.809477][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.818038][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.825332][ T5837] bridge_slave_0: entered allmulticast mode [ 90.832749][ T5837] bridge_slave_0: entered promiscuous mode [ 90.882015][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.891528][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.898717][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.906276][ T5837] bridge_slave_1: entered allmulticast mode [ 90.914648][ T5837] bridge_slave_1: entered promiscuous mode [ 91.030844][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.048260][ T5846] team0: Port device team_slave_0 added [ 91.057090][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.071524][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.094227][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.131272][ T5846] team0: Port device team_slave_1 added [ 91.207717][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.215302][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.224754][ T5827] bridge_slave_0: entered allmulticast mode [ 91.232468][ T5827] bridge_slave_0: entered promiscuous mode [ 91.263208][ T5828] team0: Port device team_slave_0 added [ 91.284649][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.294653][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.302073][ T5827] bridge_slave_1: entered allmulticast mode [ 91.309405][ T5827] bridge_slave_1: entered promiscuous mode [ 91.332680][ T5837] team0: Port device team_slave_0 added [ 91.387403][ T5828] team0: Port device team_slave_1 added [ 91.394315][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.401782][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.428179][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.442061][ T5837] team0: Port device team_slave_1 added [ 91.451072][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.460668][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.467814][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.476046][ T5833] bridge_slave_0: entered allmulticast mode [ 91.483517][ T5833] bridge_slave_0: entered promiscuous mode [ 91.492556][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.499758][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.507656][ T5840] Bluetooth: hci0: command tx timeout [ 91.507796][ T5833] bridge_slave_1: entered allmulticast mode [ 91.521332][ T5833] bridge_slave_1: entered promiscuous mode [ 91.553656][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.560715][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.586975][ T5839] Bluetooth: hci3: command tx timeout [ 91.586984][ T5844] Bluetooth: hci1: command tx timeout [ 91.587302][ T5844] Bluetooth: hci2: command tx timeout [ 91.593019][ T5840] Bluetooth: hci4: command tx timeout [ 91.604235][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.657914][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.695537][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.703029][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.729226][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.742836][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.749853][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.776289][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.797867][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.804943][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.831118][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.844279][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.851430][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.878305][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.921917][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.934650][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.952604][ T5827] team0: Port device team_slave_0 added [ 91.983571][ T978] cfg80211: failed to load regulatory.db [ 92.023868][ T5827] team0: Port device team_slave_1 added [ 92.049503][ T5846] hsr_slave_0: entered promiscuous mode [ 92.056435][ T5846] hsr_slave_1: entered promiscuous mode [ 92.068590][ T5828] hsr_slave_0: entered promiscuous mode [ 92.075793][ T5828] hsr_slave_1: entered promiscuous mode [ 92.082218][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 92.088047][ T5828] Cannot create hsr debugfs directory [ 92.153364][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.160399][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.187092][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.205202][ T5833] team0: Port device team_slave_0 added [ 92.248502][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.256474][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.282980][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.295625][ T5833] team0: Port device team_slave_1 added [ 92.322610][ T5837] hsr_slave_0: entered promiscuous mode [ 92.329016][ T5837] hsr_slave_1: entered promiscuous mode [ 92.335441][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 92.341325][ T5837] Cannot create hsr debugfs directory [ 92.401162][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.408158][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.434526][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.479267][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.486541][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.513119][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.572000][ T5827] hsr_slave_0: entered promiscuous mode [ 92.578647][ T5827] hsr_slave_1: entered promiscuous mode [ 92.585806][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 92.592735][ T5827] Cannot create hsr debugfs directory [ 92.822025][ T5833] hsr_slave_0: entered promiscuous mode [ 92.828374][ T5833] hsr_slave_1: entered promiscuous mode [ 92.835386][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 92.841298][ T5833] Cannot create hsr debugfs directory [ 93.158246][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.186693][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.198073][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.226488][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.305028][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.316855][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.328030][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.339754][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.438275][ T5828] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.456798][ T5828] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.484409][ T5828] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.497464][ T5828] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.581481][ T5840] Bluetooth: hci0: command tx timeout [ 93.645656][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.657477][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.667882][ T5840] Bluetooth: hci2: command tx timeout [ 93.667898][ T5844] Bluetooth: hci4: command tx timeout [ 93.667934][ T5844] Bluetooth: hci3: command tx timeout [ 93.674235][ T5840] Bluetooth: hci1: command tx timeout [ 93.704045][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.715537][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.772204][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.813161][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.875286][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.898838][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.910112][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.922049][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.943604][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.956442][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.969972][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.977279][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.990202][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.997353][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.016156][ T268] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.023364][ T268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.037200][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.044424][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.061479][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.135991][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.218036][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.225271][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.247565][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.277589][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.285211][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.442453][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.561486][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.583286][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.619412][ T268] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.626652][ T268] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.693548][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.735616][ T268] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.742812][ T268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.787442][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.794647][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.844148][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.851375][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.869051][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.936620][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.137971][ T5837] veth0_vlan: entered promiscuous mode [ 95.165987][ T5846] veth0_vlan: entered promiscuous mode [ 95.175750][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.248126][ T5846] veth1_vlan: entered promiscuous mode [ 95.259472][ T5837] veth1_vlan: entered promiscuous mode [ 95.458223][ T5846] veth0_macvtap: entered promiscuous mode [ 95.495121][ T5837] veth0_macvtap: entered promiscuous mode [ 95.519507][ T5837] veth1_macvtap: entered promiscuous mode [ 95.528938][ T5846] veth1_macvtap: entered promiscuous mode [ 95.560041][ T5828] veth0_vlan: entered promiscuous mode [ 95.587616][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.611387][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.636335][ T5828] veth1_vlan: entered promiscuous mode [ 95.649476][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.670825][ T5840] Bluetooth: hci0: command tx timeout [ 95.679152][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.688288][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.724887][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.739764][ T3511] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.748777][ T5840] Bluetooth: hci3: command tx timeout [ 95.748823][ T5840] Bluetooth: hci2: command tx timeout [ 95.748862][ T5840] Bluetooth: hci4: command tx timeout [ 95.750583][ T5839] Bluetooth: hci1: command tx timeout [ 95.809126][ T3511] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.819444][ T3511] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.849035][ T3511] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.864237][ T3511] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.932759][ T3511] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.966163][ T3511] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.985458][ T3511] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.004080][ T5828] veth0_macvtap: entered promiscuous mode [ 96.053134][ T5828] veth1_macvtap: entered promiscuous mode [ 96.158705][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.167676][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.171419][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.180213][ T5827] veth0_vlan: entered promiscuous mode [ 96.238408][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.256681][ T3511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.257847][ T5827] veth1_vlan: entered promiscuous mode [ 96.271667][ T3511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.328344][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.344662][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.363718][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.372538][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.405061][ T3511] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.422830][ T3511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.436182][ T3511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.464327][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.471157][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.549425][ T5833] veth0_vlan: entered promiscuous mode [ 96.598272][ T5827] veth0_macvtap: entered promiscuous mode [ 96.666011][ T5827] veth1_macvtap: entered promiscuous mode [ 96.682428][ T5833] veth1_vlan: entered promiscuous mode [ 96.721399][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.771939][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.807711][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.914232][ T3511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.958178][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.114326][ T3511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.178887][ T5833] veth0_macvtap: entered promiscuous mode [ 97.229497][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.269100][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.343805][ T5833] veth1_macvtap: entered promiscuous mode [ 97.386357][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.577800][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.595035][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.640547][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.699260][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.719578][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.740669][ T5839] Bluetooth: hci0: command tx timeout [ 97.750462][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.770667][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.792625][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.820457][ T5839] Bluetooth: hci1: command tx timeout [ 97.825197][ T5840] Bluetooth: hci4: command tx timeout [ 97.828083][ T5844] Bluetooth: hci2: command tx timeout [ 97.836873][ T5839] Bluetooth: hci3: command tx timeout [ 97.870843][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.052993][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.081930][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.118736][ T5967] ieee802154 phy0 wpan0: encryption failed: -22 [ 98.171037][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.196498][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.239615][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.247681][ T5941] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 98.319387][ T5969] process 'syz.2.10' launched './file1' with NULL argv: empty string added [ 98.370865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.379263][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.451494][ T5941] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 98.780439][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 99.029600][ T5980] overlayfs: missing 'lowerdir' [ 99.063522][ T5941] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 99.076758][ T5941] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 99.081329][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.107407][ T5941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 99.260922][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.352878][ T5941] usb 4-1: SerialNumber: syz [ 99.980638][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 100.132567][ T5941] usb 4-1: 0:2 : does not exist [ 100.503698][ T5941] usb 4-1: USB disconnect, device number 2 [ 100.644227][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 100.662289][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.230689][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.280750][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.361346][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.643442][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.207644][ T6017] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 106.939851][ T6056] syz.1.32: attempt to access beyond end of device [ 106.939851][ T6056] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 106.960611][ T6056] gfs2: error -5 reading superblock [ 108.470426][ T5834] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 109.456932][ T5834] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 109.678316][ T5834] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 109.742585][ T5834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.099140][ T5834] usb 5-1: config 0 descriptor?? [ 110.417854][ T6072] netlink: 'syz.0.36': attribute type 1 has an invalid length. [ 110.538360][ T5834] ath6kl: Unsupported hardware version: 0x0 [ 110.570385][ T5834] ath6kl: Failed to init ath6kl core: -22 [ 110.584053][ T5834] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 110.603963][ T6072] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.669818][ T6072] bridge_slave_0 (unregistering): left allmulticast mode [ 110.692035][ T6072] bridge_slave_0 (unregistering): left promiscuous mode [ 110.720215][ T6072] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.903095][ T6080] tipc: Started in network mode [ 110.962715][ T6080] tipc: Node identity 82add445dbea, cluster identity 4711 [ 111.005883][ T6080] tipc: Enabled bearer , priority 0 [ 111.061161][ T6089] netlink: 20 bytes leftover after parsing attributes in process `syz.2.40'. [ 111.088545][ T6086] tipc: Resetting bearer [ 111.111882][ T6079] tipc: Disabling bearer [ 111.352692][ T5921] usb 5-1: USB disconnect, device number 2 [ 111.390499][ T6093] trusted_key: encrypted_key: hex blob is missing [ 111.446355][ T6093] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[6093] [ 112.017097][ T6100] Zero length message leads to an empty skb [ 114.560748][ T6116] loop0: detected capacity change from 0 to 1764 [ 114.568385][ T6116] iso9660: Bad value for 'gid' [ 114.573267][ T6116] iso9660: Bad value for 'gid' [ 115.736806][ T6114] loop0: detected capacity change from 0 to 32768 [ 115.806474][ T6116] block device autoloading is deprecated and will be removed. [ 118.076054][ T6148] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 119.483586][ T6162] loop2: detected capacity change from 0 to 1764 [ 120.195398][ T6162] loop2: detected capacity change from 0 to 32768 [ 124.680351][ T5885] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 125.741336][ T5885] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 125.836839][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.904380][ T5885] usb 4-1: Product: syz [ 125.954235][ T5885] usb 4-1: Manufacturer: syz [ 125.958897][ T5885] usb 4-1: SerialNumber: syz [ 126.023799][ T6210] warning: `syz.1.75' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 126.949090][ T5885] usb 4-1: config 0 descriptor?? [ 128.378748][ T5885] usb-storage 4-1:0.0: USB Mass Storage device detected [ 129.582071][ T5885] usb 4-1: USB disconnect, device number 3 [ 130.261027][ T6239] syz.4.84 uses obsolete (PF_INET,SOCK_PACKET) [ 133.069001][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.076282][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.148378][ T6262] netlink: 36 bytes leftover after parsing attributes in process `syz.3.91'. [ 134.157483][ T6262] netlink: 36 bytes leftover after parsing attributes in process `syz.3.91'. [ 134.501604][ T6270] syz.4.94: attempt to access beyond end of device [ 134.501604][ T6270] nbd4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 134.516465][ T6270] gfs2: error -5 reading superblock [ 134.605974][ T5834] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 134.694510][ T6277] ======================================================= [ 134.694510][ T6277] WARNING: The mand mount option has been deprecated and [ 134.694510][ T6277] and is ignored by this kernel. Remove the mand [ 134.694510][ T6277] option from the mount to silence this warning. [ 134.694510][ T6277] ======================================================= [ 134.947491][ T5834] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 135.020282][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.029671][ T5834] usb 3-1: Product: syz [ 135.050199][ T5834] usb 3-1: Manufacturer: syz [ 135.262629][ T5834] usb 3-1: SerialNumber: syz [ 135.381309][ T5834] usb 3-1: config 0 descriptor?? [ 136.020445][ T5885] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 136.295349][ T5885] usb 4-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 136.420315][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.992037][ T5885] usb 4-1: config 0 descriptor?? [ 137.010652][ T5885] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 137.541746][ T6298] loop1: detected capacity change from 0 to 1764 [ 138.340007][ T5885] gspca_sunplus: reg_w_riv err -71 [ 138.360658][ T5885] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 138.393200][ T5885] usb 4-1: USB disconnect, device number 4 [ 138.422538][ T5834] usb-storage 3-1:0.0: USB Mass Storage device detected [ 139.005083][ T5834] usb 3-1: USB disconnect, device number 2 [ 139.369707][ T6319] affs: No valid root block on device nullb0 [ 142.711190][ T6351] usb usb8: usbfs: process 6351 (syz.2.116) did not claim interface 0 before use [ 142.723778][ T5885] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 143.618209][ T5885] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 143.705734][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.790019][ T5885] usb 2-1: Product: syz [ 143.794983][ T5885] usb 2-1: Manufacturer: syz [ 143.850585][ T5885] usb 2-1: SerialNumber: syz [ 144.022628][ T5885] usb 2-1: config 0 descriptor?? [ 144.373261][ T6360] loop2: detected capacity change from 0 to 1764 [ 145.196199][ T6360] loop2: detected capacity change from 0 to 32768 [ 145.965869][ T6368] syz.4.124: attempt to access beyond end of device [ 145.965869][ T6368] nbd4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 145.980377][ T6368] gfs2: error -5 reading superblock [ 146.786352][ T5885] usb-storage 2-1:0.0: USB Mass Storage device detected [ 146.891278][ T6379] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 146.924568][ T6379] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.925497][ T5885] usb 2-1: USB disconnect, device number 2 [ 146.933209][ T6379] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.353703][ T6414] loop2: detected capacity change from 0 to 1764 [ 152.054180][ T6414] loop2: detected capacity change from 0 to 32768 [ 152.631126][ T5941] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 153.338835][ T5941] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 153.392573][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.423551][ T5941] usb 1-1: Product: syz [ 153.435292][ T5941] usb 1-1: Manufacturer: syz [ 153.449010][ T5941] usb 1-1: SerialNumber: syz [ 153.580269][ T5834] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 153.715900][ T5941] usb 1-1: config 0 descriptor?? [ 153.809943][ T6427] 9pnet_virtio: no channels available for device syz [ 154.701940][ T5834] usb 3-1: Using ep0 maxpacket: 32 [ 154.719002][ T5834] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 154.837599][ T5834] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 154.863925][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 154.885922][ T5834] usb 3-1: Product: syz [ 154.937351][ T5834] usb 3-1: Manufacturer: syz [ 154.992761][ T5834] usb 3-1: SerialNumber: syz [ 155.063314][ T5834] usb 3-1: config 0 descriptor?? [ 155.079660][ T6423] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 155.793242][ T5834] usb 3-1: USB disconnect, device number 3 [ 155.909758][ T5941] usb-storage 1-1:0.0: USB Mass Storage device detected [ 156.937116][ T5941] usb 1-1: USB disconnect, device number 2 [ 158.316424][ T6445] trusted_key: encrypted_key: hex blob is missing [ 158.430284][ T6449] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[6449] [ 159.530407][ T6466] loop0: detected capacity change from 0 to 1764 [ 159.756237][ T6462] loop0: detected capacity change from 0 to 32768 [ 159.792677][ T6462] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.148 (6462) [ 159.822666][ T6462] BTRFS info (device loop0 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 159.835194][ T6462] BTRFS info (device loop0 state S): using crc32c (crc32c-lib) checksum algorithm [ 159.847744][ T6462] BTRFS info (device loop0 state S): using free-space-tree [ 160.029752][ T37] BTRFS warning (device loop0 state S): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0x3a96e814 level 0, ignored [ 160.424236][ T6462] BTRFS error (device loop0 state S): devid 1 uuid ffe9ff7f-0000-0000-0000-9003f3eadbc4 is missing [ 160.435393][ T6462] BTRFS error (device loop0 state S): failed to read chunk tree: -2 [ 160.593246][ T6462] BTRFS error (device loop0 state S): open_ctree failed: -2 [ 162.108530][ T6501] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 162.206561][ T6504] No control pipe specified [ 164.501024][ T6527] trusted_key: encrypted_key: hex blob is missing [ 164.540172][ T6527] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[6527] [ 165.201499][ T6532] loop1: detected capacity change from 0 to 1764 [ 166.422081][ T6535] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 170.190195][ T30] audit: type=1400 audit(1751481139.936:2): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=6564 comm="syz.4.173" [ 170.490222][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 170.643975][ T10] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 170.698373][ T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 170.750349][ T10] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 170.814349][ T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 170.854200][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.962641][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 171.019043][ T10] usb 5-1: invalid MIDI out EP 0 [ 171.817079][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 171.922908][ T10] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 172.176284][ T6584] syz.2.177: attempt to access beyond end of device [ 172.176284][ T6584] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 172.190148][ T6584] gfs2: error -5 reading superblock [ 172.693115][ T5931] usb 5-1: USB disconnect, device number 3 [ 172.943645][ T6593] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 173.041244][ T6593] syz.1.179: attempt to access beyond end of device [ 173.041244][ T6593] loop1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 173.337188][ T6591] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.345069][ T6591] batadv_slave_0: entered promiscuous mode [ 173.350950][ T6591] batadv_slave_0: entered allmulticast mode [ 177.619184][ T6622] affs: No valid root block on device nullb0 [ 178.554297][ T6634] trusted_key: encrypted_key: hex blob is missing [ 178.608720][ T6634] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[6634] [ 179.423258][ T6643] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.431097][ T6643] batadv_slave_0: entered promiscuous mode [ 179.436942][ T6643] batadv_slave_0: entered allmulticast mode [ 182.605222][ T6677] affs: No valid root block on device nullb0 [ 185.860380][ T6702] trusted_key: encrypted_key: hex blob is missing [ 185.895918][ T6702] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[6702] [ 186.476482][ T6706] loop0: detected capacity change from 0 to 512 [ 186.851612][ T6706] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.008473][ T6706] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 187.309254][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 187.329417][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 187.489164][ T6718] Invalid option length (506) for dns_resolver key [ 188.526816][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.369471][ T5844] Bluetooth: hci5: command 0x1003 tx timeout [ 189.380219][ T5839] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 190.850231][ T6754] trusted_key: encrypted_key: hex blob is missing [ 190.918065][ T6754] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[6754] [ 191.620308][ T978] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 191.985269][ T978] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 192.002563][ T978] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 192.060237][ T6762] IPVS: set_ctl: invalid protocol: 44 127.0.0.1:20000 [ 192.254986][ T978] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 192.264408][ T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 192.282672][ T978] usb 1-1: SerialNumber: syz [ 192.519088][ T978] usb 1-1: 0:2 : does not exist [ 192.534354][ T978] usb 1-1: unit 255 not found! [ 192.624713][ T978] usb 1-1: USB disconnect, device number 3 [ 192.715368][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 194.083185][ T6778] loop2: detected capacity change from 0 to 512 [ 194.166378][ T6778] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.206293][ T6778] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 194.384698][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.391101][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.573625][ T6785] Invalid option length (506) for dns_resolver key [ 196.105913][ T5846] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.611182][ T6805] trusted_key: encrypted_key: hex blob is missing [ 196.625791][ T6805] ptrace attach of "./syz-executor exec"[5827] was attempted by "./syz-executor exec"[6805] [ 203.899042][ T6853] trusted_key: encrypted_key: hex blob is missing [ 203.908236][ T6853] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[6853] [ 204.600615][ T6859] loop2: detected capacity change from 0 to 1764 [ 205.346198][ T6859] loop2: detected capacity change from 0 to 32768 [ 211.700255][ T5840] Bluetooth: hci4: link tx timeout [ 211.706254][ T5840] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 212.081981][ T5832] Bluetooth: hci1: command 0x0406 tx timeout [ 212.088066][ T5832] Bluetooth: hci2: command 0x0406 tx timeout [ 212.094603][ T5835] Bluetooth: hci0: command 0x0406 tx timeout [ 212.100681][ T5835] Bluetooth: hci3: command 0x0406 tx timeout [ 212.107297][ T5839] Bluetooth: hci4: link tx timeout [ 212.112763][ T5839] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 213.783327][ T6947] affs: No valid root block on device nullb0 [ 213.799051][ T5151] Bluetooth: hci4: command 0x0406 tx timeout [ 215.932412][ T6952] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 215.940426][ T6952] batadv_slave_0: entered promiscuous mode [ 215.946253][ T6952] batadv_slave_0: entered allmulticast mode [ 224.207075][ T7037] syz.3.293 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 224.255011][ T7037] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 224.739963][ T7040] binder_alloc: 7039: pid 7039 spamming oneway? 1 buffers allocated for a total size of 4096 [ 224.778330][ T7040] binder: 7039:7040 ioctl c0306201 0 returned -14 [ 226.761610][ T5840] Bluetooth: hci1: unexpected event for opcode 0x1003 [ 227.505122][ T7073] Cannot find add_set index 0 as target [ 228.331171][ T7079] binder_alloc: 7075: pid 7075 spamming oneway? 1 buffers allocated for a total size of 4096 [ 228.833383][ T7081] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 228.915904][ T7085] binder: 7075:7085 ioctl c0306201 0 returned -14 [ 230.849798][ T5840] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 230.876747][ T5840] Bluetooth: hci1: Injecting HCI hardware error event [ 230.892732][ T5840] Bluetooth: hci1: hardware error 0x00 [ 232.029672][ T7124] binder_alloc: 7122: pid 7122 spamming oneway? 1 buffers allocated for a total size of 4096 [ 232.263199][ T7132] fuse: Bad value for 'fd' [ 232.482701][ T5931] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 232.975482][ T5931] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.994807][ T5931] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 233.005024][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.032037][ T5931] usb 5-1: config 0 descriptor?? [ 233.340210][ T5840] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 233.498792][ T5931] ath6kl: Unsupported hardware version: 0x0 [ 233.510937][ T5931] ath6kl: Failed to init ath6kl core: -22 [ 233.530828][ T5931] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 235.148655][ T5885] usb 5-1: USB disconnect, device number 4 [ 235.204625][ T7161] binder_alloc: 7159: pid 7159 spamming oneway? 1 buffers allocated for a total size of 4096 [ 235.951432][ T7169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.338'. [ 235.964665][ T7169] openvswitch: netlink: nsh attr 801 is out of range max 3 [ 235.972555][ T7169] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 236.849349][ T7180] netlink: 'syz.1.339': attribute type 21 has an invalid length. [ 236.857245][ T7180] netlink: 128 bytes leftover after parsing attributes in process `syz.1.339'. [ 236.866847][ T7180] netlink: 35 bytes leftover after parsing attributes in process `syz.1.339'. [ 237.619135][ T7187] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 237.627398][ T7187] batadv_slave_0: entered promiscuous mode [ 237.634757][ T7187] batadv_slave_0: entered allmulticast mode [ 238.448920][ T7194] fuse: Bad value for 'fd' [ 238.957328][ T7199] binder_alloc: 7198: pid 7198 spamming oneway? 1 buffers allocated for a total size of 4096 [ 241.063235][ T5931] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 241.623272][ T5931] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 241.659017][ T5931] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 241.693560][ T5931] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.775390][ T5931] usb 2-1: config 0 descriptor?? [ 243.270177][ T7241] binder_alloc: 7240: pid 7240 spamming oneway? 1 buffers allocated for a total size of 4096 [ 243.399839][ T5931] ath6kl: Unsupported hardware version: 0x0 [ 243.410734][ T5931] ath6kl: Failed to init ath6kl core: -22 [ 243.417074][ T5931] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 244.361298][ T7249] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 244.476935][ T7253] loop2: detected capacity change from 0 to 256 [ 244.515929][ T7253] vfat: Unknown parameter 'shor†name' [ 244.703824][ T7253] random: crng reseeded on system resumption [ 244.871071][ T978] usb 2-1: USB disconnect, device number 3 [ 247.496272][ T7281] fuse: Bad value for 'fd' [ 248.884964][ T7289] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 250.360199][ T978] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 250.637724][ T978] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 250.651399][ T978] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 251.369980][ T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.381148][ T978] usb 1-1: config 0 descriptor?? [ 251.901646][ T978] ath6kl: Unsupported hardware version: 0x0 [ 251.910638][ T978] ath6kl: Failed to init ath6kl core: -22 [ 251.916979][ T978] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 252.667970][ T7321] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 253.212953][ T10] usb 1-1: USB disconnect, device number 4 [ 253.900581][ T7335] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 256.165415][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.171920][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.820326][ T978] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 258.001844][ T978] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 258.014248][ T978] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 258.042628][ T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.105162][ T978] usb 1-1: config 0 descriptor?? [ 258.847069][ T978] ath6kl: Unsupported hardware version: 0x0 [ 258.869852][ T978] ath6kl: Failed to init ath6kl core: -22 [ 258.897810][ T978] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 260.211394][ T24] usb 1-1: USB disconnect, device number 5 [ 263.993086][ T7421] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 264.641601][ T7426] TCP: TCP_TX_DELAY enabled [ 266.516972][ T7437] Cannot find del_set index 0 as target [ 267.440754][ T5941] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 268.041025][ T5941] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 268.051445][ T7450] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 268.545352][ T5941] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 268.600507][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.644472][ T5941] usb 3-1: config 0 descriptor?? [ 268.939014][ T7460] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 268.951406][ T7460] syz.3.431: attempt to access beyond end of device [ 268.951406][ T7460] loop3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 269.469470][ T5941] ath6kl: Unsupported hardware version: 0x0 [ 269.537092][ T5941] ath6kl: Failed to init ath6kl core: -22 [ 269.653681][ T5941] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 270.056344][ T7466] netlink: 8 bytes leftover after parsing attributes in process `syz.4.433'. [ 270.066355][ T7466] openvswitch: netlink: nsh attr 801 is out of range max 3 [ 270.073858][ T7466] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 271.076748][ T5921] usb 3-1: USB disconnect, device number 4 [ 272.231803][ T7483] Cannot find del_set index 0 as target [ 274.150266][ T5941] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 276.074240][ T7495] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 277.643347][ T7504] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 277.654043][ T7504] syz.1.445: attempt to access beyond end of device [ 277.654043][ T7504] loop1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 278.527475][ T7511] netlink: 88 bytes leftover after parsing attributes in process `syz.2.448'. [ 278.810487][ T978] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 278.996219][ T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 279.198497][ T978] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 279.402668][ T978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.631451][ T978] usb 2-1: config 0 descriptor?? [ 280.054274][ T7525] capability: warning: `syz.2.452' uses 32-bit capabilities (legacy support in use) [ 281.849871][ T978] ath6kl: Failed to read usb control message: -71 [ 281.886558][ T978] ath6kl: Unable to read the bmi data from the device: -71 [ 281.916362][ T7539] netlink: 8 bytes leftover after parsing attributes in process `syz.0.455'. [ 282.238337][ T978] ath6kl: Unable to recv target info: -71 [ 282.248100][ T7540] mmap: syz.3.456 (7540) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 282.287473][ T978] ath6kl: Failed to init ath6kl core: -71 [ 282.300728][ T978] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 282.340186][ T978] usb 2-1: USB disconnect, device number 4 [ 284.598798][ T7556] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 284.639436][ T7556] syz.4.460: attempt to access beyond end of device [ 284.639436][ T7556] loop4: rw=0, sector=0, nr_sectors = 2 limit=0 [ 286.055716][ T7558] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 286.063159][ T7558] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 286.097638][ T7558] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 286.131719][ T7558] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 286.190763][ T7558] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 286.210425][ T7558] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 286.273060][ T7558] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 286.291022][ T7558] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 286.495094][ T7570] syz.0.465: attempt to access beyond end of device [ 286.495094][ T7570] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 286.508810][ T7570] gfs2: error -5 reading superblock [ 288.129860][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 288.178326][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 288.328706][ T5151] Bluetooth: hci4: command 0x0406 tx timeout [ 288.342771][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 288.928197][ T978] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 289.102149][ T978] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 289.119422][ T978] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 289.135297][ T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.176585][ T978] usb 1-1: config 0 descriptor?? [ 289.897850][ T7597] trusted_key: encrypted_key: hex blob is missing [ 289.942252][ T7597] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[7597] [ 290.230221][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 290.236370][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 290.390434][ T5151] Bluetooth: hci4: command 0x0406 tx timeout [ 290.396650][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 291.910420][ T978] ath6kl: Failed to read usb control message: -110 [ 291.940220][ T978] ath6kl: Unable to read the bmi data from the device: -110 [ 292.810147][ T978] ath6kl: Unable to recv target info: -110 [ 292.821474][ T978] ath6kl: Failed to init ath6kl core: -110 [ 292.841555][ T978] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 293.280602][ T5921] usb 1-1: USB disconnect, device number 6 [ 293.504731][ T7611] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 293.513696][ T7611] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 293.529796][ T7611] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 293.550444][ T7611] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 295.103025][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 295.376942][ T7640] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 295.461110][ T7640] Failed to get privilege flags for destination (handle=0x2:0x4) [ 295.600344][ T5151] Bluetooth: hci3: command 0x0406 tx timeout [ 295.600455][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 295.606608][ T5840] Bluetooth: hci4: command 0x0406 tx timeout [ 296.942695][ C0] vkms_vblank_simulate: vblank timer overrun [ 297.603577][ T7655] affs: No valid root block on device nullb0 [ 297.922797][ T5989] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 298.644304][ T5989] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 298.680725][ T5989] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 298.690166][ T5989] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.802809][ T5989] usb 4-1: config 0 descriptor?? [ 299.906192][ T7677] syz.4.497: attempt to access beyond end of device [ 299.906192][ T7677] nbd4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 299.919592][ T7677] gfs2: error -5 reading superblock [ 301.389802][ T7686] netlink: 20 bytes leftover after parsing attributes in process `syz.2.498'. [ 301.406050][ T7686] vlan2: entered promiscuous mode [ 301.411237][ T7686] gretap0: entered promiscuous mode [ 301.831482][ T5989] ath6kl: Failed to read usb control message: -110 [ 301.955113][ T5989] ath6kl: Unable to read the bmi data from the device: -110 [ 302.246996][ T5989] ath6kl: Unable to recv target info: -110 [ 302.285205][ T5989] ath6kl: Failed to init ath6kl core: -110 [ 302.333890][ T5989] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 302.418997][ T5989] usb 4-1: USB disconnect, device number 5 [ 307.700150][ T5921] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 308.122898][ T5921] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 308.146540][ T5921] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 308.198294][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.199544][ T5921] usb 3-1: config 0 descriptor?? [ 309.986171][ T5921] ath6kl: Unsupported hardware version: 0x0 [ 310.085235][ T5921] ath6kl: Failed to init ath6kl core: -22 [ 310.813154][ T5921] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 310.981964][ T7755] netlink: 20 bytes leftover after parsing attributes in process `syz.4.521'. [ 310.996675][ T7755] vlan2: entered promiscuous mode [ 311.001833][ T7755] gretap0: entered promiscuous mode [ 312.740770][ T5885] usb 3-1: USB disconnect, device number 5 [ 313.887169][ T7783] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 315.185875][ T7793] loop3: detected capacity change from 0 to 1764 [ 315.872582][ T7793] loop3: detected capacity change from 0 to 32768 [ 317.380130][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.411665][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.314303][ T978] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 320.405483][ T7833] Unknown options in mask 5 [ 320.792033][ T978] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.819751][ T978] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 320.836522][ T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.865031][ T978] usb 4-1: config 0 descriptor?? [ 322.200368][ T978] ath6kl: Unsupported hardware version: 0x0 [ 322.213393][ T7849] loop4: detected capacity change from 0 to 1764 [ 322.224571][ T978] ath6kl: Failed to init ath6kl core: -22 [ 322.242062][ T978] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 322.874066][ T7849] loop4: detected capacity change from 0 to 32768 [ 323.084540][ T7856] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 323.093660][ T7856] batadv_slave_0: entered promiscuous mode [ 323.099698][ T7856] batadv_slave_0: entered allmulticast mode [ 323.844928][ T5921] usb 4-1: USB disconnect, device number 6 [ 325.150216][ T5921] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 325.868666][ T7882] Unknown options in mask 5 [ 326.329250][ T5921] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 326.369208][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.396076][ T5921] usb 4-1: Product: syz [ 326.416361][ T5921] usb 4-1: Manufacturer: syz [ 326.434969][ T5921] usb 4-1: SerialNumber: syz [ 326.914996][ T5921] usb 4-1: config 0 descriptor?? [ 326.967324][ T5921] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 327.669505][ T7899] loop0: detected capacity change from 0 to 1764 [ 327.912909][ T7899] loop0: detected capacity change from 0 to 32768 [ 330.179014][ T5941] usb 4-1: USB disconnect, device number 7 [ 330.251083][ T5989] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 330.523667][ T5989] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 330.545306][ T5989] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 330.579350][ T5989] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.626761][ T5989] usb 2-1: config 0 descriptor?? [ 331.802259][ T5989] ath6kl: Unsupported hardware version: 0x0 [ 331.826106][ T5989] ath6kl: Failed to init ath6kl core: -22 [ 331.836284][ T5989] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 332.092683][ T7930] Unknown options in mask 5 [ 332.705082][ T7933] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 332.727647][ T7933] syz.0.568: attempt to access beyond end of device [ 332.727647][ T7933] loop0: rw=0, sector=0, nr_sectors = 2 limit=0 [ 333.182536][ T978] usb 2-1: USB disconnect, device number 5 [ 337.612690][ T7985] Unknown options in mask 5 [ 339.760417][ T978] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 340.862479][ T978] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 340.909183][ T978] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 340.938569][ T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.973517][ T978] usb 5-1: config 0 descriptor?? [ 341.068839][ T8015] loop0: detected capacity change from 0 to 256 [ 341.105122][ T8015] vfat: Unknown parameter 'shor†name' [ 341.808759][ T8029] random: crng reseeded on system resumption [ 342.730253][ T978] ath6kl: Unsupported hardware version: 0x0 [ 342.906179][ T978] ath6kl: Failed to init ath6kl core: -22 [ 342.932738][ T978] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 343.184723][ T8036] netlink: 24 bytes leftover after parsing attributes in process `syz.3.590'. [ 343.953347][ T8034] Unknown options in mask 5 [ 344.569964][ T978] usb 5-1: USB disconnect, device number 6 [ 346.224206][ T8063] netlink: 8 bytes leftover after parsing attributes in process `syz.4.597'. [ 346.244201][ T8063] netlink: 36 bytes leftover after parsing attributes in process `syz.4.597'. [ 346.253235][ T8063] netlink: 36 bytes leftover after parsing attributes in process `syz.4.597'. [ 346.501064][ T8066] netlink: 'syz.4.597': attribute type 1 has an invalid length. [ 349.894285][ T8087] netlink: 8 bytes leftover after parsing attributes in process `syz.4.603'. [ 350.536519][ T8095] loop1: detected capacity change from 0 to 256 [ 350.576891][ T8095] vfat: Unknown parameter 'shor†name' [ 351.120416][ T8105] random: crng reseeded on system resumption [ 351.608150][ T8099] Unknown options in mask 5 [ 352.145962][ T5989] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 352.359062][ T5989] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.395361][ T5989] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 352.412264][ T5989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.767626][ T8118] loop0: detected capacity change from 0 to 2048 [ 353.672021][ T8118] UDF-fs: warning (device loop0): udf_fill_super: No fileset found [ 353.701281][ T5989] usb 3-1: config 0 descriptor?? [ 354.291972][ T5989] ath6kl: Unsupported hardware version: 0x0 [ 355.060242][ T5989] ath6kl: Failed to init ath6kl core: -22 [ 355.072391][ T5989] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 356.700791][ T5941] usb 3-1: USB disconnect, device number 6 [ 358.248855][ T8151] Unknown options in mask 5 [ 358.727569][ T8146] loop2: detected capacity change from 0 to 256 [ 358.772148][ T8146] vfat: Unknown parameter 'shor†name' [ 359.241156][ T8146] random: crng reseeded on system resumption [ 359.465987][ T8164] netlink: 24 bytes leftover after parsing attributes in process `syz.3.622'. [ 362.692061][ T5941] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 363.092443][ T5941] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 363.248752][ T5941] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 363.302678][ T5941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.376616][ T5941] usb 1-1: config 0 descriptor?? [ 364.510411][ T5941] ath6kl: Unsupported hardware version: 0x0 [ 364.540993][ T5941] ath6kl: Failed to init ath6kl core: -22 [ 364.581492][ T5941] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 364.781598][ T8203] Unknown options in mask 5 [ 365.503451][ T8209] affs: No valid root block on device nullb0 [ 366.948164][ T978] usb 1-1: USB disconnect, device number 7 [ 368.142454][ T8230] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 368.149601][ T8230] syz.1.639: attempt to access beyond end of device [ 368.149601][ T8230] loop1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 368.319258][ T8232] netlink: 112 bytes leftover after parsing attributes in process `syz.4.642'. [ 369.385157][ T8248] netlink: 8 bytes leftover after parsing attributes in process `syz.4.644'. [ 369.841387][ T8255] loop3: detected capacity change from 0 to 2048 [ 370.399455][ T8255] UDF-fs: warning (device loop3): udf_fill_super: No fileset found [ 370.518243][ T8259] Unknown options in mask 5 [ 371.252498][ T8271] affs: No valid root block on device nullb0 [ 372.782987][ T8287] netlink: 112 bytes leftover after parsing attributes in process `syz.0.654'. [ 374.898798][ T8312] Unknown options in mask 5 [ 375.797396][ T8319] netlink: 8 bytes leftover after parsing attributes in process `syz.4.661'. [ 377.905330][ T8342] affs: No valid root block on device nullb0 [ 378.712764][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.719452][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.708221][ T8348] delete_channel: no stack [ 381.511720][ T8368] Unknown options in mask 5 [ 383.034817][ T8381] netlink: 4 bytes leftover after parsing attributes in process `syz.2.675'. [ 385.590372][ T5931] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 386.522429][ T5931] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 386.548978][ T5931] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 387.166422][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.341733][ T5931] usb 5-1: config 0 descriptor?? [ 387.399452][ T5931] pwc: Askey VC010 type 2 USB webcam detected. [ 388.211630][ T5931] pwc: recv_control_msg error -32 req 02 val 2b00 [ 388.266547][ T8411] sctp: [Deprecated]: syz.4.686 (pid 8411) Use of int in max_burst socket option deprecated. [ 388.266547][ T8411] Use struct sctp_assoc_value instead [ 388.312532][ T5931] pwc: recv_control_msg error -32 req 02 val 2700 [ 388.412175][ T5931] pwc: recv_control_msg error -32 req 02 val 2c00 [ 388.659815][ T5931] pwc: recv_control_msg error -71 req 04 val 1300 [ 388.672360][ T5931] pwc: recv_control_msg error -71 req 04 val 1400 [ 388.684319][ T5931] pwc: recv_control_msg error -71 req 02 val 2000 [ 388.692045][ T5931] pwc: recv_control_msg error -71 req 02 val 2100 [ 388.700384][ T5931] pwc: recv_control_msg error -71 req 04 val 1500 [ 388.724775][ T5931] pwc: recv_control_msg error -71 req 02 val 2500 [ 388.757718][ T5931] pwc: recv_control_msg error -71 req 02 val 2400 [ 388.766200][ T5931] pwc: recv_control_msg error -71 req 02 val 2600 [ 388.774493][ T5931] pwc: recv_control_msg error -71 req 02 val 2900 [ 388.784048][ T5931] pwc: recv_control_msg error -71 req 02 val 2800 [ 388.793481][ T5931] pwc: recv_control_msg error -71 req 04 val 1100 [ 388.802581][ T5931] pwc: recv_control_msg error -71 req 04 val 1200 [ 388.824787][ T5931] pwc: Registered as video103. [ 388.895740][ T5931] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input11 [ 389.073204][ T5931] usb 5-1: USB disconnect, device number 7 [ 392.030497][ T8454] syzkaller0: entered promiscuous mode [ 392.036033][ T8454] syzkaller0: entered allmulticast mode [ 394.473714][ T8471] Failed to get privilege flags for destination (handle=0x2:0x4) [ 398.293300][ T8500] netlink: 8 bytes leftover after parsing attributes in process `syz.0.709'. [ 398.304407][ T8500] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 398.312410][ T8500] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 402.881751][ T30] audit: type=1326 audit(1751481372.646:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f905898e929 code=0x7ffc0000 [ 403.421749][ T30] audit: type=1326 audit(1751481372.676:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f905898e929 code=0x7ffc0000 [ 403.432802][ T5921] IPVS: starting estimator thread 0... [ 403.570261][ T8531] IPVS: using max 26 ests per chain, 62400 per kthread [ 404.372640][ T30] audit: type=1326 audit(1751481372.676:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f905898e929 code=0x7ffc0000 [ 404.530118][ T30] audit: type=1326 audit(1751481372.676:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f905898e929 code=0x7ffc0000 [ 404.575861][ T30] audit: type=1326 audit(1751481372.696:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f905898e929 code=0x7ffc0000 [ 404.735490][ T30] audit: type=1326 audit(1751481372.696:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f905898e929 code=0x7ffc0000 [ 404.988460][ T30] audit: type=1326 audit(1751481372.696:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f905898e929 code=0x7ffc0000 [ 405.218127][ T30] audit: type=1326 audit(1751481372.696:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f905898e929 code=0x7ffc0000 [ 405.513294][ T30] audit: type=1326 audit(1751481372.696:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f905898e929 code=0x7ffc0000 [ 405.645795][ T30] audit: type=1326 audit(1751481372.696:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f905898e929 code=0x7ffc0000 [ 411.340409][ T5921] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 411.810982][ T5885] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 412.085635][ T5885] usb 5-1: Using ep0 maxpacket: 16 [ 412.093159][ T5885] usb 5-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 412.105483][ T5885] usb 5-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 412.126375][ T5885] usb 5-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 412.148249][ T5885] usb 5-1: config 0 interface 0 has no altsetting 0 [ 412.155352][ T5885] usb 5-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00 [ 412.164957][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.487528][ T5885] usb 5-1: config 0 descriptor?? [ 413.377429][ T5885] usbhid 5-1:0.0: can't add hid device: -71 [ 414.181734][ T5885] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 414.282725][ T5885] usb 5-1: USB disconnect, device number 8 [ 421.188387][ T5921] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 421.317975][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 421.609739][ T10] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 424.191243][ T5941] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 424.955200][ T5941] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 424.987943][ T5941] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 425.023527][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.071528][ T5941] usb 3-1: config 0 descriptor?? [ 425.137424][ T8723] loop1: detected capacity change from 0 to 256 [ 425.175123][ T8723] vfat: Unknown parameter 'shor†name' [ 425.597892][ T8730] netlink: 8 bytes leftover after parsing attributes in process `syz.4.767'. [ 425.608903][ T8730] openvswitch: netlink: nsh attr 801 is out of range max 3 [ 425.616811][ T8730] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 426.245011][ T5941] ath6kl: Unsupported hardware version: 0x0 [ 426.254175][ T8729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.768'. [ 426.270416][ T5941] ath6kl: Failed to init ath6kl core: -22 [ 426.372076][ T8732] random: crng reseeded on system resumption [ 426.504908][ T6016] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 426.528276][ T5941] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 427.867368][ T8742] loop3: detected capacity change from 0 to 2048 [ 428.014973][ T8742] UDF-fs: warning (device loop3): udf_fill_super: No fileset found [ 428.053106][ T5885] usb 3-1: USB disconnect, device number 7 [ 430.689407][ T8783] loop3: detected capacity change from 0 to 256 [ 430.766551][ T8783] vfat: Unknown parameter 'shor†name' [ 431.220359][ T8788] random: crng reseeded on system resumption [ 432.070946][ T8795] loop4: detected capacity change from 0 to 2048 [ 432.578055][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 432.598058][ T8795] UDF-fs: warning (device loop4): udf_fill_super: No fileset found [ 432.654178][ T8794] netlink: 20 bytes leftover after parsing attributes in process `syz.3.786'. [ 433.321770][ T8804] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 437.671500][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 437.983646][ T8849] netlink: 20 bytes leftover after parsing attributes in process `syz.4.801'. [ 440.180599][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.186950][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.780787][ T978] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 443.202061][ T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 443.364970][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 444.250095][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 444.460366][ T24] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 444.641030][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.721059][ T24] usb 1-1: config 0 descriptor?? [ 444.776121][ T24] as10x_usb: device has been detected [ 444.830347][ T24] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 445.925688][ T24] usb 1-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 446.347903][ T24] as10x_usb: error during firmware upload part1 [ 446.359393][ T8901] netlink: 20 bytes leftover after parsing attributes in process `syz.2.814'. [ 446.382860][ T24] Registered device nBox DVB-T Dongle [ 446.900491][ T24] usb 1-1: USB disconnect, device number 8 [ 449.027096][ T24] Unregistered device nBox DVB-T Dongle [ 449.058505][ T24] as10x_usb: device has been disconnected [ 449.387637][ T6949] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 451.936838][ T5941] IPVS: starting estimator thread 0... [ 452.017929][ T8950] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 452.201416][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 452.380430][ T8949] IPVS: using max 24 ests per chain, 57600 per kthread [ 452.826461][ T8955] netlink: 20 bytes leftover after parsing attributes in process `syz.2.827'. [ 454.420367][ T5921] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 454.534352][ T8968] netlink: 8 bytes leftover after parsing attributes in process `syz.0.830'. [ 454.544083][ T8968] openvswitch: netlink: nsh attr 801 is out of range max 3 [ 454.551561][ T8968] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 455.252139][ T5921] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 456.102070][ T5921] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 456.120462][ T5921] usb 5-1: config 0 has no interface number 0 [ 456.126627][ T5921] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 456.138712][ T5921] usb 5-1: config 0 interface 113 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 456.155216][ T5921] usb 5-1: config 0 interface 113 has no altsetting 0 [ 456.172156][ T3511] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 456.265145][ T5921] usb 5-1: string descriptor 0 read error: -71 [ 456.738456][ T5921] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 456.773163][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.841315][ T5921] usb 5-1: config 0 descriptor?? [ 456.886688][ T5921] usb 5-1: can't set config #0, error -71 [ 456.940096][ T5921] usb 5-1: USB disconnect, device number 9 [ 457.290269][ T8983] netlink: 112 bytes leftover after parsing attributes in process `syz.4.835'. [ 458.022513][ T8987] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 460.151190][ T5898] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 461.660886][ T9006] loop1: detected capacity change from 0 to 2048 [ 461.672437][ T9006] UDF-fs: warning (device loop1): udf_fill_super: No fileset found [ 461.914058][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 462.045697][ T9017] overlayfs: failed to resolve './file0': -2 [ 463.420056][ T9028] netlink: 112 bytes leftover after parsing attributes in process `syz.4.848'. [ 465.340037][ T6949] Bluetooth: hci5: Frame reassembly failed (-84) [ 465.407873][ T9029] netlink: 20 bytes leftover after parsing attributes in process `syz.2.847'. [ 467.341142][ T5844] Bluetooth: hci5: command 0x1003 tx timeout [ 467.470347][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 468.060720][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 468.112279][ T9060] netlink: 4 bytes leftover after parsing attributes in process `syz.3.856'. [ 471.919058][ T9081] netlink: 112 bytes leftover after parsing attributes in process `syz.1.862'. [ 473.185461][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 475.043811][ T5898] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 475.175047][ T44] libceph: connect (1)[c::]:6789 error -101 [ 475.185401][ T44] libceph: mon0 (1)[c::]:6789 connect error [ 475.280151][ T5898] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 475.465059][ T44] libceph: connect (1)[c::]:6789 error -101 [ 475.471731][ T5898] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 475.489747][ T44] libceph: mon0 (1)[c::]:6789 connect error [ 475.526235][ T5898] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 475.538555][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.597174][ T9107] ceph: No mds server is up or the cluster is laggy [ 475.807090][ T9103] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 475.824553][ T5898] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 476.638842][ T24] libceph: connect (1)[c::]:6789 error -101 [ 476.646181][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 476.782002][ T5844] Bluetooth: hci5: command 0x1003 tx timeout [ 476.788762][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 477.073581][ T5898] usb 3-1: USB disconnect, device number 8 [ 478.131398][ T9126] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 478.138817][ T9126] syz.1.875: attempt to access beyond end of device [ 478.138817][ T9126] loop1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 478.793030][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 479.190792][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 483.112922][ T9177] omfs: Invalid superblock (0) [ 484.842745][ T6949] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 484.941871][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 486.001811][ T9201] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 486.054692][ T9201] syz.3.892: attempt to access beyond end of device [ 486.054692][ T9201] loop3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 487.680068][ T5921] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 488.424775][ T9226] Bluetooth: MGMT ver 1.23 [ 488.429707][ T9226] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes [ 488.490104][ T5921] usb 3-1: Using ep0 maxpacket: 8 [ 488.748120][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 488.790492][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 2, skipping [ 489.038166][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 489.550700][ T5921] usb 3-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 489.559829][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.676559][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 489.676579][ T30] audit: type=1804 audit(1751481459.436:26): pid=9240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.902" name="/newroot/188/bus/file1" dev="overlay" ino=1020 res=1 errno=0 [ 489.725098][ T9240] evm: overlay not supported [ 489.905673][ T5921] usb 3-1: Product: syz [ 489.909908][ T5921] usb 3-1: Manufacturer: syz [ 489.914661][ T5921] usb 3-1: SerialNumber: syz [ 489.932380][ T5921] usb 3-1: config 0 descriptor?? [ 489.940552][ T5921] usb 3-1: can't set config #0, error -71 [ 489.965374][ T5921] usb 3-1: USB disconnect, device number 9 [ 489.980630][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 490.183429][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 491.886348][ T9271] tipc: Started in network mode [ 491.929517][ T9271] tipc: Node identity f608ed036ee1, cluster identity 4711 [ 492.147124][ T9271] tipc: Enabled bearer , priority 0 [ 492.585263][ T9271] tipc: Resetting bearer [ 493.016668][ T9270] tipc: Disabling bearer [ 495.963835][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 495.964397][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 497.115157][ T9317] netlink: 8 bytes leftover after parsing attributes in process `syz.4.921'. [ 497.124835][ T9317] openvswitch: netlink: nsh attr 801 is out of range max 3 [ 497.132333][ T9317] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 500.328478][ T9337] tipc: Started in network mode [ 500.342523][ T9337] tipc: Node identity 12633938078c, cluster identity 4711 [ 500.361817][ T9337] tipc: Enabled bearer , priority 0 [ 500.411009][ T5905] libceph: connect (1)[c::]:6789 error -101 [ 500.420232][ T5905] libceph: mon0 (1)[c::]:6789 connect error [ 500.499136][ T9339] ceph: No mds server is up or the cluster is laggy [ 500.859909][ T5905] libceph: connect (1)[c::]:6789 error -101 [ 500.874699][ T5905] libceph: mon0 (1)[c::]:6789 connect error [ 500.895913][ T9344] tipc: Resetting bearer [ 501.053535][ T9336] tipc: Disabling bearer [ 501.587983][ T6016] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 501.601002][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.013402][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.221707][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 503.254657][ T9362] openvswitch: netlink: Flow key attr not present in new flow. [ 503.602404][ T9365] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 504.664706][ T9370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.935'. [ 504.675613][ T9370] openvswitch: netlink: nsh attr 801 is out of range max 3 [ 504.683314][ T9370] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 506.745263][ T978] libceph: connect (1)[c::]:6789 error -101 [ 506.752952][ T978] libceph: mon0 (1)[c::]:6789 connect error [ 507.010851][ T5905] libceph: connect (1)[c::]:6789 error -101 [ 507.077990][ T5905] libceph: mon0 (1)[c::]:6789 connect error [ 507.620136][ T6321] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 507.756719][ T5921] libceph: connect (1)[c::]:6789 error -101 [ 507.982597][ T6016] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 508.146860][ T5921] libceph: mon0 (1)[c::]:6789 connect error [ 508.425548][ T9379] ceph: No mds server is up or the cluster is laggy [ 512.066421][ T9425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.946'. [ 512.076154][ T9425] openvswitch: netlink: nsh attr 801 is out of range max 3 [ 512.083638][ T9425] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 512.833494][ T9427] netlink: 12 bytes leftover after parsing attributes in process `syz.4.948'. [ 513.796231][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 513.801163][ T6949] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 514.407828][ T9444] netlink: 4 bytes leftover after parsing attributes in process `syz.0.951'. [ 515.925099][ T978] libceph: connect (1)[c::]:6789 error -101 [ 515.979411][ T978] libceph: mon0 (1)[c::]:6789 connect error [ 516.073272][ T9450] ceph: No mds server is up or the cluster is laggy [ 516.360365][ T978] libceph: connect (1)[c::]:6789 error -101 [ 516.403697][ T978] libceph: mon0 (1)[c::]:6789 connect error [ 516.921560][ T978] libceph: connect (1)[c::]:6789 error -101 [ 516.939484][ T978] libceph: mon0 (1)[c::]:6789 connect error [ 518.973849][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 519.392892][ T9488] (unnamed net_device) (uninitialized): down delay (7) is not a multiple of miimon (3), value rounded to 6 ms [ 519.678172][ T3511] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 519.934253][ T9488] 8021q: adding VLAN 0 to HW filter on device bond1 [ 520.789225][ T9495] Failed to get privilege flags for destination (handle=0x2:0x4) [ 523.181732][ T9512] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 524.621464][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 525.297535][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 525.821278][ T9541] netlink: 'syz.4.979': attribute type 20 has an invalid length. [ 525.932882][ T9541] loop4: detected capacity change from 0 to 2048 [ 526.485579][ T9541] UDF-fs: warning (device loop4): udf_fill_super: No fileset found [ 527.730601][ T5905] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 527.967554][ T5905] usb 3-1: Using ep0 maxpacket: 16 [ 528.069906][ T5905] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 528.133640][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 528.170273][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 528.194320][ T5905] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 528.230318][ T5905] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 528.362865][ T5905] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 528.764270][ T5905] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 528.773020][ T5905] usb 3-1: Manufacturer: syz [ 528.784972][ T5905] usb 3-1: config 0 descriptor?? [ 529.102915][ T5840] Bluetooth: hci3: unexpected event for opcode 0x202f [ 529.140909][ T5905] rc_core: IR keymap rc-hauppauge not found [ 529.146895][ T5905] Registered IR keymap rc-empty [ 529.152695][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.190553][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.224941][ T5905] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 529.240273][ T5905] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input12 [ 529.260458][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.320282][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.342066][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.380460][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.409987][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.432374][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.461813][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.504769][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.556829][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.593093][ T5905] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 529.628683][ T5905] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 529.701113][ T5905] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 529.740839][ T3511] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 529.765559][ T5905] usb 3-1: USB disconnect, device number 10 [ 530.715543][ T9585] Failed to get privilege flags for destination (handle=0x2:0x4) [ 530.975142][ T9586] fuse: Bad value for 'fd' [ 531.023151][ T6016] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 532.645100][ T5840] Bluetooth: hci0: unexpected event for opcode 0x202f [ 533.333187][ T9617] fuse: Bad value for 'rootmode' [ 535.631580][ T9627] Failed to get privilege flags for destination (handle=0x2:0x4) [ 536.787412][ T6016] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 537.125453][ T5840] Bluetooth: hci4: unexpected event for opcode 0x202f [ 539.349737][ T9666] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1020'. [ 539.367816][ T59] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 539.409895][ T9672] Failed to get privilege flags for destination (handle=0x2:0x4) [ 541.970155][ T3511] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 545.822936][ T6321] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 547.308805][ T9716] Failed to get privilege flags for destination (handle=0x2:0x4) [ 547.383663][ T9719] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1036'. [ 547.420307][ T9717] tipc: Started in network mode [ 547.438214][ T9717] tipc: Node identity 56bc1c9265c1, cluster identity 4711 [ 547.470771][ T9717] tipc: Enabled bearer , priority 0 [ 547.532891][ T9717] syzkaller0: entered promiscuous mode [ 547.565463][ T9717] syzkaller0: entered allmulticast mode [ 547.661973][ T9589] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 547.790104][ T9717] tipc: Resetting bearer [ 548.472024][ T978] tipc: Node number set to 863837330 [ 548.650412][ T9715] tipc: Resetting bearer [ 549.798709][ T9715] tipc: Disabling bearer [ 552.035403][ T1101] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 552.841212][ T9754] overlayfs: failed to resolve './file1': -2 [ 553.494110][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 559.215938][ T59] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 559.970189][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 560.412960][ T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 560.882758][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 560.904015][ T24] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 560.939535][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.977797][ T24] usb 3-1: Product: syz [ 560.988447][ T24] usb 3-1: Manufacturer: syz [ 561.007512][ T24] usb 3-1: SerialNumber: syz [ 562.218955][ T24] usb 3-1: config 0 descriptor?? [ 564.087123][ T9816] overlayfs: failed to resolve './file1': -2 [ 565.331490][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 565.337907][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.667864][ T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 566.592618][ T24] usb 3-1: can't set config #0, error -71 [ 566.653334][ T24] usb 3-1: USB disconnect, device number 11 [ 566.662615][ T59] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 571.607165][ T9589] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 571.989308][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 577.125000][ T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 577.136266][ T9589] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 577.178448][ T9885] ALSA: mixer_oss: invalid OSS volume 'ÿÿÿÿÿÿÿÿ' [ 580.174206][ T9900] xt_bpf: check failed: parse error [ 581.381299][ T9916] omfs: Invalid superblock (0) [ 582.404664][ T6016] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 582.430368][ T6016] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 587.614142][ T9958] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 587.981100][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 587.983914][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 588.178521][ T9963] omfs: Invalid superblock (0) [ 591.000086][ T44] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 591.037386][ T9982] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1103'. [ 591.046689][ T9982] openvswitch: netlink: nsh attr 801 is out of range max 3 [ 591.053956][ T9982] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 591.247446][ T9984] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1105'. [ 591.360016][ T44] usb 1-1: Using ep0 maxpacket: 16 [ 591.368400][ T44] usb 1-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 591.394739][ T44] usb 1-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 591.435829][ T44] usb 1-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 591.491200][ T44] usb 1-1: config 0 interface 0 has no altsetting 0 [ 591.513329][ T44] usb 1-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00 [ 591.543516][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.561758][ T44] usb 1-1: config 0 descriptor?? [ 592.445786][ T44] usbhid 1-1:0.0: can't add hid device: -71 [ 592.614066][ T44] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 592.677267][ T44] usb 1-1: USB disconnect, device number 9 [ 592.733881][ T9997] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 592.786140][ T9997] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 592.806089][ T9997] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 592.933692][T10010] omfs: Invalid superblock (0) [ 593.396487][ T9997] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 593.782451][ T59] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 594.066694][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 594.860571][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 594.866729][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 595.529779][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 596.136991][T10031] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1118'. [ 597.910369][T10039] affs: No valid root block on device nullb0 [ 599.608580][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 601.864025][T10074] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1131'. [ 604.911005][ T1101] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 605.530285][ T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 605.764749][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.874313][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.945303][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 606.020520][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 606.029626][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.066870][ T24] usb 5-1: config 0 descriptor?? [ 608.002265][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 608.651652][T10118] loop2: detected capacity change from 0 to 2048 [ 609.204797][T10118] UDF-fs: warning (device loop2): udf_fill_super: No fileset found [ 609.458113][ T24] usbhid 5-1:0.0: can't add hid device: -71 [ 609.470061][ T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 609.578899][ T24] usb 5-1: USB disconnect, device number 10 [ 610.825560][ T1101] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 613.584767][ T59] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 616.567907][T10168] loop0: detected capacity change from 0 to 2048 [ 616.592734][T10168] UDF-fs: warning (device loop0): udf_fill_super: No fileset found [ 617.510448][ T59] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 619.206644][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 622.950324][T10215] loop2: detected capacity change from 0 to 2048 [ 623.010701][T10215] UDF-fs: warning (device loop2): udf_fill_super: No fileset found [ 623.513769][ T59] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 624.476029][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.482604][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.870160][ T5941] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 625.712942][ T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 625.926127][ T5941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 625.947423][ T5941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 626.110816][ T5941] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 626.489373][ T5941] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 626.572537][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.655554][ T5941] usb 5-1: config 0 descriptor?? [ 627.756242][T10225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 628.044037][T10225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 628.116034][T10225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 628.251458][T10225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 628.715189][ T5941] usbhid 5-1:0.0: can't add hid device: -71 [ 628.879626][ T5941] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 629.162508][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 629.310822][ T5941] usb 5-1: USB disconnect, device number 11 [ 631.609563][ T1101] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 633.721496][T10276] overlayfs: missing 'lowerdir' [ 635.066890][ T9589] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 637.722671][ T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 641.095265][T10324] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 641.102885][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 641.140145][T10324] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 641.148537][T10324] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 641.158188][T10324] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 641.166838][T10324] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 641.714904][T10328] affs: No valid root block on device nullb0 [ 641.809429][ T1101] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 642.231165][T10335] overlayfs: missing 'workdir' [ 642.975609][ T1101] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.048676][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 643.300054][ T5844] Bluetooth: hci0: command tx timeout [ 644.249044][T10342] omfs: Invalid superblock (0) [ 644.262371][ T1101] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.507757][ T5844] Bluetooth: hci0: command tx timeout [ 646.279945][ T1101] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.065438][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 647.606352][ T5844] Bluetooth: hci0: command tx timeout [ 647.789365][T10383] Failed to get privilege flags for destination (handle=0x2:0x4) [ 648.554405][T10322] chnl_net:caif_netlink_parms(): no params data found [ 648.783302][ T6321] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 649.000545][ T1101] bridge_slave_1: left allmulticast mode [ 649.006955][ T1101] bridge_slave_1: left promiscuous mode [ 649.049095][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.544651][T10402] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1217'. [ 649.692587][ T5844] Bluetooth: hci0: command tx timeout [ 651.699751][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 651.749462][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 651.785252][ T1101] bond0 (unregistering): Released all slaves [ 651.899242][T10426] affs: No valid root block on device nullb0 [ 652.001254][T10322] bridge0: port 1(bridge_slave_0) entered blocking state [ 652.045314][T10322] bridge0: port 1(bridge_slave_0) entered disabled state [ 652.078905][T10322] bridge_slave_0: entered allmulticast mode [ 652.088177][T10322] bridge_slave_0: entered promiscuous mode [ 652.098623][ T1101] tipc: Left network mode [ 652.098829][T10322] bridge0: port 2(bridge_slave_1) entered blocking state [ 652.110758][T10322] bridge0: port 2(bridge_slave_1) entered disabled state [ 652.118154][T10322] bridge_slave_1: entered allmulticast mode [ 652.136367][T10322] bridge_slave_1: entered promiscuous mode [ 652.736843][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 652.755900][T10322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 652.959494][T10322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 653.256785][T10322] team0: Port device team_slave_0 added [ 653.921634][ T1101] hsr_slave_0: left promiscuous mode [ 654.052131][ T1101] hsr_slave_1: left promiscuous mode [ 654.078516][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 654.125040][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 654.161320][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 654.273624][ T1101] veth1_macvtap: left promiscuous mode [ 654.279495][ T1101] veth0_macvtap: left promiscuous mode [ 654.314087][ T1101] veth1_vlan: left promiscuous mode [ 654.333652][ T1101] veth0_vlan: left promiscuous mode [ 654.541872][ T6321] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 654.664351][T10465] Cannot find del_set index 0 as target [ 656.106509][T10474] No control pipe specified [ 656.154868][T10475] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1233'. [ 657.415145][T10484] affs: No valid root block on device nullb0 [ 657.975367][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 659.383277][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 659.427146][ T1101] team0 (unregistering): Port device team_slave_0 removed [ 659.786013][T10322] team0: Port device team_slave_1 added [ 660.115834][T10322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 660.125570][T10322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.168102][T10322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 660.894680][T10322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 661.078764][T10504] Cannot find del_set index 0 as target [ 661.099048][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 661.118771][T10322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 661.146766][T10322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 661.554050][T10322] hsr_slave_0: entered promiscuous mode [ 661.563065][T10322] hsr_slave_1: entered promiscuous mode [ 661.578590][T10322] debugfs: 'hsr0' already exists in 'hsr' [ 662.435320][T10322] Cannot create hsr debugfs directory [ 663.500691][ T6949] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 664.349336][T10535] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1247'. [ 665.740999][T10549] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 665.748715][T10549] syz.2.1249: attempt to access beyond end of device [ 665.748715][T10549] loop2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 665.926607][T10550] syzkaller0: entered promiscuous mode [ 665.932539][T10550] syzkaller0: entered allmulticast mode [ 666.051257][T10546] tipc: Enabled bearer , priority 0 [ 666.139409][T10550] tipc: Resetting bearer [ 666.298987][T10541] tipc: Resetting bearer [ 666.357847][T10541] tipc: Disabling bearer [ 666.706535][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 666.940049][T10568] fuse: Bad value for 'rootmode' [ 667.313703][T10322] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 669.156312][T10583] affs: No valid root block on device nullb0 [ 669.204994][T10322] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 669.260815][ T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 669.273902][T10322] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 669.547516][T10591] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1257'. [ 669.635160][T10322] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 669.811930][T10601] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1258'. [ 671.631428][T10622] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1260'. [ 671.640540][T10622] openvswitch: netlink: nsh attr 801 is out of range max 3 [ 671.647833][T10622] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 672.438437][T10322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 672.466994][ T37] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 672.603771][T10322] 8021q: adding VLAN 0 to HW filter on device team0 [ 672.667705][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.674958][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 672.706912][ T1101] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.715311][ T1101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 673.844947][T10322] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 673.874722][T10322] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 675.021294][ T6949] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 675.170755][T10322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 675.656955][T10672] syzkaller0: tun_chr_ioctl cmd 1074025672 [ 675.665952][T10672] syzkaller0: ignored: set checksum disabled [ 678.224641][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 678.406790][T10322] veth0_vlan: entered promiscuous mode [ 679.471720][T10322] veth1_vlan: entered promiscuous mode [ 679.549574][T10322] veth0_macvtap: entered promiscuous mode [ 679.632652][T10322] veth1_macvtap: entered promiscuous mode [ 679.714963][T10322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 679.862781][T10322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 679.883953][ T59] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.927516][ T59] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.054846][ T59] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.086036][ T59] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.786382][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 681.714739][ T6949] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 681.749966][ T6949] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 681.953332][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 682.074264][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 684.717868][ T6320] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 685.769963][T10770] hsr0: entered promiscuous mode [ 685.790846][T10770] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1294'. [ 685.814062][T10770] hsr_slave_0: left promiscuous mode [ 685.819519][ C0] ================================================================== [ 685.819538][ C0] BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0 [ 685.819566][ C0] Write of size 8 at addr ffff8880726d1f80 by task syz.5.1294/10770 [ 685.819584][ C0] [ 685.819602][ C0] CPU: 0 UID: 0 PID: 10770 Comm: syz.5.1294 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 685.819626][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 685.819641][ C0] Call Trace: [ 685.819649][ C0] [ 685.819657][ C0] dump_stack_lvl+0x189/0x250 [ 685.819687][ C0] ? __virt_addr_valid+0x1c8/0x5c0 [ 685.819703][ C0] ? rcu_is_watching+0x15/0xb0 [ 685.819729][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 685.819756][ C0] ? rcu_is_watching+0x15/0xb0 [ 685.819780][ C0] ? lock_release+0x4b/0x3e0 [ 685.819805][ C0] ? __virt_addr_valid+0x1c8/0x5c0 [ 685.819821][ C0] ? __virt_addr_valid+0x4a5/0x5c0 [ 685.819839][ C0] print_report+0xd2/0x2b0 [ 685.819869][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 685.819885][ C0] kasan_report+0x118/0x150 [ 685.819903][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 685.819925][ C0] kasan_check_range+0x2b0/0x2c0 [ 685.819943][ C0] flush_tlb_func+0x23d/0x6c0 [ 685.819965][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 685.819983][ C0] ? sched_clock_cpu+0x74/0x430 [ 685.820009][ C0] ? rcu_is_watching+0x15/0xb0 [ 685.820033][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 685.820052][ C0] __flush_smp_call_function_queue+0x370/0xaa0 [ 685.820079][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 685.820099][ C0] __sysvec_call_function_single+0xa8/0x3d0 [ 685.820122][ C0] sysvec_call_function_single+0x9e/0xc0 [ 685.820158][ C0] [ 685.820164][ C0] [ 685.820172][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 685.820199][ C0] RIP: 0010:console_flush_all+0x7f7/0xc40 [ 685.820219][ C0] Code: 48 21 c3 0f 85 e9 01 00 00 e8 b5 36 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 a6 36 1f 00 eb 06 e8 9f 36 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 0a 4a 83 00 48 8b 1b 48 8b 44 24 [ 685.820235][ C0] RSP: 0000:ffffc9000bd36aa0 EFLAGS: 00000283 [ 685.820261][ C0] RAX: 1ffffffff1d36b7b RBX: ffffffff8e9b5bd8 RCX: 0000000000080000 [ 685.820276][ C0] RDX: ffffc9001cf37000 RSI: 0000000000003c4b RDI: 0000000000003c4c [ 685.820289][ C0] RBP: ffffc9000bd36bf0 R08: ffffffff8fa17c37 R09: 1ffffffff1f42f86 [ 685.820303][ C0] R10: dffffc0000000000 R11: fffffbfff1f42f87 R12: dffffc0000000000 [ 685.820317][ C0] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8e9b5b80 [ 685.820343][ C0] ? console_flush_all+0x13a/0xc40 [ 685.820365][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 685.820389][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 685.820412][ C0] console_unlock+0xc4/0x270 [ 685.820441][ C0] ? __pfx_console_unlock+0x10/0x10 [ 685.820471][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 685.820494][ C0] vprintk_emit+0x5b7/0x7a0 [ 685.820523][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 685.820561][ C0] _printk+0xcf/0x120 [ 685.820584][ C0] ? __pfx__printk+0x10/0x10 [ 685.820605][ C0] ? __netdev_printk+0x1a6/0x4d0 [ 685.820633][ C0] ? __netdev_printk+0x365/0x4d0 [ 685.820662][ C0] netdev_info+0x10a/0x160 [ 685.820687][ C0] ? __pfx_netdev_info+0x10/0x10 [ 685.820713][ C0] ? kasan_check_range+0x9f/0x2c0 [ 685.820736][ C0] __dev_set_promiscuity+0x307/0x740 [ 685.820763][ C0] netif_set_promiscuity+0x50/0xe0 [ 685.820786][ C0] dev_set_promiscuity+0x126/0x260 [ 685.820811][ C0] hsr_del_port+0x260/0x300 [ 685.820841][ C0] hsr_del_ports+0x31/0xc0 [ 685.820866][ C0] hsr_dellink+0x5b/0x90 [ 685.820892][ C0] ? __pfx_hsr_dellink+0x10/0x10 [ 685.820917][ C0] rtnl_dellink+0x474/0x710 [ 685.820940][ C0] ? __pfx_rtnl_dellink+0x10/0x10 [ 685.820963][ C0] ? preempt_schedule+0xae/0xc0 [ 685.820989][ C0] ? __dev_queue_xmit+0x27e/0x3a70 [ 685.821015][ C0] ? preempt_schedule_common+0x83/0xd0 [ 685.821043][ C0] ? preempt_schedule+0xae/0xc0 [ 685.821106][ C0] ? __pfx_rtnl_dellink+0x10/0x10 [ 685.821124][ C0] rtnetlink_rcv_msg+0x7cf/0xb70 [ 685.821152][ C0] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 685.821170][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 685.821192][ C0] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 685.821218][ C0] netlink_rcv_skb+0x208/0x470 [ 685.821236][ C0] ? rcu_is_watching+0x15/0xb0 [ 685.821261][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 685.821280][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 685.821306][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 685.821328][ C0] netlink_unicast+0x75b/0x8d0 [ 685.821362][ C0] netlink_sendmsg+0x805/0xb30 [ 685.821386][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 685.821407][ C0] ? aa_sock_msg_perm+0xf1/0x1d0 [ 685.821434][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 685.821456][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 685.821475][ C0] __sock_sendmsg+0x219/0x270 [ 685.821504][ C0] ____sys_sendmsg+0x505/0x830 [ 685.821531][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 685.821559][ C0] ? import_iovec+0x74/0xa0 [ 685.821584][ C0] ___sys_sendmsg+0x21f/0x2a0 [ 685.821608][ C0] ? __pfx____sys_sendmsg+0x10/0x10 [ 685.821649][ C0] ? __fget_files+0x2a/0x420 [ 685.821668][ C0] ? __fget_files+0x3a0/0x420 [ 685.821691][ C0] __x64_sys_sendmsg+0x19b/0x260 [ 685.821715][ C0] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 685.821744][ C0] ? rcu_is_watching+0x15/0xb0 [ 685.821771][ C0] ? do_syscall_64+0xbe/0x3b0 [ 685.821792][ C0] do_syscall_64+0xfa/0x3b0 [ 685.821810][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.821828][ C0] ? asm_sysvec_call_function_single+0x1a/0x20 [ 685.821848][ C0] ? clear_bhb_loop+0x60/0xb0 [ 685.821869][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.821887][ C0] RIP: 0033:0x7fb19218e929 [ 685.821911][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.821926][ C0] RSP: 002b:00007fb192f12038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 685.821948][ C0] RAX: ffffffffffffffda RBX: 00007fb1923b6160 RCX: 00007fb19218e929 [ 685.821962][ C0] RDX: 0000000020044810 RSI: 00002000000003c0 RDI: 0000000000000008 [ 685.821975][ C0] RBP: 00007fb192210b39 R08: 0000000000000000 R09: 0000000000000000 [ 685.821987][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.821998][ C0] R13: 0000000000000000 R14: 00007fb1923b6160 R15: 00007ffefe6ce6b8 [ 685.822020][ C0] [ 685.822027][ C0] [ 685.822033][ C0] Allocated by task 10761: [ 685.822049][ C0] kasan_save_track+0x3e/0x80 [ 685.822075][ C0] __kasan_slab_alloc+0x6c/0x80 [ 685.822100][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 685.822127][ C0] copy_mm+0xdb/0x4b0 [ 685.822158][ C0] copy_process+0x1706/0x3c00 [ 685.822182][ C0] kernel_clone+0x21e/0x870 [ 685.822207][ C0] __x64_sys_clone+0x18b/0x1e0 [ 685.822222][ C0] do_syscall_64+0xfa/0x3b0 [ 685.822239][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.822257][ C0] [ 685.822262][ C0] Freed by task 10764: [ 685.822271][ C0] kasan_save_track+0x3e/0x80 [ 685.822295][ C0] kasan_save_free_info+0x46/0x50 [ 685.822315][ C0] __kasan_slab_free+0x62/0x70 [ 685.822340][ C0] kmem_cache_free+0x18f/0x400 [ 685.822366][ C0] exit_mm+0x1da/0x2c0 [ 685.822381][ C0] do_exit+0x648/0x2300 [ 685.822397][ C0] do_group_exit+0x21c/0x2d0 [ 685.822414][ C0] __x64_sys_exit_group+0x3f/0x40 [ 685.822431][ C0] x64_sys_call+0x21f7/0x2200 [ 685.822449][ C0] do_syscall_64+0xfa/0x3b0 [ 685.822466][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.822483][ C0] [ 685.822488][ C0] The buggy address belongs to the object at ffff8880726d1580 [ 685.822488][ C0] which belongs to the cache mm_struct of size 2584 [ 685.822505][ C0] The buggy address is located 2560 bytes inside of [ 685.822505][ C0] freed 2584-byte region [ffff8880726d1580, ffff8880726d1f98) [ 685.822526][ C0] [ 685.822532][ C0] The buggy address belongs to the physical page: [ 685.822541][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x726d0 [ 685.822558][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 685.822573][ C0] memcg:ffff888077496881 [ 685.822581][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 685.822605][ C0] page_type: f5(slab) [ 685.822641][ C0] raw: 00fff00000000040 ffff88801a44bb40 ffffea00009e1600 dead000000000002 [ 685.822659][ C0] raw: 0000000000000000 00000000800b000b 00000000f5000000 ffff888077496881 [ 685.822678][ C0] head: 00fff00000000040 ffff88801a44bb40 ffffea00009e1600 dead000000000002 [ 685.822696][ C0] head: 0000000000000000 00000000800b000b 00000000f5000000 ffff888077496881 [ 685.822714][ C0] head: 00fff00000000003 ffffea0001c9b401 00000000ffffffff 00000000ffffffff [ 685.822731][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 685.822742][ C0] page dumped because: kasan: bad access detected [ 685.822757][ C0] page_owner tracks the page as allocated [ 685.822764][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5179, tgid 5179 (rcS), ts 33128392592, free_ts 29920393685 [ 685.822799][ C0] post_alloc_hook+0x240/0x2a0 [ 685.822828][ C0] get_page_from_freelist+0x21e4/0x22c0 [ 685.822850][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 685.822871][ C0] alloc_pages_mpol+0x232/0x4a0 [ 685.822899][ C0] allocate_slab+0x8a/0x370 [ 685.822919][ C0] ___slab_alloc+0xbeb/0x1410 [ 685.822937][ C0] kmem_cache_alloc_noprof+0x283/0x3c0 [ 685.822963][ C0] copy_mm+0xdb/0x4b0 [ 685.822988][ C0] copy_process+0x1706/0x3c00 [ 685.823013][ C0] kernel_clone+0x21e/0x870 [ 685.823039][ C0] __x64_sys_clone+0x18b/0x1e0 [ 685.823055][ C0] do_syscall_64+0xfa/0x3b0 [ 685.823072][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.823091][ C0] page last free pid 1 tgid 1 stack trace: [ 685.823102][ C0] __free_frozen_pages+0xb80/0xd80 [ 685.823119][ C0] free_contig_range+0x1bd/0x4a0 [ 685.823149][ C0] destroy_args+0x7e/0x5d0 [ 685.823168][ C0] debug_vm_pgtable+0x3fa/0x430 [ 685.823195][ C0] do_one_initcall+0x233/0x820 [ 685.823212][ C0] do_initcall_level+0x137/0x1f0 [ 685.823235][ C0] do_initcalls+0x69/0xd0 [ 685.823256][ C0] kernel_init_freeable+0x3d9/0x570 [ 685.823277][ C0] kernel_init+0x1d/0x1d0 [ 685.823299][ C0] ret_from_fork+0x3fc/0x770 [ 685.823322][ C0] ret_from_fork_asm+0x1a/0x30 [ 685.823340][ C0] [ 685.823345][ C0] Memory state around the buggy address: [ 685.823356][ C0] ffff8880726d1e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 685.823370][ C0] ffff8880726d1f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 685.823385][ C0] >ffff8880726d1f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 685.823396][ C0] ^ [ 685.823407][ C0] ffff8880726d2000: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 685.823421][ C0] ffff8880726d2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 685.823433][ C0] ================================================================== [ 685.823450][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 685.823465][ C0] CPU: 0 UID: 0 PID: 10770 Comm: syz.5.1294 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 685.823490][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 685.823503][ C0] Call Trace: [ 685.823510][ C0] [ 685.823519][ C0] dump_stack_lvl+0x99/0x250 [ 685.823549][ C0] ? __asan_memcpy+0x40/0x70 [ 685.823575][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 685.823605][ C0] ? __pfx__printk+0x10/0x10 [ 685.823633][ C0] panic+0x2db/0x790 [ 685.823666][ C0] ? __pfx_panic+0x10/0x10 [ 685.823699][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 685.823728][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 685.823757][ C0] ? print_memory_metadata+0x314/0x400 [ 685.823786][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 685.823817][ C0] check_panic_on_warn+0x89/0xb0 [ 685.823837][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 685.823856][ C0] end_report+0x78/0x160 [ 685.823873][ C0] kasan_report+0x129/0x150 [ 685.823891][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 685.823915][ C0] kasan_check_range+0x2b0/0x2c0 [ 685.823936][ C0] flush_tlb_func+0x23d/0x6c0 [ 685.823959][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 685.823976][ C0] ? sched_clock_cpu+0x74/0x430 [ 685.824001][ C0] ? rcu_is_watching+0x15/0xb0 [ 685.824025][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 685.824044][ C0] __flush_smp_call_function_queue+0x370/0xaa0 [ 685.824071][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 685.824091][ C0] __sysvec_call_function_single+0xa8/0x3d0 [ 685.824113][ C0] sysvec_call_function_single+0x9e/0xc0 [ 685.824153][ C0] [ 685.824161][ C0] [ 685.824168][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 685.824189][ C0] RIP: 0010:console_flush_all+0x7f7/0xc40 [ 685.824209][ C0] Code: 48 21 c3 0f 85 e9 01 00 00 e8 b5 36 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 a6 36 1f 00 eb 06 e8 9f 36 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 0a 4a 83 00 48 8b 1b 48 8b 44 24 [ 685.824226][ C0] RSP: 0000:ffffc9000bd36aa0 EFLAGS: 00000283 [ 685.824245][ C0] RAX: 1ffffffff1d36b7b RBX: ffffffff8e9b5bd8 RCX: 0000000000080000 [ 685.824260][ C0] RDX: ffffc9001cf37000 RSI: 0000000000003c4b RDI: 0000000000003c4c [ 685.824273][ C0] RBP: ffffc9000bd36bf0 R08: ffffffff8fa17c37 R09: 1ffffffff1f42f86 [ 685.824288][ C0] R10: dffffc0000000000 R11: fffffbfff1f42f87 R12: dffffc0000000000 [ 685.824303][ C0] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8e9b5b80 [ 685.824328][ C0] ? console_flush_all+0x13a/0xc40 [ 685.824349][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 685.824373][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 685.824397][ C0] console_unlock+0xc4/0x270 [ 685.824426][ C0] ? __pfx_console_unlock+0x10/0x10 [ 685.824456][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 685.824480][ C0] vprintk_emit+0x5b7/0x7a0 [ 685.824509][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 685.824547][ C0] _printk+0xcf/0x120 [ 685.824569][ C0] ? __pfx__printk+0x10/0x10 [ 685.824591][ C0] ? __netdev_printk+0x1a6/0x4d0 [ 685.824619][ C0] ? __netdev_printk+0x365/0x4d0 [ 685.824649][ C0] netdev_info+0x10a/0x160 [ 685.824675][ C0] ? __pfx_netdev_info+0x10/0x10 [ 685.824701][ C0] ? kasan_check_range+0x9f/0x2c0 [ 685.824724][ C0] __dev_set_promiscuity+0x307/0x740 [ 685.824751][ C0] netif_set_promiscuity+0x50/0xe0 [ 685.824775][ C0] dev_set_promiscuity+0x126/0x260 [ 685.824800][ C0] hsr_del_port+0x260/0x300 [ 685.824829][ C0] hsr_del_ports+0x31/0xc0 [ 685.824853][ C0] hsr_dellink+0x5b/0x90 [ 685.824879][ C0] ? __pfx_hsr_dellink+0x10/0x10 [ 685.824903][ C0] rtnl_dellink+0x474/0x710 [ 685.824926][ C0] ? __pfx_rtnl_dellink+0x10/0x10 [ 685.824951][ C0] ? preempt_schedule+0xae/0xc0 [ 685.824978][ C0] ? __dev_queue_xmit+0x27e/0x3a70 [ 685.825006][ C0] ? preempt_schedule_common+0x83/0xd0 [ 685.825035][ C0] ? preempt_schedule+0xae/0xc0 [ 685.825100][ C0] ? __pfx_rtnl_dellink+0x10/0x10 [ 685.825119][ C0] rtnetlink_rcv_msg+0x7cf/0xb70 [ 685.825148][ C0] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 685.825168][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 685.825191][ C0] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 685.825220][ C0] netlink_rcv_skb+0x208/0x470 [ 685.825238][ C0] ? rcu_is_watching+0x15/0xb0 [ 685.825264][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 685.825284][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 685.825311][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 685.825335][ C0] netlink_unicast+0x75b/0x8d0 [ 685.825369][ C0] netlink_sendmsg+0x805/0xb30 [ 685.825394][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 685.825415][ C0] ? aa_sock_msg_perm+0xf1/0x1d0 [ 685.825443][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 685.825466][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 685.825486][ C0] __sock_sendmsg+0x219/0x270 [ 685.825517][ C0] ____sys_sendmsg+0x505/0x830 [ 685.825544][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 685.825572][ C0] ? import_iovec+0x74/0xa0 [ 685.825599][ C0] ___sys_sendmsg+0x21f/0x2a0 [ 685.825624][ C0] ? __pfx____sys_sendmsg+0x10/0x10 [ 685.825667][ C0] ? __fget_files+0x2a/0x420 [ 685.825685][ C0] ? __fget_files+0x3a0/0x420 [ 685.825710][ C0] __x64_sys_sendmsg+0x19b/0x260 [ 685.825736][ C0] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 685.825766][ C0] ? rcu_is_watching+0x15/0xb0 [ 685.825794][ C0] ? do_syscall_64+0xbe/0x3b0 [ 685.825816][ C0] do_syscall_64+0xfa/0x3b0 [ 685.825836][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.825855][ C0] ? asm_sysvec_call_function_single+0x1a/0x20 [ 685.825875][ C0] ? clear_bhb_loop+0x60/0xb0 [ 685.825896][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.825917][ C0] RIP: 0033:0x7fb19218e929 [ 685.825934][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.825953][ C0] RSP: 002b:00007fb192f12038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 685.825975][ C0] RAX: ffffffffffffffda RBX: 00007fb1923b6160 RCX: 00007fb19218e929 [ 685.825991][ C0] RDX: 0000000020044810 RSI: 00002000000003c0 RDI: 0000000000000008 [ 685.826005][ C0] RBP: 00007fb192210b39 R08: 0000000000000000 R09: 0000000000000000 [ 685.826016][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.826029][ C0] R13: 0000000000000000 R14: 00007fb1923b6160 R15: 00007ffefe6ce6b8 [ 685.826051][ C0] [ 685.826407][ C0] Kernel Offset: disabled