last executing test programs: 23m27.028865906s ago: executing program 32 (id=1695): openat$binderfs(0xffffffffffffff9c, &(0x7f0000002480)='./binderfs/binder0\x00', 0x800, 0x0) r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f000001b400)={0x11, 0x24, &(0x7f00000193c0)=ANY=[@ANYBLOB="1800000003000000000000000800000018110000dddda65e1d8c4417b1c1dbd234fb1ce5a1206759b3e72adfd8747a251142f74c7cbff595de090356504a26d7a46d72b7183e335c92e73c6191495fbce19908c632bcc6c6beac671cebb0e73143239314692d2633233dec19df9a9c0dc6c859d006094cfd52757f76defb92d53170697d76ccff466fd413da202b770ce4af95b309640637fd", @ANYBLOB="00b997054fc8122ae10e718cb037012499f28fb9d55fbdea43b39d82609d2877501f147810223f5a6f6299a510910f200125dc45f524b701a3caf8be526aef1e714af42f5bff979806b6973929968871862787a3e29a16f5967568c8cb5b322f89d7", @ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x1, 0x3a, &(0x7f0000000280)=""/58, 0x41100, 0x1d, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f000001b6c0)={0x7, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f00000003c0)=""/102392, 0x18ff8) read$FUSE(0xffffffffffffffff, &(0x7f000001b700)={0x2020}, 0x2020) read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020}, 0x2020) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000001c0)={0x2, &(0x7f0000000040)=[{0x20, 0x2, 0x0, 0xfffff03c}, {0x6}]}, 0x10) r4 = syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x0) ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000600)={0x0, 0x0, 0x1, &(0x7f0000019540)={0x20, "50e1c0340af66e0dffda611f117e9df8b20630faa67cf4f18bda15c85613a37043"}}) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) eventfd2(0x65c, 0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) 17m40.857010843s ago: executing program 33 (id=2769): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbff, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wg0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0) 13m16.037685411s ago: executing program 3 (id=3699): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000380)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 13m15.268337556s ago: executing program 3 (id=3702): syz_create_resource$binfmt(&(0x7f00000000c0)='./file1\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) rmdir(&(0x7f0000000140)='./cgroup/../file0\x00') 13m14.263672648s ago: executing program 3 (id=3706): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) close(r0) 13m14.061614891s ago: executing program 3 (id=3707): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 13m12.905192907s ago: executing program 3 (id=3710): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r3, 0x0, 0x2}, 0x18) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)={0x2c, r0, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000020}, 0x0) 13m12.473689659s ago: executing program 3 (id=3713): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40) 13m12.035015726s ago: executing program 34 (id=3713): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40) 12m46.303057167s ago: executing program 4 (id=3813): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={0xffffffffffffffff, 0x18000000000002a0, 0xb, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x4, &(0x7f0000000540)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 12m46.23874481s ago: executing program 4 (id=3814): bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r0, &(0x7f00000023c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4840}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40800}], 0x2, 0x40800) recvmsg(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) r1 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0) keyctl$chown(0x4, 0x0, 0xee01, 0xee00) keyctl$KEYCTL_RESTRICT_KEYRING(0xb, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001a00), 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000200)='source', &(0x7f0000000000)='\\\\\xe9\x838\x9d<\f\x91\a\xd4$\xae$\x91&6n @\xf4M\xba\xf2<\xd6A\xdb\xd7\xbeY@g\xcc\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\xa7\x15R.\xa3`fd\xdc\x8b\x18rBl{\x82\\\xbeA\x17\n\f\xcd=\'\x11\x1bZ\x8e\xb1\xc3j$v\xefw\x96\\\\\xa2\xfc\xe3\xb8\xc7\x0f\xaa\x01\x00\x00\x00;\xd5\xcd4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xa2\xdf\xbe\x8b\x89\x81', 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) 12m44.708208907s ago: executing program 4 (id=3819): lsetxattr$security_capability(&(0x7f0000000480)='./file0\x00', &(0x7f0000000540), &(0x7f0000000580)=@v1={0x1000000, [{0x9, 0xe}]}, 0xc, 0x1) r0 = gettid() r1 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000300)) r2 = inotify_init() bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="c40a71e4191c0000180a02000000000000000000000000009500000000000000506ac2cbfb3b0db5b127b9e2fab4d2500302ed113caaebbba87936aa4aeda25f98"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfe20, &(0x7f000000cf3d)=""/195}, 0x23) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) fcntl$setstatus(r2, 0x4, 0x42800) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSBRKP(r3, 0x5425, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0) write(r4, 0x0, 0x300) 12m44.354343725s ago: executing program 4 (id=3823): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0xf00) 12m43.554910164s ago: executing program 4 (id=3826): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="001306000000ec19d02303f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x1, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0x88}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53048cc) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, &(0x7f00000000c0)) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$nl_netfilter(0x10, 0x3, 0xc) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$P9_RSTATu(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="080200000200000005f8000000000000000000000000000000000000000000000000000000000000000000000000000000001b00046e6f6465767b65766f6f7e0539c60005000037d93a8b920000003800704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500002b595fcb14034354b9fd9ef196a51cd5157adc8103b494e11d00d299988014986ce982cfc26dd7c500f04cd85f2a70f5e9930e97a59a645500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8e289da649a37002c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e100"/557, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x239) 12m39.497924962s ago: executing program 4 (id=3839): r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000480)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}]}, 0x38}}, 0x20000000) 12m25.345313395s ago: executing program 35 (id=3839): r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000480)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}]}, 0x38}}, 0x20000000) 8m39.94900277s ago: executing program 5 (id=5049): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r4}, 0x10) close(r0) 8m39.652942951s ago: executing program 5 (id=5054): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@newlink={0x2c, 0x10, 0x801, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x8028}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x5b4efbb362ec214f}, 0x7000000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x3, @empty, 0x0, 0x3}, 0x20) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a0000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) 8m38.649008884s ago: executing program 5 (id=5060): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000680)='+}[@\x00[$oB\xfa=\xee\xc4F\xba\xed\x97') r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x48001, 0x0) read(r0, &(0x7f0000000140), 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) close(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f0000000380)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'}) 8m38.428467344s ago: executing program 5 (id=5062): socket$inet6(0xa, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x18, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000280), 0x3fffffffffffd17, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4801}, 0x800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) r3 = getpid() r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r0) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) 8m37.511351313s ago: executing program 5 (id=5064): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) r1 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) copy_file_range(r1, 0x0, r1, 0x0, 0xb51, 0x0) 8m37.399441096s ago: executing program 5 (id=5065): bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 8m23.255958678s ago: executing program 36 (id=5065): bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 7m45.589596834s ago: executing program 8 (id=5289): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r3}, 0x10) close(r0) 7m37.878400571s ago: executing program 8 (id=5319): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x1030002}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0) 7m36.175363764s ago: executing program 8 (id=5329): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r4}, 0x10) close(r0) 7m35.044405526s ago: executing program 8 (id=5337): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000) 7m34.911268842s ago: executing program 8 (id=5340): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x18) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r1, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r1, 0x540a, 0x3) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)) 7m34.491247501s ago: executing program 8 (id=5347): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() getpeername$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f00000700"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000580)={'gretap0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x20, 0x7, 0x10000003, 0x3, {{0x13, 0x4, 0x0, 0x1, 0x4c, 0x66, 0x0, 0x0, 0x4, 0x0, @local, @local, {[@timestamp_addr={0x44, 0x24, 0xf4, 0x1, 0xd, [{@empty, 0x7}, {@remote, 0x3}, {@broadcast, 0x8}, {@multicast1, 0x800}]}, @timestamp={0x44, 0x10, 0x18, 0x0, 0x1, [0xffffff7f, 0x9ffc, 0x7]}, @noop]}}}}}) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x62040200) 7m20.356598997s ago: executing program 37 (id=5347): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() getpeername$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f00000700"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000580)={'gretap0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x20, 0x7, 0x10000003, 0x3, {{0x13, 0x4, 0x0, 0x1, 0x4c, 0x66, 0x0, 0x0, 0x4, 0x0, @local, @local, {[@timestamp_addr={0x44, 0x24, 0xf4, 0x1, 0xd, [{@empty, 0x7}, {@remote, 0x3}, {@broadcast, 0x8}, {@multicast1, 0x800}]}, @timestamp={0x44, 0x10, 0x18, 0x0, 0x1, [0xffffff7f, 0x9ffc, 0x7]}, @noop]}}}}}) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x62040200) 2m11.557576234s ago: executing program 1 (id=6827): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000001d00070f000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00005200060005000100000008000800", @ANYRES32=r1], 0x2c}}, 0x20008000) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000600)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000300)='GPL\x00', 0x8, 0xff8, &(0x7f0000001e00)=""/4088}, 0x94) r3 = socket$inet6(0xa, 0x1, 0x0) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000004000200040010000800014004000000", 0x58}], 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x0, 0x4e, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x10, 0x7, 0x0, 0x4}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000680)={'syztnl1\x00', 0x0}) 2m10.017960231s ago: executing program 1 (id=6831): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x200400d4) 2m9.45544549s ago: executing program 1 (id=6835): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = socket$inet6(0xa, 0x803, 0x6) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000180)={r2, r0}) sendmmsg$inet(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000440)='{', 0x1}], 0x1}}], 0x1, 0x0) 2m9.341999907s ago: executing program 1 (id=6837): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x101091, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 2m7.734464558s ago: executing program 1 (id=6841): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) 2m7.363674166s ago: executing program 1 (id=6842): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(r2, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) write$cgroup_devices(r1, &(0x7f0000000840)=ANY=[], 0xffdd) close_range(r0, 0xffffffffffffffff, 0x0) 2m6.941958535s ago: executing program 38 (id=6842): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(r2, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) write$cgroup_devices(r1, &(0x7f0000000840)=ANY=[], 0xffdd) close_range(r0, 0xffffffffffffffff, 0x0) 1m4.638322422s ago: executing program 6 (id=7119): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) 1m3.266705261s ago: executing program 6 (id=7129): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000180)) syz_usb_connect(0x2, 0x24, 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) 1m1.379029516s ago: executing program 2 (id=7142): r0 = socket$alg(0x26, 0x5, 0x0) r1 = fsopen(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) socket$inet6_sctp(0xa, 0x5, 0x84) 59.188368439s ago: executing program 2 (id=7148): r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffb, 0x6, 0x0, @buffer={0x2, 0x5d, &(0x7f0000000400)=""/93}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x1000, 0x0, 0x0, 0x0}) 58.99475983s ago: executing program 2 (id=7150): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="8fedcb7907009875f375"], 0xfdef) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0xfdef) 58.84755614s ago: executing program 9 (id=7152): ioctl$IOMMU_IOAS_ALLOW_IOVAS(0xffffffffffffffff, 0x3b82, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x4000, 0x0}) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4000081}, 0x28000010) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c82010000c000100050108"], 0x15) syz_emit_vhci(&(0x7f00000003c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0xa}, @l2cap_cid_signaling={{0x6}, [@l2cap_cmd_rej_unk={{0x1, 0x1, 0x2}}]}}, 0xf) 58.808787956s ago: executing program 9 (id=7153): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f05e13f000009058303"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x3b, &(0x7f0000000140)=ANY=[]) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x5452, &(0x7f0000000000)) socket(0x10, 0x800, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prlimit64(0x0, 0x2, &(0x7f0000000240)={0xfffffffffffffffe}, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000003c0)=0x1) ioctl$TIOCVHANGUP(r4, 0x5437, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r7, 0x29, 0x3c, 0x0, &(0x7f00000080c0)) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x7}) ioctl$DRM_IOCTL_MODE_CURSOR(r5, 0xc01c64a3, &(0x7f0000000040)={0x3, 0x0, 0x10000000, 0x80000001, 0xb, 0x1fd, 0x1}) close_range(r5, 0xffffffffffffffff, 0x0) 57.152995343s ago: executing program 2 (id=7156): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x8000}, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x3, 0x0, 0xf9, 0x7ffc1ffb}]}) r0 = fsopen(&(0x7f0000000040)='hpfs\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000cc0)=ANY=[@ANYRES32=r1, @ANYRES64=r0, @ANYBLOB="7ba1d2b03f313db75ff8a13ec7b3cd06b821", @ANYRES32, @ANYBLOB="8caadbeb66277368e3ddbc515fd33a09484586712306ff01fc10e45ea443c641bbe7f607563ce305c2d812158d27b708d7743bca2b68d4582ef645e7e281095bdee51076500487da30b96105f134b10a68603dc53ffa0c0f06b48e5c6cb709535d2594c4350ecff2ac055f81cb642bb74bbf009f2df19f0bba5358f184d1872b961921b85f25698a07ee0df2761cdcf9f06a2443a905202f425125f9cdc75c8ae5511268e8", @ANYRES8=r2, @ANYRES32=r2], 0xb0}, 0x1, 0x0, 0x0, 0x4}, 0x20004005) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$vbi(&(0x7f00000002c0), 0x3, 0x2) ioctl$VIDIOC_S_OUTPUT(r3, 0xc004562f, &(0x7f00000000c0)=0x1) ioctl$VIDIOC_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x13, 0x7c5, 0x1, 0x0, 0xd59f80, 0x4, 0x5, 0x7, 0x8, 0x5, 0x6, 0x4, 0x80000000, 0x7, 0x2b, 0xc, {0xffff945a}, 0x3, 0xf1}}) r4 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x202, 0x0) ioctl$TIOCPKT(r4, 0x5420, &(0x7f0000000200)=0x2) r5 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f00000000c0)=0x17) pselect6(0x40, &(0x7f0000004600)={0x2, 0x0, 0x8, 0x7, 0xffffffffffffffe8, 0x401, 0xffffffff}, 0x0, &(0x7f0000004680)={0x9, 0xfff, 0xd3, 0x5, 0x7, 0x400, 0x9, 0xa1}, &(0x7f00000046c0)={0x0, 0x989680}, 0x0) socket(0x2b, 0x1, 0x1) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x4c806, &(0x7f0000000180)={0x2, 0x4f22, @multicast2}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000300)='J', 0x0, 0x40440d0, 0x0, 0x0) 56.145173756s ago: executing program 2 (id=7159): socket$inet6(0xa, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x18, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f0000000280), 0x3fffffffffffd17, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4801}, 0x800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) r5 = getpid() r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r0) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r6, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) 55.285535581s ago: executing program 0 (id=7161): syz_emit_vhci(0x0, 0x0) 55.215320238s ago: executing program 6 (id=7162): pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x1, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0x406f413, 0x0) 54.185713488s ago: executing program 9 (id=7163): ioctl$IOMMU_IOAS_ALLOW_IOVAS(0xffffffffffffffff, 0x3b82, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x4000, 0x0}) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4000081}, 0x28000010) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x9f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c82010000c000100050108"], 0x15) syz_emit_vhci(&(0x7f00000003c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0xa}, @l2cap_cid_signaling={{0x6}, [@l2cap_cmd_rej_unk={{0x1, 0x1, 0x2}}]}}, 0xf) 54.130329439s ago: executing program 0 (id=7164): r0 = syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) r2 = syz_io_uring_setup(0x1e1e, 0x0, &(0x7f0000002000)=0x0, 0x0) syz_io_uring_submit(r3, 0x0, 0x0) io_uring_enter(r2, 0x48e9, 0x0, 0x2, 0x0, 0x0) r4 = socket$inet(0xa, 0x801, 0x84) listen(r4, 0x8) socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) setreuid(0xee01, 0x0) ioprio_get$uid(0x3, 0xee01) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x1, 0x2}) listen(0xffffffffffffffff, 0x2) r5 = socket(0x2b, 0x80801, 0x1) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r7, 0x101, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) connect$inet6(r5, 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x1a, 0x0, 0x0) 53.903409958s ago: executing program 9 (id=7166): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000780)=ANY=[@ANYBLOB="120100005fb8e520cd0c8000834a0102030109021b0002000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 51.872636932s ago: executing program 2 (id=7168): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x20008844) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) 51.71037517s ago: executing program 7 (id=7169): socket(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'}) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) 51.678136687s ago: executing program 0 (id=7170): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) connect$bt_l2cap(r0, 0x0, 0x0) 51.503107171s ago: executing program 7 (id=7171): creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 51.039440697s ago: executing program 6 (id=7172): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r0, 0x0, 0xfc96, 0xfdffffff, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c) 51.038899525s ago: executing program 0 (id=7173): syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r3, 0x800448d4, &(0x7f0000000080)={0x300, 0x200, '\x00', 0x3}) 50.838556696s ago: executing program 7 (id=7174): syz_emit_vhci(0x0, 0x0) 50.125849455s ago: executing program 0 (id=7175): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="1400000002070102aec4872e03d024d900000000"], 0x14}, 0x1, 0x0, 0x0, 0x4040041}, 0x44000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00'}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, 0x0, 0x240008c4) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001200)={&(0x7f0000000200)='kmem_cache_free\x00'}, 0x18) io_uring_setup(0x2987, &(0x7f0000000080)={0x0, 0x40000000, 0x800, 0x4, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xe}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00'}, 0x18) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "fc7771", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x82}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x1, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0) 50.113868201s ago: executing program 6 (id=7176): ioctl$IOMMU_IOAS_ALLOW_IOVAS(0xffffffffffffffff, 0x3b82, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x4000, 0x0}) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4000081}, 0x28000010) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x9f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c82010000c000100050108"], 0x15) syz_emit_vhci(&(0x7f00000003c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0xa}, @l2cap_cid_signaling={{0x6}, [@l2cap_cmd_rej_unk={{0x1, 0x1, 0x2}}]}}, 0xf) 49.9993203s ago: executing program 7 (id=7177): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000011c0)="93bffce623851797a8dc79018d7716840ffc6949c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c3522fff95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041afc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb6", 0x90}, {&(0x7f00000007c0)="02999344565d9c61d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e432bcb0330483c0604aaf2", 0x45}, {&(0x7f0000000f00)="ec75d081fcb70000000000000000bb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523aaded5e09aa1e36fcc90c269ad6d38d5761910df91e34b3b98e2f71054226c3b00b9ee6ae29f0b07bc6fe7981126ca8e32b991faed3b0293e4004c1f64e6c19ba36b2778c5f4a1c58625fe19516af43c9870c5b8191e23778abe7df2280d401feffffffffffff2dce9570444c153f9c2903ae4c868074e89477bf83d2ab648b0498ac8c0f90844ed9a26675199d5ff9b391c1dec077b5099cf9aecd1a8788fe098a501ea64185ddcddda7f7c66d819ca14f85b27079c7fd0b3b446915cd8f0f157f45d95f6bc1815edda1b5df880de18b18c03b3d946ae7732d01462f39dad739e6a2b79f039ecaa8432f17e20d4e3ddb088bb8aef5d4f4cd6a8cfb9cdf40356843a3ad0059b0ecbcc0b6c96e47fe", 0x147}, {&(0x7f0000000240)="397d5f2e855cb2b0b1e61d3fe47dc3e798cf47cfebf169e77257f308b498e5b41722", 0x22}, {&(0x7f0000000440)="e78901b24f3291e9448af6bf802603c0a47d696e45734f3aadb096a0e9d428f71a7365c266b448adc5655f5b5c7574d6691fa86321c8ff9c33e6e68f073f3f5b289e9c2b6466853b8d401f3c95fee163c50a084fe2cd69d28ed65a676f06a572bca4c22a589556fe373c80e16ee81235c845a955ee9e44f3e86de6eda3736d95d636e5135e42aa62a826a860", 0x8c}, {&(0x7f00000002c0)="b6139dc68c219b157760a3cbf255087b81aaba8e246b1d98cac2af5ddb62415a0c56728b0d360ce8a1fa43d6dcba394087c43242b7ff0cec", 0x38}], 0x6}}], 0x1, 0x20008000) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x0, 0xfc, 0x0, 0x1, 0xffffffff}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x7fff, 0x8, 0x5, 0xab272d79, 0x3}}]}, @TCA_NETEM_ECN={0x8, 0x7, 0x1}]}}}]}, 0x70}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 49.955464655s ago: executing program 0 (id=7178): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) r1 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) ioctl$TCSBRK(r0, 0x5409, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$unix(r5, &(0x7f0000000700)={&(0x7f0000000000)=@abs={0x1, 0x0, 0x4e23}, 0x6e, 0x0, 0x0, &(0x7f0000000100)=[@rights={{0x18, 0x1, 0x1, [r5, r5]}}, @rights={{0x10}}], 0x28, 0x14}, 0x4000) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e23, 0x5, @mcast1, 0x9}, 0x1c) syz_emit_ethernet(0x3a, &(0x7f0000002100)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0x18, @multicast1}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data}}}}}, 0x0) syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x202) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20) 49.659808089s ago: executing program 6 (id=7179): socket$inet6(0xa, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x18, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f0000000280), 0x3fffffffffffd17, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4801}, 0x800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) r5 = getpid() r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r0) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r6, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) 47.779036648s ago: executing program 9 (id=7180): syz_open_dev$vcsu(&(0x7f00000000c0), 0x6, 0x40003) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0xfeffff, 0x113, 0x0, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) 47.655491516s ago: executing program 7 (id=7181): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000100ff03850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 44.905825282s ago: executing program 9 (id=7182): prlimit64(0x0, 0xe, &(0x7f0000000040)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4b8, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0x98, 0xe0, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x518) stat(&(0x7f0000001c40)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f0000fffffffffffffff000000000"], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000580)=@proc={0x10, 0x0, 0x25dfdbfd, 0x40}, 0xc, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYRES8, @ANYRESDEC, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=0xffffffffffffffff, @ANYRES16, @ANYRES32, @ANYRES32], 0x50, 0x24040094}, 0x80) lchown(&(0x7f0000000000)='./file0\x00', 0x0, r4) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, &(0x7f0000000b00)=ANY=[@ANYRESDEC, @ANYRES32=0x0, @ANYBLOB="02000400", @ANYRES64, @ANYBLOB="020002", @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="0ffe0500", @ANYRES64, @ANYBLOB="02000000", @ANYRES8, @ANYBLOB="020003", @ANYRES64, @ANYRES32=0xee00, @ANYRES8, @ANYBLOB="7de0de6148d7d44c4d01eeff92df69b773e9c6727f8fbda7576c2a151378b664926695450adc68e74593831c634553c00cb92a5f09f1c013283b5c41e9b48b6df05700293ee4dfd9070d460cc6774ad5cb408f22ce", @ANYRESDEC=r3, @ANYRESDEC=r5, @ANYRES32=0x0, @ANYBLOB="080006", @ANYRES32=r4, @ANYBLOB="08000300", @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32, @ANYBLOB], 0x94, 0x1) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000000)='./file0\x00', r3, r6) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000005000000000000000000d18b88da11b0ecd9b1c8ae6e18be84553d2ecf8f1bf731b1d17cab33576b62b6552a66ba0622b8da145afd57157aabef03c6adb869916312f62b22a037db84f9eaab3ec8a1221a10f3ddd1adfad8ec41ae3925f0ada2cd23a4d38a00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) 44.905613424s ago: executing program 7 (id=7183): pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x1, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0x406f413, 0x0) 0s ago: executing program 39 (id=7178): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) r1 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) ioctl$TCSBRK(r0, 0x5409, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$unix(r5, &(0x7f0000000700)={&(0x7f0000000000)=@abs={0x1, 0x0, 0x4e23}, 0x6e, 0x0, 0x0, &(0x7f0000000100)=[@rights={{0x18, 0x1, 0x1, [r5, r5]}}, @rights={{0x10}}], 0x28, 0x14}, 0x4000) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e23, 0x5, @mcast1, 0x9}, 0x1c) syz_emit_ethernet(0x3a, &(0x7f0000002100)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0x18, @multicast1}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data}}}}}, 0x0) syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x202) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20) kernel console output (not intermixed with test programs): forwarding state [ 2056.872045][T12141] bridge0: port 2(bridge_slave_1) entered blocking state [ 2056.879302][T12141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2058.607448][T26455] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2058.906421][T26465] lo speed is unknown, defaulting to 1000 [ 2058.934535][T26465] wg0 speed is unknown, defaulting to 1000 [ 2059.299365][T26455] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2059.721739][T26455] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2060.238867][T26455] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2060.369093][T26455] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2060.390735][T26455] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2060.411520][T26455] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2060.431657][T26455] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2060.601268][ T30] kauditd_printk_skb: 155 callbacks suppressed [ 2060.601285][ T30] audit: type=1326 audit(2000001001.645:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26475 comm="syz.1.5882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2060.692023][ T30] audit: type=1326 audit(2000001001.720:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26475 comm="syz.1.5882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2060.742012][ T30] audit: type=1326 audit(2000001001.720:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26475 comm="syz.1.5882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2060.942765][ T30] audit: type=1326 audit(2000001001.731:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26475 comm="syz.1.5882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2060.970416][ T30] audit: type=1326 audit(2000001001.731:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26475 comm="syz.1.5882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2061.158690][T26303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2061.409466][T26303] veth0_vlan: entered promiscuous mode [ 2061.717703][T26303] veth1_vlan: entered promiscuous mode [ 2061.872442][T26503] IPv6: Can't replace route, no match found [ 2061.886985][T26303] veth0_macvtap: entered promiscuous mode [ 2061.963498][T26507] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5889'. [ 2061.996945][T26507] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5889'. [ 2062.897513][T26303] veth1_macvtap: entered promiscuous mode [ 2062.973321][T26511] lo speed is unknown, defaulting to 1000 [ 2062.981429][T26511] wg0 speed is unknown, defaulting to 1000 [ 2063.519998][T26512] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2063.689654][T26512] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2063.775708][T26303] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2064.124886][T26303] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2064.236154][T26523] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5894'. [ 2064.362152][T26525] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5896'. [ 2064.379229][T26525] openvswitch: netlink: Flow key attr not present in new flow. [ 2064.736409][T26512] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2064.771622][T26303] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2064.781486][T26303] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2064.792893][T26303] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2064.810043][T26303] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2064.890671][T26512] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2065.205267][T26512] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2065.791676][T26512] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2065.902538][T26512] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2066.038194][T26512] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2066.691812][T26543] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5901'. [ 2066.716894][T26543] netlink: 11 bytes leftover after parsing attributes in process `syz.9.5901'. [ 2066.747421][ T9906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2066.791496][ T9906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2067.224546][T12167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2067.238595][T12167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2067.557975][T26556] sp0: Synchronizing with TNC [ 2068.373887][ T30] audit: type=1326 audit(2000001009.971:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26557 comm="syz.6.5906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ce38e929 code=0x7ffc0000 [ 2068.477485][ T30] audit: type=1326 audit(2000001009.982:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26557 comm="syz.6.5906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ce38e929 code=0x7ffc0000 [ 2068.529557][ T30] audit: type=1326 audit(2000001009.982:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26557 comm="syz.6.5906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7fb1ce38e929 code=0x7ffc0000 [ 2068.601615][ T30] audit: type=1326 audit(2000001009.982:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26557 comm="syz.6.5906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ce38e929 code=0x7ffc0000 [ 2068.715974][ T30] audit: type=1326 audit(2000001009.982:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26557 comm="syz.6.5906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ce38e929 code=0x7ffc0000 [ 2070.679550][ T30] audit: type=1326 audit(2000001010.025:1485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26549 comm="syz.1.5903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2070.805122][ T30] audit: type=1326 audit(2000001010.025:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26549 comm="syz.1.5903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2070.827930][ T30] audit: type=1326 audit(2000001010.025:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26549 comm="syz.1.5903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2070.851410][ T30] audit: type=1326 audit(2000001010.025:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26549 comm="syz.1.5903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2070.874250][ T30] audit: type=1326 audit(2000001010.025:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26549 comm="syz.1.5903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2071.146286][T26576] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2071.669742][T26576] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2071.771814][T26576] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2071.950684][T26590] netlink: 20 bytes leftover after parsing attributes in process `syz.9.5918'. [ 2072.570086][T26576] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2072.941628][T26576] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2072.963339][T26576] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2072.987475][T26576] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2073.007728][T26576] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2073.420920][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 2073.420938][ T30] audit: type=1326 audit(2000001015.390:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26616 comm="syz.0.5925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2073.454735][ T30] audit: type=1326 audit(2000001015.432:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26616 comm="syz.0.5925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2073.478959][ T30] audit: type=1326 audit(2000001015.454:1501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26616 comm="syz.0.5925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2073.587363][ T30] audit: type=1326 audit(2000001015.465:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26616 comm="syz.0.5925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2073.641336][ T30] audit: type=1326 audit(2000001015.465:1503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26616 comm="syz.0.5925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2073.665507][ T30] audit: type=1326 audit(2000001015.486:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26616 comm="syz.0.5925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2073.687965][ T30] audit: type=1326 audit(2000001015.486:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26616 comm="syz.0.5925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2073.711778][ T30] audit: type=1326 audit(2000001015.486:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26616 comm="syz.0.5925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2073.782171][ T30] audit: type=1326 audit(2000001015.486:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26616 comm="syz.0.5925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2073.815957][ T30] audit: type=1326 audit(2000001015.486:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26616 comm="syz.0.5925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2074.475390][T26632] lo speed is unknown, defaulting to 1000 [ 2074.529055][T26632] wg0 speed is unknown, defaulting to 1000 [ 2075.601668][T26634] lo speed is unknown, defaulting to 1000 [ 2075.686006][T26634] wg0 speed is unknown, defaulting to 1000 [ 2075.740668][T26637] lo speed is unknown, defaulting to 1000 [ 2075.780555][T26642] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2075.858172][T26642] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2075.919954][T26642] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2076.154146][T26642] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2076.425010][T26654] syzkaller1: entered promiscuous mode [ 2076.450178][T26654] syzkaller1: entered allmulticast mode [ 2076.715194][T26637] wg0 speed is unknown, defaulting to 1000 [ 2078.060159][T26681] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5948'. [ 2079.804207][T26642] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2080.033036][T26642] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2080.620442][T26642] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2080.660628][T26714] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5958'. [ 2080.702374][T26714] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5958'. [ 2080.828797][T26642] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2081.165782][T26723] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5961'. [ 2081.246082][T26723] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5961'. [ 2082.916829][T26752] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 2082.916829][T26752] program syz.0.5974 not setting count and/or reply_len properly [ 2084.047594][T26799] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 2084.051569][ T5883] IPVS: starting estimator thread 0... [ 2084.152324][T26803] IPVS: using max 48 ests per chain, 115200 per kthread [ 2084.801535][T26825] sp0: Synchronizing with TNC [ 2085.708156][T26828] unsupported nla_type 52263 [ 2086.007882][T26839] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6007'. [ 2086.018882][T26839] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6007'. [ 2088.263281][T26878] netlink: 172 bytes leftover after parsing attributes in process `syz.0.6021'. [ 2088.582882][T26888] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6024'. [ 2088.607263][T26886] sg_read: process 55 (syz.0.6023) changed security contexts after opening file descriptor, this is not allowed. [ 2088.647141][T26884] lo speed is unknown, defaulting to 1000 [ 2088.738732][T26884] wg0 speed is unknown, defaulting to 1000 [ 2089.059892][T26898] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2089.319304][T26898] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2089.421544][T26898] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2089.462185][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 2089.462202][ T30] audit: type=1326 audit(2000001032.600:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26904 comm="syz.7.6031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7bf98e929 code=0x7ffc0000 [ 2089.519390][T26898] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2089.553379][ T30] audit: type=1326 audit(2000001032.643:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26904 comm="syz.7.6031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7bf98e929 code=0x7ffc0000 [ 2089.609815][ T30] audit: type=1326 audit(2000001032.653:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26904 comm="syz.7.6031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc7bf98e929 code=0x7ffc0000 [ 2089.645644][ T30] audit: type=1326 audit(2000001032.653:1517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26904 comm="syz.7.6031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7bf98e929 code=0x7ffc0000 [ 2089.703925][ T30] audit: type=1326 audit(2000001032.653:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26904 comm="syz.7.6031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7bf98e929 code=0x7ffc0000 [ 2089.767872][ T30] audit: type=1326 audit(2000001032.653:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26904 comm="syz.7.6031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc7bf98e929 code=0x7ffc0000 [ 2089.851874][ T30] audit: type=1326 audit(2000001032.653:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26904 comm="syz.7.6031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7bf98e929 code=0x7ffc0000 [ 2089.946993][ T30] audit: type=1326 audit(2000001032.653:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26904 comm="syz.7.6031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7bf98e929 code=0x7ffc0000 [ 2089.973640][T26898] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2090.063747][ T30] audit: type=1326 audit(2000001032.653:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26906 comm="syz.6.6030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ce38e929 code=0x7ffc0000 [ 2090.090846][T26898] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2090.145229][ T30] audit: type=1326 audit(2000001032.653:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26904 comm="syz.7.6031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc7bf98e929 code=0x7ffc0000 [ 2090.173136][T26898] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2090.210145][T26898] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2090.385379][T26917] netlink: 172 bytes leftover after parsing attributes in process `syz.0.6034'. [ 2091.317077][T11607] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 2091.475465][T11607] usb 10-1: Using ep0 maxpacket: 16 [ 2091.657855][T11607] usb 10-1: config 4 has an invalid interface number: 69 but max is 0 [ 2091.666728][T11607] usb 10-1: config 4 has no interface number 0 [ 2091.678609][T11607] usb 10-1: config 4 interface 69 has no altsetting 0 [ 2091.713360][T11607] usb 10-1: New USB device found, idVendor=0408, idProduct=ea42, bcdDevice=ee.49 [ 2091.733801][T11607] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2091.772068][T11607] usb 10-1: Product: syz [ 2091.786714][T11607] usb 10-1: SerialNumber: syz [ 2092.127868][T11607] option 10-1:4.69: GSM modem (1-port) converter detected [ 2092.231202][T11607] usb 10-1: USB disconnect, device number 6 [ 2092.279228][T11607] option 10-1:4.69: device disconnected [ 2092.960727][T26948] hub 6-0:1.0: USB hub found [ 2092.982720][T26948] hub 6-0:1.0: 1 port detected [ 2094.666711][T26930] syz.0.6039: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2094.716430][T26930] CPU: 1 UID: 0 PID: 26930 Comm: syz.0.6039 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 2094.716459][T26930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2094.716471][T26930] Call Trace: [ 2094.716479][T26930] [ 2094.716487][T26930] dump_stack_lvl+0x189/0x250 [ 2094.716516][T26930] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 2094.716539][T26930] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2094.716562][T26930] ? __pfx__printk+0x10/0x10 [ 2094.716584][T26930] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2094.716611][T26930] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2094.716646][T26930] warn_alloc+0x214/0x310 [ 2094.716676][T26930] ? __pfx_warn_alloc+0x10/0x10 [ 2094.716707][T26930] ? __get_vm_area_node+0x28f/0x300 [ 2094.716730][T26930] ? hash_netiface_create+0x358/0xfe0 [ 2094.716759][T26930] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 2094.716815][T26930] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 2094.716845][T26930] ? hash_netiface_create+0x358/0xfe0 [ 2094.716871][T26930] ? __get_vm_area_node+0x28f/0x300 [ 2094.716893][T26930] ? hash_netiface_create+0x358/0xfe0 [ 2094.716918][T26930] __vmalloc_node_range_noprof+0x56a/0x12f0 [ 2094.716942][T26930] ? hash_netiface_create+0x358/0xfe0 [ 2094.716962][T26930] ? do_syscall_64+0xfa/0x3b0 [ 2094.717001][T26930] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2094.717042][T26930] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 2094.717070][T26930] ? rcu_is_watching+0x15/0xb0 [ 2094.717097][T26930] ? hash_netiface_create+0x358/0xfe0 [ 2094.717119][T26930] ? hash_netiface_create+0x358/0xfe0 [ 2094.717141][T26930] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 2094.717164][T26930] ? hash_netiface_create+0x358/0xfe0 [ 2094.717188][T26930] ? hash_netiface_create+0x2fe/0xfe0 [ 2094.717217][T26930] hash_netiface_create+0x358/0xfe0 [ 2094.717250][T26930] ? __nla_parse+0x40/0x60 [ 2094.717274][T26930] ? __pfx_hash_netiface_create+0x10/0x10 [ 2094.717300][T26930] ip_set_create+0xa94/0x1940 [ 2094.717325][T26930] ? ip_set_create+0x4a2/0x1940 [ 2094.717363][T26930] ? __pfx_ip_set_create+0x10/0x10 [ 2094.717429][T26930] nfnetlink_rcv_msg+0xb4d/0x1130 [ 2094.717456][T26930] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 2094.717502][T26930] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 2094.717524][T26930] ? kasan_save_free_info+0x46/0x50 [ 2094.717606][T26930] netlink_rcv_skb+0x205/0x470 [ 2094.717629][T26930] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 2094.717655][T26930] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2094.717689][T26930] ? bpf_lsm_capable+0x9/0x20 [ 2094.717713][T26930] ? security_capable+0x7e/0x2e0 [ 2094.717746][T26930] nfnetlink_rcv+0x26a/0x2520 [ 2094.717774][T26930] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 2094.717802][T26930] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 2094.717832][T26930] ? __dev_queue_xmit+0x27e/0x3a70 [ 2094.717853][T26930] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2094.717884][T26930] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 2094.717908][T26930] ? __pfx___dev_queue_xmit+0x10/0x10 [ 2094.717946][T26930] ? ref_tracker_free+0x63a/0x7d0 [ 2094.717967][T26930] ? __copy_skb_header+0xa7/0x550 [ 2094.717991][T26930] ? __pfx_ref_tracker_free+0x10/0x10 [ 2094.718013][T26930] ? __skb_clone+0x63/0x7a0 [ 2094.718040][T26930] ? __skb_clone+0x483/0x7a0 [ 2094.718069][T26930] ? skb_clone+0x246/0x3a0 [ 2094.718095][T26930] ? __netlink_deliver_tap+0x807/0x850 [ 2094.718114][T26930] ? netlink_deliver_tap+0x2e/0x1b0 [ 2094.718142][T26930] ? netlink_deliver_tap+0x2e/0x1b0 [ 2094.718161][T26930] ? netlink_deliver_tap+0x2e/0x1b0 [ 2094.718185][T26930] netlink_unicast+0x758/0x8d0 [ 2094.718221][T26930] netlink_sendmsg+0x805/0xb30 [ 2094.718252][T26930] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2094.718282][T26930] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2094.718302][T26930] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2094.718324][T26930] __sock_sendmsg+0x219/0x270 [ 2094.718349][T26930] ____sys_sendmsg+0x505/0x830 [ 2094.718376][T26930] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2094.718409][T26930] ? import_iovec+0x74/0xa0 [ 2094.718439][T26930] ___sys_sendmsg+0x21f/0x2a0 [ 2094.718464][T26930] ? __pfx____sys_sendmsg+0x10/0x10 [ 2094.718525][T26930] ? __fget_files+0x2a/0x420 [ 2094.718547][T26930] ? __fget_files+0x3a0/0x420 [ 2094.718582][T26930] __x64_sys_sendmsg+0x19b/0x260 [ 2094.718607][T26930] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2094.718642][T26930] ? rcu_is_watching+0x15/0xb0 [ 2094.718672][T26930] ? do_syscall_64+0xbe/0x3b0 [ 2094.718702][T26930] do_syscall_64+0xfa/0x3b0 [ 2094.718725][T26930] ? lockdep_hardirqs_on+0x9c/0x150 [ 2094.718749][T26930] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2094.718768][T26930] ? clear_bhb_loop+0x60/0xb0 [ 2094.718791][T26930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2094.718810][T26930] RIP: 0033:0x7f4da9d8e929 [ 2094.718836][T26930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2094.718853][T26930] RSP: 002b:00007f4daabb8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2094.718874][T26930] RAX: ffffffffffffffda RBX: 00007f4da9fb5fa0 RCX: 00007f4da9d8e929 [ 2094.718888][T26930] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000008 [ 2094.718900][T26930] RBP: 00007f4da9e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 2094.718912][T26930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2094.718924][T26930] R13: 0000000000000000 R14: 00007f4da9fb5fa0 R15: 00007ffc68955578 [ 2094.718957][T26930] [ 2095.319973][T26930] Mem-Info: [ 2095.323151][T26930] active_anon:260 inactive_anon:3700 isolated_anon:0 [ 2095.323151][T26930] active_file:16202 inactive_file:45056 isolated_file:0 [ 2095.323151][T26930] unevictable:768 dirty:225 writeback:0 [ 2095.323151][T26930] slab_reclaimable:12404 slab_unreclaimable:139094 [ 2095.323151][T26930] mapped:34879 shmem:1380 pagetables:1124 [ 2095.323151][T26930] sec_pagetables:0 bounce:0 [ 2095.323151][T26930] kernel_misc_reclaimable:0 [ 2095.323151][T26930] free:1224765 free_pcp:12805 free_cma:0 [ 2095.459664][T26930] Node 0 active_anon:1040kB inactive_anon:14700kB active_file:64604kB inactive_file:180224kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139076kB dirty:900kB writeback:0kB shmem:3984kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13792kB pagetables:4444kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 2095.495695][T26930] Node 1 active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 2095.528517][T26930] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2095.564388][T26930] lowmem_reserve[]: 0 2501 2503 2503 2503 [ 2095.570623][T26930] Node 0 DMA32 free:961864kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1036kB inactive_anon:14756kB active_file:62832kB inactive_file:180156kB unevictable:1536kB writepending:900kB present:3129332kB managed:2561448kB mlocked:0kB bounce:0kB free_pcp:50024kB local_pcp:17996kB free_cma:0kB [ 2095.613650][T26930] lowmem_reserve[]: 0 0 1 1 1 [ 2095.618833][T26930] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1772kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 2095.667621][T26930] lowmem_reserve[]: 0 0 0 0 0 [ 2095.673338][T26930] Node 1 Normal free:3921828kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:504kB local_pcp:0kB free_cma:0kB [ 2095.705018][T26930] lowmem_reserve[]: 0 0 0 0 0 [ 2095.710157][T26930] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2095.723549][T26930] Node 0 DMA32: 0*4kB 153*8kB (ME) 1177*16kB (ME) 705*32kB (UME) 272*64kB (ME) 185*128kB (M) 118*256kB (UM) 72*512kB (UME) 24*1024kB (UM) 10*2048kB (ME) 187*4096kB (M) = 961784kB [ 2095.741852][T26930] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 2095.756045][T26930] Node 1 Normal: 69*4kB (UME) 50*8kB (UME) 44*16kB (UME) 240*32kB (UME) 117*64kB (UME) 32*128kB (UME) 11*256kB (UME) 6*512kB (UME) 4*1024kB (UM) 4*2048kB (UME) 948*4096kB (M) = 3921828kB [ 2095.775122][T26930] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2095.792113][T26930] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2095.803686][T26930] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2095.824512][T26930] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2095.847237][T26930] 62615 total pagecache pages [ 2095.865336][T26930] 0 pages in swap cache [ 2095.881630][T26930] Free swap = 124996kB [ 2095.897141][T26970] ksmbd: Unknown IPC event: 3, ignore. [ 2095.907883][T26930] Total swap = 124996kB [ 2095.915311][T26930] 2097051 pages RAM [ 2095.924121][T26930] 0 pages HighMem/MovableOnly [ 2095.943479][T26930] 424582 pages reserved [ 2095.947731][T26930] 0 pages cma reserved [ 2099.311874][T26985] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6059'. [ 2100.154794][T11607] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 2100.348341][T11607] usb 1-1: Using ep0 maxpacket: 8 [ 2100.358641][T11607] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2100.385525][T11607] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2100.404809][T11607] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 2100.428135][T11607] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2100.449482][T11607] usb 1-1: config 0 descriptor?? [ 2101.515452][T26972] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6055'. [ 2102.495856][ T5883] usb 1-1: USB disconnect, device number 37 [ 2103.022047][T27019] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6073'. [ 2103.749857][T27033] netlink: 'syz.0.6079': attribute type 13 has an invalid length. [ 2104.124005][T27038] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6080'. [ 2105.167019][T27033] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2105.220125][T27038] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 2105.229961][T27038] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 2105.239705][T27038] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 2105.785393][T27052] lo speed is unknown, defaulting to 1000 [ 2105.803599][T27052] wg0 speed is unknown, defaulting to 1000 [ 2106.330656][T27058] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 2106.330656][T27058] program syz.0.6088 not setting count and/or reply_len properly [ 2107.052813][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 2107.052831][ T30] audit: type=1326 audit(2000001051.484:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27062 comm="syz.9.6089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0f98e929 code=0x7ffc0000 [ 2107.273167][ T30] audit: type=1326 audit(2000001051.537:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27062 comm="syz.9.6089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f3b0f98e929 code=0x7ffc0000 [ 2107.297393][ T30] audit: type=1326 audit(2000001051.548:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27064 comm="syz.9.6089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3b0f9c11e5 code=0x7ffc0000 [ 2107.357065][T27068] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6090'. [ 2107.458971][ T30] audit: type=1326 audit(2000001051.548:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27062 comm="syz.9.6089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0f98e929 code=0x7ffc0000 [ 2107.600556][ T30] audit: type=1326 audit(2000001051.623:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27062 comm="syz.9.6089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0f98e929 code=0x7ffc0000 [ 2107.747478][ T30] audit: type=1326 audit(2000001051.623:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27062 comm="syz.9.6089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7f3b0f98e929 code=0x7ffc0000 [ 2107.769146][ C0] vkms_vblank_simulate: vblank timer overrun [ 2107.776136][ T30] audit: type=1326 audit(2000001051.623:1537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27062 comm="syz.9.6089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0f98e929 code=0x7ffc0000 [ 2107.797768][ C0] vkms_vblank_simulate: vblank timer overrun [ 2107.805551][ T30] audit: type=1326 audit(2000001051.623:1538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27062 comm="syz.9.6089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0f98e929 code=0x7ffc0000 [ 2107.827206][ C0] vkms_vblank_simulate: vblank timer overrun [ 2107.837901][ T30] audit: type=1326 audit(2000001051.795:1539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27064 comm="syz.9.6089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f3b0f98e929 code=0x7ffc0000 [ 2107.859481][ C0] vkms_vblank_simulate: vblank timer overrun [ 2107.895154][ T30] audit: type=1326 audit(2000001051.795:1540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27066 comm="syz.1.6091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2107.999382][T27086] ksmbd: Unknown IPC event: 3, ignore. [ 2108.615023][T16839] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 2109.168409][T27101] sp0: Synchronizing with TNC [ 2110.677779][T27112] netlink: 68 bytes leftover after parsing attributes in process `syz.6.6105'. [ 2110.705557][T27113] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6106'. [ 2111.632405][T27130] netlink: 24 bytes leftover after parsing attributes in process `syz.9.6113'. [ 2111.644151][ T8989] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 2111.792946][ T8989] usb 1-1: Using ep0 maxpacket: 16 [ 2111.802980][ T8989] usb 1-1: config 4 has an invalid interface number: 69 but max is 0 [ 2111.814268][ T8989] usb 1-1: config 4 has no interface number 0 [ 2111.823787][ T8989] usb 1-1: config 4 interface 69 has no altsetting 0 [ 2111.859715][ T8989] usb 1-1: New USB device found, idVendor=0408, idProduct=ea42, bcdDevice=ee.49 [ 2111.877800][ T8989] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2111.904503][ T8989] usb 1-1: Product: syz [ 2111.924580][ T8989] usb 1-1: SerialNumber: syz [ 2111.957848][T27145] 9pnet_fd: Insufficient options for proto=fd [ 2112.280873][ T8989] option 1-1:4.69: GSM modem (1-port) converter detected [ 2112.374050][T27158] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6126'. [ 2112.849795][ T8989] usb 1-1: USB disconnect, device number 38 [ 2112.859133][ T8989] option 1-1:4.69: device disconnected [ 2113.199063][T27173] rdma_op ffff88806a3ea1f0 conn xmit_rdma 0000000000000000 [ 2114.411845][ T8989] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 2114.542649][ T8989] usb 2-1: device descriptor read/64, error -71 [ 2114.560672][ T5883] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 2114.750669][ T5883] usb 7-1: config 0 has an invalid interface number: 156 but max is 0 [ 2114.771784][ T8989] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 2114.847092][ T5883] usb 7-1: config 0 has no interface number 0 [ 2114.875901][ T5883] usb 7-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 2114.897318][ T8989] usb 2-1: device descriptor read/64, error -71 [ 2114.921015][ T5883] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2114.967660][ T5883] usb 7-1: config 0 descriptor?? [ 2114.997311][ T5883] gspca_main: spca561-2.14.0 probing abcd:cdee [ 2114.999422][ T8989] usb usb2-port1: attempt power cycle [ 2115.191426][T27196] batman_adv: batadv0: Adding interface: vxlan0 [ 2115.213623][T27196] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2115.284883][T27196] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active [ 2115.325341][ T8989] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 2115.354391][ T8989] usb 2-1: device descriptor read/8, error -71 [ 2115.524945][ T5883] spca561 7-1:0.156: probe with driver spca561 failed with error -22 [ 2115.550994][ T5883] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 2115.579809][ T5883] usb 7-1: MIDIStreaming interface descriptor not found [ 2115.613853][ T8989] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 2115.635421][ T8989] usb 2-1: device descriptor read/8, error -71 [ 2115.744938][ T8989] usb usb2-port1: unable to enumerate USB device [ 2115.853906][ T24] usb 7-1: USB disconnect, device number 17 [ 2117.450038][T27216] Bluetooth: hci3: command 0x0406 tx timeout [ 2117.915410][T25606] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 2119.088836][T27289] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6161'. [ 2119.128057][T27289] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6161'. [ 2119.854501][ T24] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 2120.076226][ T24] usb 2-1: no configurations [ 2120.081209][ T24] usb 2-1: can't read configurations, error -22 [ 2120.386223][ T24] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 2120.918947][ T24] usb 2-1: no configurations [ 2120.923605][ T24] usb 2-1: can't read configurations, error -22 [ 2120.963074][ T24] usb usb2-port1: attempt power cycle [ 2121.308508][ T24] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 2121.343908][T27319] syzkaller0: entered promiscuous mode [ 2121.351569][T27319] syzkaller0: entered allmulticast mode [ 2121.370734][ T24] usb 2-1: no configurations [ 2121.392851][ T24] usb 2-1: can't read configurations, error -22 [ 2121.644090][ T24] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 2121.879330][T27326] lo speed is unknown, defaulting to 1000 [ 2121.897459][T27326] wg0 speed is unknown, defaulting to 1000 [ 2122.742055][ T24] usb 2-1: device descriptor read/8, error -71 [ 2122.856509][ T24] usb usb2-port1: unable to enumerate USB device [ 2126.517770][T25606] Bluetooth: hci5: unexpected event 0x2f length: 509 > 260 [ 2127.524288][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 2127.524308][ T30] audit: type=1326 audit(2000001073.436:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27375 comm="syz.9.6192" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b0f98e929 code=0x0 [ 2127.609348][T23446] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 2128.410242][T23446] usb 1-1: no configurations [ 2128.422189][T23446] usb 1-1: can't read configurations, error -22 [ 2128.690030][T23446] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 2128.908555][T23446] usb 1-1: no configurations [ 2128.913228][T23446] usb 1-1: can't read configurations, error -22 [ 2129.074254][T23446] usb usb1-port1: attempt power cycle [ 2129.513110][T23446] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 2129.801405][T23446] usb 1-1: no configurations [ 2129.806052][T23446] usb 1-1: can't read configurations, error -22 [ 2129.940146][T23446] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 2131.946925][T27436] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2132.159439][T27436] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2132.230038][T27436] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2132.284971][T27436] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2132.363373][T27436] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2132.385067][T27436] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2132.406126][T27436] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2132.425393][T27436] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2133.260817][T23446] usb 1-1: device descriptor read/8, error -71 [ 2133.370300][T23446] usb usb1-port1: unable to enumerate USB device [ 2133.547163][ T30] audit: type=1326 audit(2000001079.885:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27463 comm="syz.0.6227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2133.623228][T27465] pimreg: entered allmulticast mode [ 2133.750278][ T30] audit: type=1326 audit(2000001079.885:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27463 comm="syz.0.6227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2133.750338][ T30] audit: type=1326 audit(2000001079.885:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27463 comm="syz.0.6227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2133.750393][ T30] audit: type=1326 audit(2000001079.885:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27463 comm="syz.0.6227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2133.750446][ T30] audit: type=1326 audit(2000001079.885:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27463 comm="syz.0.6227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2133.750496][ T30] audit: type=1326 audit(2000001079.885:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27463 comm="syz.0.6227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2133.750550][ T30] audit: type=1326 audit(2000001079.885:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27463 comm="syz.0.6227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2133.750602][ T30] audit: type=1326 audit(2000001079.885:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27463 comm="syz.0.6227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2133.750652][ T30] audit: type=1326 audit(2000001079.885:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27463 comm="syz.0.6227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2133.750705][ T30] audit: type=1326 audit(2000001079.885:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27463 comm="syz.0.6227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2133.909893][T27477] lo speed is unknown, defaulting to 1000 [ 2133.914288][T27477] wg0 speed is unknown, defaulting to 1000 [ 2135.018928][T27449] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 2135.337627][T27449] usb 10-1: config 0 has an invalid interface number: 156 but max is 1 [ 2135.346093][T27449] usb 10-1: config 0 has no interface number 1 [ 2135.352317][T27449] usb 10-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 2135.613692][T27449] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2135.794393][T27449] usb 10-1: config 0 descriptor?? [ 2135.997916][T27449] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 2136.019098][T27449] usb 10-1: MIDIStreaming interface descriptor not found [ 2136.064599][T27471] loop8: detected capacity change from 0 to 16384 [ 2136.302107][T27449] gspca_main: spca561-2.14.0 probing abcd:cdee [ 2136.573324][T27493] loop8: detected capacity change from 16384 to 16383 [ 2136.622826][T27499] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6236'. [ 2136.859102][T27505] netlink: 'syz.0.6237': attribute type 1 has an invalid length. [ 2136.939249][T27449] spca561 10-1:0.0: probe with driver spca561 failed with error -22 [ 2136.983874][T27508] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6237'. [ 2137.098790][T27508] bond1: (slave bridge1): making interface the new active one [ 2137.112081][T27508] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 2137.177260][T27449] usb 10-1: USB disconnect, device number 7 [ 2138.612404][T27538] netlink: 'syz.1.6245': attribute type 10 has an invalid length. [ 2139.162302][T25606] Bluetooth: hci5: unexpected event 0x2f length: 509 > 260 [ 2141.845906][T27577] netlink: 'syz.7.6263': attribute type 10 has an invalid length. [ 2141.944282][T27577] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 2141.988598][T27577] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6263'. [ 2145.469697][T27652] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6291'. [ 2147.834224][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 2147.834242][ T30] audit: type=1326 audit(2000001095.239:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27670 comm="syz.1.6298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2147.911108][ T30] audit: type=1326 audit(2000001095.271:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27670 comm="syz.1.6298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2147.989748][ T30] audit: type=1326 audit(2000001095.271:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27670 comm="syz.1.6298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2148.064780][ T30] audit: type=1326 audit(2000001095.271:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27670 comm="syz.1.6298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2148.184807][ T30] audit: type=1326 audit(2000001095.271:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27670 comm="syz.1.6298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2148.262670][T15204] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 2148.277370][ T30] audit: type=1326 audit(2000001095.271:1585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27670 comm="syz.1.6298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2148.499957][ T30] audit: type=1326 audit(2000001095.282:1586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27670 comm="syz.1.6298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2148.523142][ T30] audit: type=1326 audit(2000001095.282:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27670 comm="syz.1.6298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2148.545667][ T30] audit: type=1326 audit(2000001095.282:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27670 comm="syz.1.6298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2148.606431][T15204] usb 10-1: config 0 has an invalid interface number: 156 but max is 0 [ 2148.656750][T15204] usb 10-1: config 0 has no interface number 0 [ 2148.679529][ T30] audit: type=1326 audit(2000001095.282:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27670 comm="syz.1.6298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2148.857076][T15204] usb 10-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 2149.026927][T15204] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2149.191238][T15204] usb 10-1: config 0 descriptor?? [ 2149.215451][T15204] gspca_main: spca561-2.14.0 probing abcd:cdee [ 2149.710738][T15204] spca561 10-1:0.156: probe with driver spca561 failed with error -22 [ 2149.721001][T15204] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 2149.729050][T27702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6311'. [ 2149.729970][T15204] usb 10-1: MIDIStreaming interface descriptor not found [ 2149.774644][T15204] usb 10-1: USB disconnect, device number 8 [ 2150.447185][T27726] netlink: 536 bytes leftover after parsing attributes in process `syz.6.6317'. [ 2150.459730][T27726] netlink: 60 bytes leftover after parsing attributes in process `syz.6.6317'. [ 2150.495836][T27730] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6318'. [ 2150.534047][T27730] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6318'. [ 2155.489907][T27789] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6341'. [ 2155.680831][T15204] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 2155.841427][T15204] usb 1-1: config 0 has an invalid interface number: 156 but max is 0 [ 2155.850636][T15204] usb 1-1: config 0 has no interface number 0 [ 2155.856885][T15204] usb 1-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 2155.866827][T15204] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2155.881052][T15204] usb 1-1: config 0 descriptor?? [ 2155.898588][T15204] gspca_main: spca561-2.14.0 probing abcd:cdee [ 2156.393847][T15204] spca561 1-1:0.156: probe with driver spca561 failed with error -22 [ 2156.404790][T15204] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 2156.412138][T15204] usb 1-1: MIDIStreaming interface descriptor not found [ 2157.674987][T27744] lo speed is unknown, defaulting to 1000 [ 2157.715312][ T977] usb 1-1: USB disconnect, device number 43 [ 2157.726476][T27744] wg0 speed is unknown, defaulting to 1000 [ 2157.751528][T27796] 9pnet_fd: Insufficient options for proto=fd [ 2158.720795][T27813] binder: 27812:27813 ioctl c0306201 200000000040 returned -14 [ 2158.743064][T27813] binder: 27812:27813 ioctl c0306201 200000000640 returned -22 [ 2160.442975][T27853] 9pnet_fd: Insufficient options for proto=fd [ 2160.511723][T27851] 9pnet_fd: Insufficient options for proto=fd [ 2160.643186][T27860] netlink: 'syz.7.6366': attribute type 1 has an invalid length. [ 2160.663887][T27860] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6366'. [ 2161.161029][T27449] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 2161.180992][T27870] 9pnet_fd: Insufficient options for proto=fd [ 2161.378705][T27449] usb 1-1: Using ep0 maxpacket: 8 [ 2161.435964][T27449] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2161.499117][T27449] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2161.676624][T27449] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 2161.686474][T27449] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2161.712502][T27449] usb 1-1: config 0 descriptor?? [ 2161.722654][T27876] netlink: 'syz.9.6368': attribute type 10 has an invalid length. [ 2162.569370][T27884] netlink: 60 bytes leftover after parsing attributes in process `syz.6.6372'. [ 2162.603843][T27886] 9pnet_fd: Insufficient options for proto=fd [ 2162.680570][T27881] lo speed is unknown, defaulting to 1000 [ 2162.687536][T27881] wg0 speed is unknown, defaulting to 1000 [ 2163.961810][T15204] usb 1-1: USB disconnect, device number 44 [ 2164.399127][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 2164.399165][ T30] audit: type=1326 audit(2000001113.007:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27903 comm="syz.1.6381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2165.037321][ T30] audit: type=1326 audit(2000001113.007:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27903 comm="syz.1.6381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x7ffc0000 [ 2165.171327][T27216] Bluetooth: hci4: command 0x0406 tx timeout [ 2167.436166][T27947] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6392'. [ 2167.445599][T27947] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6392'. [ 2168.017022][T27952] 9pnet_fd: Insufficient options for proto=fd [ 2168.571188][T27971] netlink: 'syz.0.6401': attribute type 1 has an invalid length. [ 2168.700051][T27974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6401'. [ 2168.821993][T27449] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 2169.078526][T27449] usb 10-1: unable to read config index 0 descriptor/start: -61 [ 2169.126830][T27449] usb 10-1: can't read configurations, error -61 [ 2169.260238][T27449] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 2169.447905][T27449] usb 10-1: unable to read config index 0 descriptor/start: -61 [ 2169.455605][T27449] usb 10-1: can't read configurations, error -61 [ 2169.462622][T27449] usb usb10-port1: attempt power cycle [ 2169.787142][T27449] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 2169.907475][T27449] usb 10-1: unable to read config index 0 descriptor/start: -61 [ 2169.930654][T27449] usb 10-1: can't read configurations, error -61 [ 2170.062327][T27449] usb 10-1: new high-speed USB device number 12 using dummy_hcd [ 2170.111443][T27449] usb 10-1: unable to read config index 0 descriptor/start: -61 [ 2170.119577][T27449] usb 10-1: can't read configurations, error -61 [ 2170.126655][T27449] usb usb10-port1: unable to enumerate USB device [ 2170.357622][T27997] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6410'. [ 2173.119839][T28009] 9pnet_fd: Insufficient options for proto=fd [ 2173.250929][T28011] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2173.327716][T28015] netlink: 'syz.9.6417': attribute type 1 has an invalid length. [ 2173.385441][T28016] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6417'. [ 2174.305750][T27996] lo speed is unknown, defaulting to 1000 [ 2174.384839][T28023] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6419'. [ 2174.403511][T28023] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6419'. [ 2174.424025][T27996] wg0 speed is unknown, defaulting to 1000 [ 2175.007362][ T24] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 2175.618155][T28045] 9pnet_fd: Insufficient options for proto=fd [ 2175.627146][ T24] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 2175.654764][ T24] usb 1-1: can't read configurations, error -61 [ 2175.821641][ T24] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 2177.055621][ T24] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 2177.089683][ T24] usb 1-1: can't read configurations, error -61 [ 2177.132685][ T24] usb usb1-port1: attempt power cycle [ 2177.217051][T28063] netlink: 'syz.6.6434': attribute type 1 has an invalid length. [ 2177.230470][T28063] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6434'. [ 2177.242220][T28064] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6433'. [ 2177.257021][T28064] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6433'. [ 2177.526959][ T24] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 2177.796467][T28070] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2178.408715][ T24] usb 1-1: device descriptor read/8, error -71 [ 2178.454830][T28083] 9pnet_fd: Insufficient options for proto=fd [ 2178.770845][ T7390] Bluetooth: hci0: Frame reassembly failed (-84) [ 2179.201071][T28104] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6450'. [ 2179.240823][T28104] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6450'. [ 2179.317427][ T24] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 2179.358093][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 2179.365991][ T24] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 2179.380301][ T24] usb 1-1: config 0 has no interface number 0 [ 2179.390494][ T24] usb 1-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 51027, setting to 1024 [ 2179.440854][ T24] usb 1-1: config 0 interface 67 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024 [ 2179.456333][ T24] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 2179.465647][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2179.587118][ T24] usb 1-1: Product: syz [ 2179.600465][ T24] usb 1-1: Manufacturer: syz [ 2179.617789][ T24] usb 1-1: SerialNumber: syz [ 2179.630637][ T24] usb 1-1: config 0 descriptor?? [ 2179.643799][T28094] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2179.655761][ T24] smsc95xx v2.0.0 [ 2179.679933][ T5936] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 2179.836113][ T5936] usb 2-1: config 0 has an invalid interface number: 156 but max is 0 [ 2179.852696][ T5936] usb 2-1: config 0 has no interface number 0 [ 2179.860191][T28094] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2179.873705][ T5936] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 2179.905330][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2179.933198][ T5936] usb 2-1: config 0 descriptor?? [ 2179.952195][ T5936] gspca_main: spca561-2.14.0 probing abcd:cdee [ 2180.059996][ T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 2180.080375][ T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 2180.182534][ T5936] spca561 2-1:0.156: probe with driver spca561 failed with error -22 [ 2180.216623][ T5936] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 2180.309397][ T5936] usb 2-1: MIDIStreaming interface descriptor not found [ 2180.360481][ T5936] usb 2-1: USB disconnect, device number 36 [ 2180.483941][ T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 2180.505816][ T24] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 2180.582775][ T24] usb 1-1: USB disconnect, device number 48 [ 2180.677489][T27216] Bluetooth: hci0: command 0x1003 tx timeout [ 2180.684930][T25606] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 2180.692367][T28089] Bluetooth: hci0: Opcode 0x1003 failed: -4 [ 2180.721066][T24267] Bluetooth: hci0: Frame reassembly failed (-84) [ 2181.189450][T28141] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6464'. [ 2181.234787][T28141] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6464'. [ 2183.596387][T27449] usb 1-1: new full-speed USB device number 49 using dummy_hcd [ 2183.764227][T27449] usb 1-1: unable to get BOS descriptor or descriptor too short [ 2183.783999][T27449] usb 1-1: not running at top speed; connect to a high speed hub [ 2183.807926][T27449] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2183.829499][T28199] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2183.835727][T27449] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 2183.859722][T27449] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 2183.876612][T27449] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2183.886515][T27449] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2183.895882][T27449] usb 1-1: Product: syz [ 2183.901248][T27449] usb 1-1: Manufacturer: syz [ 2183.908463][T27449] usb 1-1: SerialNumber: syz [ 2184.128853][T27449] usb 1-1: 0:2 : does not exist [ 2184.138830][T27449] usb 1-1: 5:0: cannot get min/max values for control 2 (id 5) [ 2184.158818][T27449] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 2184.198461][T27449] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 2184.211949][T27449] usb 1-1: 5:0: cannot get min/max values for control 2 (id 5) [ 2184.227478][T27449] usb 1-1: USB disconnect, device number 49 [ 2184.704097][ T5936] usb 10-1: new high-speed USB device number 13 using dummy_hcd [ 2184.939813][T28223] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2184.998224][T28223] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2185.086680][T28223] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2185.158531][T28223] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2185.253225][T28223] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2185.274769][T28223] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2185.295706][T28223] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2185.316914][T28223] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2185.819664][ T5936] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2185.830706][ T5936] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2185.841190][ T5936] usb 10-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 2185.850501][ T5936] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2185.861087][ T5936] usb 10-1: config 0 descriptor?? [ 2186.198405][ T5936] usbhid 10-1:0.0: can't add hid device: -71 [ 2186.204871][ T5936] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 2186.217971][ T5936] usb 10-1: USB disconnect, device number 13 [ 2186.909486][T28243] netlink: 'syz.9.6503': attribute type 10 has an invalid length. [ 2190.090671][ T8989] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 2190.277197][ T8989] usb 10-1: Using ep0 maxpacket: 32 [ 2190.298877][ T8989] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2190.331049][ T8989] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2190.349266][ T8989] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 2190.359472][ T8989] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2190.383569][ T8989] usb 10-1: config 0 descriptor?? [ 2190.398794][ T8989] hub 10-1:0.0: USB hub found [ 2190.601740][ T8989] hub 10-1:0.0: config failed, can't read hub descriptor (err -22) [ 2190.833860][ T8989] hid-generic 0003:046D:C31C.000E: item fetching failed at offset 0/1 [ 2190.874180][ T8989] hid-generic 0003:046D:C31C.000E: probe with driver hid-generic failed with error -22 [ 2191.137256][ T8989] usb 10-1: USB disconnect, device number 14 [ 2192.058268][T28361] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6546'. [ 2192.104253][T28361] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6546'. [ 2192.315555][T28369] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2192.387384][T28369] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2192.577583][T28369] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2192.651409][T28369] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2192.813983][T28369] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2192.833029][T28369] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2192.851868][T28369] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2192.872388][T28369] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2195.034627][T28413] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2195.125934][T28402] lo speed is unknown, defaulting to 1000 [ 2195.162016][T28402] wg0 speed is unknown, defaulting to 1000 [ 2195.207943][ T977] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 2195.241422][T28421] 9pnet_fd: Insufficient options for proto=fd [ 2195.357556][T28424] usb usb7: usbfs: process 28424 (syz.7.6571) did not claim interface 0 before use [ 2195.363313][ T977] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2195.402194][T28424] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 2195.408825][ T977] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2195.440338][ T977] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 2195.475986][ T977] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 2195.505955][ T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2195.536712][T28415] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2196.578099][ T977] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 2196.593963][ T977] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input69 [ 2196.655099][ T977] usb 2-1: USB disconnect, device number 37 [ 2196.661172][ C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 2197.345355][T28452] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2197.420683][T28454] netlink: 'syz.7.6581': attribute type 1 has an invalid length. [ 2197.474694][T28457] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6581'. [ 2197.496625][T28456] 9pnet_fd: Insufficient options for proto=fd [ 2198.930907][T28483] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2199.082058][T28486] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2199.149940][T15204] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 2199.176580][T28486] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2199.250225][T28486] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2199.313932][T28486] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2199.327082][T15204] usb 1-1: Using ep0 maxpacket: 16 [ 2199.353167][T15204] usb 1-1: config 4 has an invalid interface number: 69 but max is 0 [ 2199.375598][T15204] usb 1-1: config 4 has no interface number 0 [ 2199.381967][T15204] usb 1-1: config 4 interface 69 has no altsetting 0 [ 2199.430195][T28486] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2199.447848][T28486] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2199.465141][T28486] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2199.482882][T28486] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2199.504678][T15204] usb 1-1: New USB device found, idVendor=0408, idProduct=ea42, bcdDevice=ee.49 [ 2199.529899][T15204] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2199.549985][T15204] usb 1-1: Product: syz [ 2199.558496][T15204] usb 1-1: Manufacturer: syz [ 2199.573869][T15204] usb 1-1: SerialNumber: syz [ 2199.934833][T15204] option 1-1:4.69: GSM modem (1-port) converter detected [ 2199.949195][T15204] usb 1-1: USB disconnect, device number 50 [ 2199.958172][T15204] option 1-1:4.69: device disconnected [ 2200.146850][T27449] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 2200.305436][T27449] usb 2-1: Using ep0 maxpacket: 16 [ 2200.320591][T27449] usb 2-1: too many endpoints for config 0 interface 0 altsetting 32: 253, using maximum allowed: 30 [ 2200.353016][T27449] usb 2-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2200.408480][T27449] usb 2-1: config 0 interface 0 altsetting 32 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 2200.451876][T27449] usb 2-1: config 0 interface 0 has no altsetting 0 [ 2200.481137][T27449] usb 2-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 2200.511161][T27449] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2200.538558][T27449] usb 2-1: config 0 descriptor?? [ 2201.059652][T28518] lo speed is unknown, defaulting to 1000 [ 2201.073233][T28518] wg0 speed is unknown, defaulting to 1000 [ 2201.818430][T27449] magicmouse 0003:05AC:0269.000F: item fetching failed at offset 3/7 [ 2201.845047][T27449] magicmouse 0003:05AC:0269.000F: magicmouse hid parse failed [ 2201.852669][T27449] magicmouse 0003:05AC:0269.000F: probe with driver magicmouse failed with error -22 [ 2201.943171][T27449] usb 2-1: USB disconnect, device number 38 [ 2202.869260][T28387] Set syz1 is full, maxelem 65536 reached [ 2203.371780][T15204] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 2203.534729][T15204] usb 2-1: Using ep0 maxpacket: 16 [ 2203.553157][T15204] usb 2-1: config 4 has an invalid interface number: 69 but max is 0 [ 2203.563051][T15204] usb 2-1: config 4 has no interface number 0 [ 2203.596462][T15204] usb 2-1: config 4 interface 69 has no altsetting 0 [ 2203.618332][T15204] usb 2-1: New USB device found, idVendor=0408, idProduct=ea42, bcdDevice=ee.49 [ 2203.637340][T15204] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2203.653040][T15204] usb 2-1: Product: syz [ 2203.657315][T15204] usb 2-1: Manufacturer: syz [ 2203.663463][T15204] usb 2-1: SerialNumber: syz [ 2203.960274][T15204] option 2-1:4.69: GSM modem (1-port) converter detected [ 2203.983698][T15204] usb 2-1: USB disconnect, device number 39 [ 2203.994028][T15204] option 2-1:4.69: device disconnected [ 2204.235172][T28574] lo speed is unknown, defaulting to 1000 [ 2204.251021][T28574] wg0 speed is unknown, defaulting to 1000 [ 2205.964041][T28588] kvm: emulating exchange as write [ 2207.522898][ T977] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 2207.670022][ T977] usb 2-1: config 0 has an invalid interface number: 156 but max is 0 [ 2207.678662][ T977] usb 2-1: config 0 has no interface number 0 [ 2207.688989][ T977] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 2207.699693][ T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2207.711186][ T977] usb 2-1: config 0 descriptor?? [ 2207.720127][ T977] gspca_main: spca561-2.14.0 probing abcd:cdee [ 2208.150411][ T977] spca561 2-1:0.156: probe with driver spca561 failed with error -22 [ 2208.160357][ T977] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 2208.168634][ T977] usb 2-1: MIDIStreaming interface descriptor not found [ 2208.204908][ T977] usb 2-1: USB disconnect, device number 40 [ 2208.402914][T28637] lo speed is unknown, defaulting to 1000 [ 2208.416917][T28637] wg0 speed is unknown, defaulting to 1000 [ 2210.494923][T28674] netlink: 'syz.1.6660': attribute type 10 has an invalid length. [ 2210.631970][T28673] 9pnet_fd: Insufficient options for proto=fd [ 2211.423008][T11607] usb 10-1: new high-speed USB device number 15 using dummy_hcd [ 2211.611160][T11607] usb 10-1: Using ep0 maxpacket: 16 [ 2211.641466][T11607] usb 10-1: config 4 has an invalid interface number: 69 but max is 0 [ 2211.686808][T11607] usb 10-1: config 4 has no interface number 0 [ 2211.704391][T11607] usb 10-1: config 4 interface 69 has no altsetting 0 [ 2211.782528][T11607] usb 10-1: New USB device found, idVendor=0408, idProduct=ea42, bcdDevice=ee.49 [ 2211.815713][T11607] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2211.862512][T11607] usb 10-1: Product: syz [ 2211.867012][T11607] usb 10-1: SerialNumber: syz [ 2212.098251][T11607] option 10-1:4.69: GSM modem (1-port) converter detected [ 2212.244419][T11607] usb 10-1: USB disconnect, device number 15 [ 2212.254474][T11607] option 10-1:4.69: device disconnected [ 2212.474137][T28706] lo speed is unknown, defaulting to 1000 [ 2212.490191][T28706] wg0 speed is unknown, defaulting to 1000 [ 2212.989494][T28705] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6676'. [ 2213.308619][T28710] 9pnet_fd: Insufficient options for proto=fd [ 2214.251451][ T977] usb 10-1: new high-speed USB device number 16 using dummy_hcd [ 2214.668610][ T977] usb 10-1: Using ep0 maxpacket: 32 [ 2214.689408][ T977] usb 10-1: config 0 has an invalid interface number: 231 but max is 0 [ 2214.707216][ T977] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2214.728521][ T977] usb 10-1: config 0 has no interface number 0 [ 2214.745889][ T977] usb 10-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 2214.765947][ T977] usb 10-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 2214.801465][ T977] usb 10-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 2214.819288][ T977] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2214.850535][ T977] usb 10-1: Product: syz [ 2214.861481][ T977] usb 10-1: Manufacturer: syz [ 2214.870474][ T977] usb 10-1: SerialNumber: syz [ 2214.878128][ T977] usb 10-1: config 0 descriptor?? [ 2214.884250][T28724] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 2214.893276][ T977] usb-storage 10-1:0.231: USB Mass Storage device detected [ 2215.471371][ T977] usb 10-1: USB disconnect, device number 16 [ 2215.657363][ T5936] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 2216.541534][ T5936] usb 2-1: Using ep0 maxpacket: 16 [ 2216.629294][ T5936] usb 2-1: config 4 has an invalid interface number: 69 but max is 0 [ 2216.646692][ T5936] usb 2-1: config 4 has no interface number 0 [ 2216.664364][ T5936] usb 2-1: config 4 interface 69 has no altsetting 0 [ 2216.692569][ T5936] usb 2-1: New USB device found, idVendor=0408, idProduct=ea42, bcdDevice=ee.49 [ 2216.709534][ T5936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2216.736926][ T5936] usb 2-1: Product: syz [ 2216.741271][ T5936] usb 2-1: SerialNumber: syz [ 2216.772762][T28779] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6699'. [ 2216.871488][T28776] lo speed is unknown, defaulting to 1000 [ 2216.890603][T28776] wg0 speed is unknown, defaulting to 1000 [ 2217.104209][ T5936] option 2-1:4.69: GSM modem (1-port) converter detected [ 2217.702493][ T5936] usb 2-1: USB disconnect, device number 41 [ 2217.793629][ T5936] option 2-1:4.69: device disconnected [ 2219.239522][T28798] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2219.519332][T28798] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2219.635521][T28798] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2219.787802][T28798] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2221.046613][T28798] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2221.067506][T28798] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2221.086400][T28798] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2221.105258][T28798] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2222.213083][T28853] 9pnet_fd: Insufficient options for proto=fd [ 2222.490181][T28859] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2222.743134][T28859] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2222.862076][T28859] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2222.992106][T28859] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2223.209592][T28859] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2223.310182][T28859] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2223.328468][T28859] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2223.349055][T28859] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2223.864356][ T30] audit: type=1326 audit(2000001176.805:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28874 comm="syz.1.6733" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fae58e929 code=0x0 [ 2224.518051][T28889] 9pnet_fd: Insufficient options for proto=fd [ 2224.848326][T28902] 9pnet_fd: Insufficient options for proto=fd [ 2225.462066][T28917] random: crng reseeded on system resumption [ 2225.736575][T28931] 9pnet_fd: Insufficient options for proto=fd [ 2225.783090][T28934] x_tables: duplicate underflow at hook 4 [ 2225.852720][T11607] usb 10-1: new high-speed USB device number 17 using dummy_hcd [ 2225.898241][T27449] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 2226.017478][T11607] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2226.034241][T11607] usb 10-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 2226.055866][T11607] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2226.064001][T27449] usb 2-1: config 0 has an invalid interface number: 156 but max is 0 [ 2226.066219][T11607] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2226.085769][T27449] usb 2-1: config 0 has no interface number 0 [ 2226.089028][T11607] usb 10-1: Product: syz [ 2226.091896][T27449] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 2226.099612][T11607] usb 10-1: Manufacturer: syz [ 2226.116146][T11607] usb 10-1: SerialNumber: syz [ 2226.130334][T27449] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2226.156593][T27449] usb 2-1: config 0 descriptor?? [ 2226.164808][T27449] gspca_main: spca561-2.14.0 probing abcd:cdee [ 2226.579746][T27449] spca561 2-1:0.156: probe with driver spca561 failed with error -22 [ 2226.594594][T27449] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 2226.601803][T27449] usb 2-1: MIDIStreaming interface descriptor not found [ 2226.625157][T27449] usb 2-1: USB disconnect, device number 42 [ 2227.724379][T11607] cdc_ncm 10-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2227.735199][T11607] cdc_ncm 10-1:1.0: dwNtbInMaxSize=256 is too small. Using 2048 [ 2227.760628][T11607] cdc_ncm 10-1:1.0: setting rx_max = 2048 [ 2227.771567][T11607] cdc_ncm 10-1:1.0: setting tx_max = 184 [ 2227.843127][T11607] cdc_ncm 10-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.9-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 2227.944468][T11607] usb 10-1: USB disconnect, device number 17 [ 2227.960603][T11607] cdc_ncm 10-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.9-1, CDC NCM (NO ZLP) [ 2228.361874][T28969] netlink: 'syz.0.6767': attribute type 10 has an invalid length. [ 2228.373267][T28969] bridge0: port 2(bridge_slave_1) entered disabled state [ 2228.381085][T28969] bridge0: port 1(bridge_slave_0) entered disabled state [ 2228.452519][T28969] bridge0: port 2(bridge_slave_1) entered blocking state [ 2228.459811][T28969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2228.467374][T28969] bridge0: port 1(bridge_slave_0) entered blocking state [ 2228.474628][T28969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2228.512798][T28969] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 2229.523029][T28993] lo speed is unknown, defaulting to 1000 [ 2229.550339][T28995] netlink: 60 bytes leftover after parsing attributes in process `syz.6.6772'. [ 2229.617560][T28993] wg0 speed is unknown, defaulting to 1000 [ 2230.944971][T29023] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6780'. [ 2230.955198][T29023] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6780'. [ 2234.666353][T29059] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2234.872506][T29069] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6796'. [ 2236.858547][T29101] tipc: Started in network mode [ 2236.897258][T29101] tipc: Node identity a24c4847ec2f, cluster identity 4711 [ 2236.948204][T29101] tipc: Enabled bearer , priority 0 [ 2237.119640][T29099] tipc: Resetting bearer [ 2237.134466][T29094] tipc: Resetting bearer [ 2237.940348][ T8989] tipc: Node number set to 1315129415 [ 2239.036788][T27216] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2239.071764][T27216] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2239.109439][T27216] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2239.169532][T27216] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2239.208678][T27216] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2241.139530][T27216] Bluetooth: hci0: command tx timeout [ 2243.079515][T27216] Bluetooth: hci0: command tx timeout [ 2243.292912][T29094] tipc: Disabling bearer [ 2243.310951][T29112] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6809'. [ 2243.342550][T29142] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2243.426655][T29142] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2243.466711][T29144] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2243.486959][T29123] lo speed is unknown, defaulting to 1000 [ 2243.494536][T29123] wg0 speed is unknown, defaulting to 1000 [ 2243.559646][T29142] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2243.915566][T11607] usb 10-1: new high-speed USB device number 18 using dummy_hcd [ 2243.968697][T29142] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2244.069333][T29155] Bluetooth: MGMT ver 1.23 [ 2244.647845][T29157] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6823'. [ 2244.726782][T11607] usb 10-1: config 0 has no interfaces? [ 2244.796258][T11607] usb 10-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 2244.805586][T11607] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2244.819415][T11607] usb 10-1: Product: syz [ 2244.824098][T11607] usb 10-1: Manufacturer: syz [ 2244.854853][T11607] usb 10-1: SerialNumber: syz [ 2244.915610][T11607] usb 10-1: config 0 descriptor?? [ 2245.024722][T29142] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2245.043662][T29142] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2245.062454][T29142] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2245.083420][T29142] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2245.149038][T27216] Bluetooth: hci0: command tx timeout [ 2245.956527][T29151] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6820'. [ 2246.687452][T29123] chnl_net:caif_netlink_parms(): no params data found [ 2247.031070][T27216] Bluetooth: hci0: command tx timeout [ 2247.229599][T29198] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6834'. [ 2247.343499][T29123] bridge0: port 1(bridge_slave_0) entered blocking state [ 2247.378712][T29123] bridge0: port 1(bridge_slave_0) entered disabled state [ 2247.407065][T29123] bridge_slave_0: entered allmulticast mode [ 2247.437308][T29123] bridge_slave_0: entered promiscuous mode [ 2247.459094][T29123] bridge0: port 2(bridge_slave_1) entered blocking state [ 2247.473971][T29123] bridge0: port 2(bridge_slave_1) entered disabled state [ 2248.441999][T29123] bridge_slave_1: entered allmulticast mode [ 2248.456466][T29123] bridge_slave_1: entered promiscuous mode [ 2248.541739][T29210] random: crng reseeded on system resumption [ 2248.887982][T27449] usb 10-1: USB disconnect, device number 18 [ 2248.901303][T29208] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2248.999779][T29208] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2249.046659][T29123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2249.077189][T29208] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2249.107410][T29123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2249.215784][T29208] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2249.272596][T29123] team0: Port device team_slave_0 added [ 2249.313816][T29208] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2249.332672][T29208] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2249.351902][T29208] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2249.408266][T29208] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2249.532249][T29123] team0: Port device team_slave_1 added [ 2249.638721][ T7390] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2249.710943][T29123] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2249.731249][T29123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2249.766497][T29123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2249.805342][ T7390] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2249.852985][T29123] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2249.859988][T29123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2249.923888][T29123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2249.938919][T29227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6845'. [ 2249.958725][ T7390] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2250.283740][ T7390] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2250.342151][T29123] hsr_slave_0: entered promiscuous mode [ 2250.369734][T29123] hsr_slave_1: entered promiscuous mode [ 2250.392072][T29123] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2250.430336][T29123] Cannot create hsr debugfs directory [ 2251.596544][T25606] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2251.648802][T25606] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2251.658203][T25606] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2251.668145][T25606] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2251.677730][T25606] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2252.565282][T24267] Bluetooth: hci2: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 2252.664908][T12179] Bluetooth: hci2: Frame reassembly failed (-84) [ 2252.788937][T15204] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 2252.836062][T29242] lo speed is unknown, defaulting to 1000 [ 2252.859339][T29242] wg0 speed is unknown, defaulting to 1000 [ 2252.867110][ T7390] bridge_slave_1: left allmulticast mode [ 2252.875369][ T7390] bridge_slave_1: left promiscuous mode [ 2252.886686][ T7390] bridge0: port 2(bridge_slave_1) entered disabled state [ 2252.906529][ T7390] bridge_slave_0: left allmulticast mode [ 2252.912960][ T7390] bridge_slave_0: left promiscuous mode [ 2252.919479][ T7390] bridge0: port 1(bridge_slave_0) entered disabled state [ 2253.062118][T15204] usb 1-1: Using ep0 maxpacket: 32 [ 2253.075964][T15204] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2253.099399][T15204] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 2253.121019][T15204] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2253.137416][T15204] usb 1-1: Product: syz [ 2253.141631][T15204] usb 1-1: Manufacturer: syz [ 2253.154948][T15204] usb 1-1: SerialNumber: syz [ 2253.199034][T15204] usb 1-1: config 0 descriptor?? [ 2253.219811][T15204] cdc_ether 1-1:0.0: probe with driver cdc_ether failed with error -22 [ 2253.235190][T15204] usb 1-1: unsupported MDLM descriptors [ 2253.459480][ T5936] usb 1-1: USB disconnect, device number 51 [ 2253.584080][ T7390] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 2253.592982][T27216] Bluetooth: hci1: command tx timeout [ 2253.866446][ T7390] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2253.877672][ T7390] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2253.891399][ T7390] bond0 (unregistering): Released all slaves [ 2254.106854][T29269] tipc: Enabling of bearer rejected, failed to enable media [ 2254.466954][T29123] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2254.486519][T25606] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 2254.655023][T29123] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2254.686155][T29284] netlink: 'syz.6.6866': attribute type 4 has an invalid length. [ 2254.720486][T29123] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2254.734002][T29285] netlink: 'syz.6.6866': attribute type 4 has an invalid length. [ 2254.803826][T29123] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2255.537998][T27216] Bluetooth: hci1: command tx timeout [ 2256.364234][T29296] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2256.561122][T29296] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2256.599003][ T7390] hsr_slave_0: left promiscuous mode [ 2256.609820][ T7390] hsr_slave_1: left promiscuous mode [ 2256.627741][ T7390] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2256.640711][ T7390] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2256.656986][T25606] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 2256.725411][ T7390] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2256.766100][ T7390] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2256.845964][ T7390] veth1_macvtap: left promiscuous mode [ 2256.858770][ T7390] veth0_macvtap: left promiscuous mode [ 2256.868391][ T7390] veth1_vlan: left promiscuous mode [ 2256.880859][ T7390] veth0_vlan: left promiscuous mode [ 2257.106031][ T7390] pimreg (unregistering): left allmulticast mode [ 2257.481703][T25606] Bluetooth: hci1: command tx timeout [ 2257.768627][ T7390] team0 (unregistering): Port device team_slave_1 removed [ 2257.831448][ T7390] team0 (unregistering): Port device team_slave_0 removed [ 2258.581518][T29296] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2258.604508][T29310] tipc: Started in network mode [ 2258.624150][T29310] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 2258.633952][T29310] tipc: Enabling of bearer rejected, failed to enable media [ 2258.709560][T29123] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 2258.755408][T29296] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2258.773999][T29123] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 2258.811812][T29123] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 2258.853838][T29123] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 2258.878067][T29242] chnl_net:caif_netlink_parms(): no params data found [ 2258.959162][ T8989] usb 10-1: new high-speed USB device number 19 using dummy_hcd [ 2259.043819][T29296] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2259.071019][T29296] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2259.089829][T29296] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2259.109875][T29296] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2259.247613][ T8989] usb 10-1: Using ep0 maxpacket: 32 [ 2259.262564][ T8989] usb 10-1: config 0 has an invalid interface number: 67 but max is 0 [ 2259.284017][ T8989] usb 10-1: config 0 has no interface number 0 [ 2259.311445][T29242] bridge0: port 1(bridge_slave_0) entered blocking state [ 2259.314291][T29333] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 2259.320937][T29242] bridge0: port 1(bridge_slave_0) entered disabled state [ 2259.341361][T29333] overlayfs: missing 'lowerdir' [ 2259.350990][ T8989] usb 10-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 2259.354465][T29242] bridge_slave_0: entered allmulticast mode [ 2259.369694][ T8989] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2259.377724][T29242] bridge_slave_0: entered promiscuous mode [ 2259.387412][T29242] bridge0: port 2(bridge_slave_1) entered blocking state [ 2259.394658][T29242] bridge0: port 2(bridge_slave_1) entered disabled state [ 2259.402421][T29242] bridge_slave_1: entered allmulticast mode [ 2259.406153][ T8989] usb 10-1: Product: syz [ 2259.410447][T29242] bridge_slave_1: entered promiscuous mode [ 2259.416626][T25606] Bluetooth: hci1: command tx timeout [ 2259.424444][ T8989] usb 10-1: Manufacturer: syz [ 2259.431039][ T8989] usb 10-1: SerialNumber: syz [ 2259.438834][ T8989] usb 10-1: config 0 descriptor?? [ 2259.446959][ T8989] smsc95xx v2.0.0 [ 2259.566210][T29242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2259.596907][T29242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2259.706007][T29242] team0: Port device team_slave_0 added [ 2259.729646][T29242] team0: Port device team_slave_1 added [ 2259.810133][T29242] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2259.824703][T29242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2259.854237][ T8989] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 2259.875510][T29242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2259.886688][ T8989] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 2259.897727][T29327] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 2259.904444][T29327] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 2259.920001][T29242] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2259.927003][T29242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2259.954913][T29242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2259.974971][T29327] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 2259.990133][T29327] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 2260.006488][T29327] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2260.030411][T29327] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 2260.038119][T29327] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2260.038222][T29123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2260.046372][T29327] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 2260.061718][T29327] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 2260.074121][T29327] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 2260.089773][T29242] hsr_slave_0: entered promiscuous mode [ 2260.092218][T29327] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 2260.097800][T29242] hsr_slave_1: entered promiscuous mode [ 2260.110072][T29242] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2260.118296][T29242] Cannot create hsr debugfs directory [ 2260.135368][T29327] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 2260.306531][T29123] 8021q: adding VLAN 0 to HW filter on device team0 [ 2260.353080][T11630] bridge0: port 1(bridge_slave_0) entered blocking state [ 2260.360303][T11630] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2260.384523][T27449] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 2260.424222][T11630] bridge0: port 2(bridge_slave_1) entered blocking state [ 2260.431432][T11630] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2260.541909][T29242] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2260.564438][T27449] usb 1-1: config 0 has an invalid interface number: 156 but max is 0 [ 2260.581113][T27449] usb 1-1: config 0 has no interface number 0 [ 2260.606092][T27449] usb 1-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 2260.627508][T27449] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2260.649489][T27449] usb 1-1: config 0 descriptor?? [ 2260.679075][T27449] gspca_main: spca561-2.14.0 probing abcd:cdee [ 2260.956538][T27449] spca561 1-1:0.156: probe with driver spca561 failed with error -22 [ 2260.979087][T27449] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 2260.995929][T27449] usb 1-1: MIDIStreaming interface descriptor not found [ 2261.032370][T27449] usb 1-1: USB disconnect, device number 52 [ 2261.094412][T29242] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2261.123985][T25606] Bluetooth: hci5: command 0x0406 tx timeout [ 2261.203952][T29242] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2261.330586][T29242] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2261.745295][T29123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2261.820929][ T8989] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000006c: -71 [ 2261.843498][T29242] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2261.858605][ T8989] smsc95xx 10-1:0.67: probe with driver smsc95xx failed with error -71 [ 2262.134833][T25606] Bluetooth: hci3: command 0x0406 tx timeout [ 2262.145192][T17054] Bluetooth: hci0: command 0x0c1a tx timeout [ 2262.152062][T27216] Bluetooth: hci1: command 0x0c1a tx timeout [ 2262.158510][T17054] Bluetooth: hci4: command 0x0406 tx timeout [ 2262.447990][ T8989] usb 10-1: USB disconnect, device number 19 [ 2262.480229][T29242] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2262.572539][T29242] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2262.614604][T29242] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2262.962437][T29242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2262.972976][T29389] netlink: 'syz.6.6890': attribute type 10 has an invalid length. [ 2263.020018][T29389] bridge0: port 2(bridge_slave_1) entered disabled state [ 2263.027801][T29389] bridge0: port 1(bridge_slave_0) entered disabled state [ 2263.047189][T29389] bridge0: port 2(bridge_slave_1) entered blocking state [ 2263.054501][T29389] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2263.061981][T29389] bridge0: port 1(bridge_slave_0) entered blocking state [ 2263.069362][T29389] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2263.131456][T29389] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 2263.178588][T29242] 8021q: adding VLAN 0 to HW filter on device team0 [ 2263.252213][T12179] bridge0: port 1(bridge_slave_0) entered blocking state [ 2263.259409][T12179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2263.271105][T12179] bridge0: port 2(bridge_slave_1) entered blocking state [ 2263.278367][T12179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2263.397739][T29123] veth0_vlan: entered promiscuous mode [ 2263.445041][T29123] veth1_vlan: entered promiscuous mode [ 2263.520321][T29377] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 2263.536241][T29377] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 2263.542399][T29377] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2263.554534][T29377] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2263.590925][T29377] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 2263.673069][T29123] veth0_macvtap: entered promiscuous mode [ 2263.744699][T29123] veth1_macvtap: entered promiscuous mode [ 2263.825911][ T8989] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 2263.881387][T29123] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2263.933146][T29123] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2263.994274][ T8989] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2264.007139][T29123] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2264.030244][ T8989] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2264.042239][T29123] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2264.051069][ T8989] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2264.076472][T29123] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2264.085800][ T8989] usb 1-1: Product: syz [ 2264.089986][ T8989] usb 1-1: Manufacturer: syz [ 2264.112874][T29123] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2264.121966][ T8989] usb 1-1: SerialNumber: syz [ 2264.349058][T29242] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2264.461130][ T7390] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2264.477062][ T7390] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2264.556741][T29242] veth0_vlan: entered promiscuous mode [ 2264.565702][ T2945] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2264.591058][T29242] veth1_vlan: entered promiscuous mode [ 2264.592634][ T2945] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2264.676254][T29242] veth0_macvtap: entered promiscuous mode [ 2264.696335][T29242] veth1_macvtap: entered promiscuous mode [ 2264.703414][T29363] Bluetooth: hci5: command 0x0406 tx timeout [ 2264.750305][T29242] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2264.785261][T29242] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2264.811013][T29242] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2264.831838][T29242] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2264.841065][T29242] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2265.016850][T29242] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2265.445763][T16839] Bluetooth: hci4: command 0x0406 tx timeout [ 2265.452126][T16839] Bluetooth: hci3: command 0x0406 tx timeout [ 2265.459027][T29363] Bluetooth: hci0: command 0x0c1a tx timeout [ 2265.520381][T29363] Bluetooth: hci1: command 0x0c1a tx timeout [ 2265.609511][ T8989] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2265.742254][ T8989] cdc_ncm 1-1:1.0: setting rx_max = 16384 [ 2265.808663][ T8989] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 2265.823191][T18441] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2265.834116][ T8989] usb 1-1: USB disconnect, device number 53 [ 2265.841814][ T8989] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 2265.853180][T18441] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2266.602186][T11607] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 2266.768800][T11607] usb 1-1: Using ep0 maxpacket: 8 [ 2266.777215][T11607] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2266.788403][T11607] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2266.798642][T11607] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 2266.808183][T11607] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2266.819993][T11607] usb 1-1: config 0 descriptor?? [ 2267.384221][T29363] Bluetooth: hci0: command 0x0c1a tx timeout [ 2267.466112][T29363] Bluetooth: hci1: command 0x0c1a tx timeout [ 2267.758824][T29432] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6904'. [ 2268.958598][T12487] usb 1-1: USB disconnect, device number 54 [ 2270.626844][T29445] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1814518830 (232258410240 ns) > initial count (2458284544 ns). Using initial count to start timer. [ 2270.779469][T12167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2270.789617][T12167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2270.804340][T29437] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6905'. [ 2270.818444][T29437] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6905'. [ 2270.893437][T29431] lo speed is unknown, defaulting to 1000 [ 2270.946123][T29431] wg0 speed is unknown, defaulting to 1000 [ 2271.040126][T29453] kvm: pic: single mode not supported [ 2271.040339][T29453] kvm: pic: level sensitive irq not supported [ 2271.280025][T11607] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 2271.616143][T11607] usb 1-1: Using ep0 maxpacket: 16 [ 2271.653942][T11607] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2271.664544][ T8989] usb 3-1: new low-speed USB device number 44 using dummy_hcd [ 2271.879535][T11607] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 2272.051564][ T8989] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 2272.188790][ T8989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2272.208259][T11607] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2272.248213][T11607] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2272.260429][ T8989] usb 3-1: config 0 descriptor?? [ 2272.317941][T11607] usb 1-1: Product: syz [ 2272.320125][T29474] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1814518830 (232258410240 ns) > initial count (2458284544 ns). Using initial count to start timer. [ 2272.322173][T11607] usb 1-1: Manufacturer: syz [ 2272.536820][T11607] usb 1-1: SerialNumber: syz [ 2272.879049][T11607] usb 1-1: 0:2 : does not exist [ 2272.912637][T11607] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 2273.155177][T11607] usb 1-1: USB disconnect, device number 55 [ 2274.251254][ T8989] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 2274.269537][ T8989] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 2274.294990][ T8989] asix 3-1:0.0: probe with driver asix failed with error -71 [ 2274.888507][ T8989] usb 3-1: USB disconnect, device number 44 [ 2275.097501][T29519] 9pnet_fd: Insufficient options for proto=fd [ 2275.337067][ T977] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 2275.492677][ T977] usb 1-1: Using ep0 maxpacket: 32 [ 2275.512868][ T977] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 2275.521097][ T977] usb 1-1: config 0 has no interface number 0 [ 2275.540841][ T977] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 2275.558091][ T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2275.575072][ T977] usb 1-1: Product: syz [ 2275.581391][ T977] usb 1-1: Manufacturer: syz [ 2275.590590][ T977] usb 1-1: SerialNumber: syz [ 2275.597545][ T977] usb 1-1: config 0 descriptor?? [ 2275.614735][ T977] smsc95xx v2.0.0 [ 2276.007785][T29553] netlink: 68 bytes leftover after parsing attributes in process `syz.9.6941'. [ 2276.518566][ T977] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 2276.649930][ T977] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 2276.733815][T29363] Bluetooth: hci5: unexpected event for opcode 0x0403 [ 2276.755031][T29563] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6946'. [ 2276.808111][T29566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6946'. [ 2277.137865][T29578] rdma_rxe: rxe_newlink: failed to add bond0 [ 2277.143104][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2277.156017][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2277.164834][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2277.324005][T29585] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2277.600477][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2277.698812][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2277.787533][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2277.858465][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2278.001328][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2278.008827][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2278.051442][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2278.078054][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2278.099166][T29589] bridge0: port 3(syz_tun) entered blocking state [ 2278.106877][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2278.125088][T29589] bridge0: port 3(syz_tun) entered disabled state [ 2278.138643][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2278.159071][T29589] syz_tun: entered allmulticast mode [ 2278.167333][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2278.204388][T27449] hid-generic 00A0:4006:0008.0010: unknown main item tag 0x0 [ 2278.215162][T29589] syz_tun: entered promiscuous mode [ 2278.221657][T29589] bridge0: port 3(syz_tun) entered blocking state [ 2278.228855][T29589] bridge0: port 3(syz_tun) entered forwarding state [ 2278.276538][T27449] hid-generic 00A0:4006:0008.0010: hidraw0: HID v0.05 Device [syz1] on syz0 [ 2278.314268][T29585] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2278.845828][T29598] netlink: 68 bytes leftover after parsing attributes in process `syz.2.6956'. [ 2279.522354][T29585] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2279.542048][T29601] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2279.612683][ T977] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 2279.650553][T29585] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2279.668061][ T977] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 2279.680980][ T977] usb 1-1: USB disconnect, device number 56 [ 2279.697604][T29602] wlan1: associating to AP 50:50:50:50:50:50 with corrupt beacon [ 2279.733142][T29602] wlan1: No basic rates, using min rate instead [ 2279.815581][T29585] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2279.828217][T12169] wlan1: associate with 50:50:50:50:50:50 (try 1/3) [ 2279.838403][T29585] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2279.861443][T12169] wlan1: associate with 50:50:50:50:50:50 (try 2/3) [ 2279.863195][T29585] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2279.883517][T12169] wlan1: associate with 50:50:50:50:50:50 (try 3/3) [ 2279.887885][T29585] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2279.917366][T12169] wlan1: association with 50:50:50:50:50:50 timed out [ 2281.339381][T29625] netlink: 'syz.2.6966': attribute type 10 has an invalid length. [ 2281.348530][T29625] bridge0: port 3(syz_tun) entered disabled state [ 2281.355190][T29625] bridge0: port 2(bridge_slave_1) entered disabled state [ 2281.362941][T29625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2281.713864][T29638] netlink: 68 bytes leftover after parsing attributes in process `syz.0.6968'. [ 2282.332722][T29625] bridge0: port 3(syz_tun) entered blocking state [ 2282.339404][T29625] bridge0: port 3(syz_tun) entered forwarding state [ 2282.346220][T29625] bridge0: port 2(bridge_slave_1) entered blocking state [ 2282.353348][T29625] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2282.360708][T29625] bridge0: port 1(bridge_slave_0) entered blocking state [ 2282.367877][T29625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2282.503876][T29625] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 2283.641933][T29656] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6975'. [ 2283.652372][T29656] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6975'. [ 2285.506370][T29688] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6988'. [ 2285.564412][T29697] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6988'. [ 2287.371621][T29719] netlink: 'syz.7.6995': attribute type 10 has an invalid length. [ 2291.121761][T29719] bridge0: port 2(bridge_slave_1) entered disabled state [ 2291.129592][T29719] bridge0: port 1(bridge_slave_0) entered disabled state [ 2291.156322][T29719] bridge0: port 2(bridge_slave_1) entered blocking state [ 2291.163574][T29719] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2291.171171][T29719] bridge0: port 1(bridge_slave_0) entered blocking state [ 2291.178365][T29719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2291.236868][T29719] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 2291.375414][ T30] audit: type=1326 audit(2000001249.226:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29743 comm="syz.0.7004" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x0 [ 2292.065185][ T8989] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 2292.422714][T29764] netlink: 'syz.7.7011': attribute type 10 has an invalid length. [ 2292.437282][T29764] syz_tun: entered promiscuous mode [ 2292.455939][ T8989] usb 3-1: config 0 has an invalid interface number: 156 but max is 0 [ 2292.471182][ T8989] usb 3-1: config 0 has no interface number 0 [ 2292.487718][ T8989] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 2292.531454][T29764] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 2292.559018][ T8989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2292.765355][ T8989] usb 3-1: config 0 descriptor?? [ 2292.784358][ T8989] gspca_main: spca561-2.14.0 probing abcd:cdee [ 2292.847388][T29776] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7015'. [ 2293.191991][ T8989] spca561 3-1:0.156: probe with driver spca561 failed with error -22 [ 2293.201350][ T8989] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 2293.208967][ T8989] usb 3-1: MIDIStreaming interface descriptor not found [ 2293.259129][ T8989] usb 3-1: USB disconnect, device number 45 [ 2293.357313][T29363] Bluetooth: hci0: command 0x0c1a tx timeout [ 2294.053743][T29791] 9pnet_fd: Insufficient options for proto=fd [ 2295.148894][T29808] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2295.330104][T29810] pim6reg1: entered promiscuous mode [ 2295.335445][T29810] pim6reg1: entered allmulticast mode [ 2296.330974][T29826] netlink: 96 bytes leftover after parsing attributes in process `syz.6.7033'. [ 2296.501552][T12487] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 2296.526290][T29831] netlink: 28 bytes leftover after parsing attributes in process `syz.6.7035'. [ 2296.536217][T29831] netlink: 28 bytes leftover after parsing attributes in process `syz.6.7035'. [ 2296.779059][T12487] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2296.909074][T12487] usb 3-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 2296.995534][T12487] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2297.013303][T12487] usb 3-1: config 0 descriptor?? [ 2298.161142][T12487] usb 3-1: USB disconnect, device number 46 [ 2298.532852][T29851] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2298.664272][T27449] usb 10-1: new high-speed USB device number 20 using dummy_hcd [ 2298.759167][T29853] 9pnet_fd: Insufficient options for proto=fd [ 2299.136918][T27449] usb 10-1: unable to get BOS descriptor or descriptor too short [ 2299.151681][T27449] usb 10-1: unable to read config index 0 descriptor/start: -71 [ 2299.162002][T27449] usb 10-1: can't read configurations, error -71 [ 2299.220363][T29862] netlink: 96 bytes leftover after parsing attributes in process `syz.2.7045'. [ 2299.506350][T29873] netlink: 188 bytes leftover after parsing attributes in process `syz.6.7050'. [ 2300.903354][T29886] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2301.122409][T29886] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2302.588955][T29914] syz.0.7063: attempt to access beyond end of device [ 2302.588955][T29914] loop0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 2302.606733][T29914] efs: cannot read volume header [ 2304.431276][T29363] Bluetooth: hci5: unexpected event for opcode 0x0403 [ 2304.519224][T29927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7068'. [ 2305.649979][T29952] syz.7.7074(29952): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 2306.817342][T29363] Bluetooth: hci0: unexpected event for opcode 0x0403 [ 2307.093309][T29975] netlink: 36 bytes leftover after parsing attributes in process `syz.6.7084'. [ 2307.107332][T12176] bond0: (slave bond_slave_0): interface is now down [ 2307.115638][T12176] bond0: (slave bond_slave_1): interface is now down [ 2307.147139][T29975] netlink: 'syz.6.7084': attribute type 10 has an invalid length. [ 2307.161911][T12176] bond0: (slave bridge0): interface is now down [ 2307.188580][T29975] syz_tun: entered promiscuous mode [ 2307.211175][ T7390] bond0: (slave bond_slave_0): interface is now down [ 2307.217916][ T7390] bond0: (slave bond_slave_1): interface is now down [ 2307.219552][T29975] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 2307.265965][ T7390] bond0: (slave bridge0): interface is now down [ 2307.272862][ T7390] bond0: (slave syz_tun): interface is now down [ 2307.311091][ T7390] bond0: now running without any active interface! [ 2307.404254][T29983] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7086'. [ 2308.439604][T29993] netlink: 'syz.7.7090': attribute type 1 has an invalid length. [ 2308.545204][T29995] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7090'. [ 2308.647029][T29995] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 2308.712613][T29999] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7092'. [ 2309.587943][T29363] Bluetooth: hci5: unexpected event for opcode 0x201c [ 2309.712054][T16839] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 2309.751625][T30017] input: syz1 as /devices/virtual/input/input71 [ 2309.767839][T30019] netlink: 96 bytes leftover after parsing attributes in process `syz.7.7098'. [ 2309.785251][T24267] bond0: (slave bond_slave_0): interface is now down [ 2309.800421][T24267] bond0: (slave bond_slave_1): interface is now down [ 2309.809512][T24267] bond0: (slave bridge0): interface is now down [ 2309.824627][T24267] bond0: now running without any active interface! [ 2310.196497][T30038] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7107'. [ 2311.122305][T30054] netlink: 96 bytes leftover after parsing attributes in process `syz.7.7114'. [ 2311.647758][T12487] IPVS: starting estimator thread 0... [ 2311.702746][ C1] hrtimer: interrupt took 54521 ns [ 2312.085357][T30064] IPVS: using max 25 ests per chain, 60000 per kthread [ 2312.238719][T29363] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 2312.246859][T29363] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 2313.345541][T30093] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_macvtap, syncid = 4, id = 0 [ 2314.677131][T30107] netlink: 96 bytes leftover after parsing attributes in process `syz.7.7131'. [ 2314.983052][T29363] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 2314.994688][T29363] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 2316.680275][T30141] input: syz0 as /devices/virtual/input/input72 [ 2316.709532][T29363] Bluetooth: hci5: unexpected event for opcode 0x0c03 [ 2317.718812][T30148] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2317.917690][T29363] Bluetooth: hci5: ACL packet for unknown connection handle 200 [ 2317.925558][T29363] Bluetooth: hci5: ACL packet for unknown connection handle 200 [ 2318.396656][T30162] lo speed is unknown, defaulting to 1000 [ 2318.412225][T30162] wg0 speed is unknown, defaulting to 1000 [ 2319.151867][ T8989] usb 10-1: new high-speed USB device number 22 using dummy_hcd [ 2319.495723][ T8989] usb 10-1: Using ep0 maxpacket: 8 [ 2319.502616][ T8989] usb 10-1: config 179 has an invalid interface number: 65 but max is 0 [ 2319.512452][ T8989] usb 10-1: config 179 has no interface number 0 [ 2319.519912][ T8989] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 2319.531959][ T8989] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 2319.543903][ T8989] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 2319.560932][ T8989] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 2319.609752][ T8989] usb 10-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 2319.673090][ T8989] usb 10-1: config 179 interface 65 has no altsetting 0 [ 2319.688290][ T8989] usb 10-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 2319.775277][ T8989] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2319.812302][ T8989] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:179.65/input/input73 [ 2320.036397][T29363] Bluetooth: hci5: command 0x0406 tx timeout [ 2320.042714][T29415] Bluetooth: hci5: Opcode 0x0c1a failed: -110 [ 2320.278625][T29415] Bluetooth: hci5: Error when powering off device on rfkill (-110) [ 2321.682403][T30187] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2322.091394][T30187] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2322.201007][T29363] Bluetooth: hci3: command 0x0406 tx timeout [ 2322.490546][T29639] usb 10-1: USB disconnect, device number 22 [ 2322.490582][ C0] xpad 10-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 2322.509172][T29639] xpad 10-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 2322.736114][T30187] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2323.112022][T29415] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 2323.129878][T29415] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 2323.829292][ T30] audit: type=1326 audit(2000001284.020:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30197 comm="syz.0.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2324.181597][ T30] audit: type=1326 audit(2000001284.020:1598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30197 comm="syz.0.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2324.203296][ C1] vkms_vblank_simulate: vblank timer overrun [ 2324.250985][ T30] audit: type=1326 audit(2000001284.020:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30197 comm="syz.0.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2324.276778][T30187] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2324.326968][ T30] audit: type=1326 audit(2000001284.020:1600): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=30197 comm="syz.0.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2324.373154][ T30] audit: type=1326 audit(2000001284.020:1601): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=30197 comm="syz.0.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2324.420041][ T30] audit: type=1326 audit(2000001284.020:1602): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=30197 comm="syz.0.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2324.485087][ T30] audit: type=1326 audit(2000001284.031:1603): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=30197 comm="syz.0.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2324.511913][ T30] audit: type=1326 audit(2000001284.031:1604): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=30197 comm="syz.0.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2324.537818][ T30] audit: type=1326 audit(2000001284.031:1605): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=30197 comm="syz.0.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2324.560678][ T30] audit: type=1326 audit(2000001284.031:1606): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=30197 comm="syz.0.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f4da9d8e929 code=0x7ffc0000 [ 2324.599635][T30202] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 2324.619469][T30202] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 2324.638911][T30202] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 2324.727231][T11607] usb 10-1: new high-speed USB device number 23 using dummy_hcd [ 2324.727551][T30187] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2324.769029][T30187] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2324.788560][T30187] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2324.805713][T30187] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2325.022173][T11607] usb 10-1: Using ep0 maxpacket: 32 [ 2325.081123][T11607] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2325.112810][T11607] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 2325.162524][T11607] usb 10-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83 [ 2325.284059][T11607] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2325.390484][T11607] usb 10-1: Product: syz [ 2325.452775][T11607] usb 10-1: Manufacturer: syz [ 2325.523061][T11607] usb 10-1: SerialNumber: syz [ 2325.635158][T11607] usb 10-1: config 0 descriptor?? [ 2325.904823][T11607] snd-usb-6fire 10-1:0.0: unable to receive device firmware state. [ 2325.927182][T11607] snd-usb-6fire 10-1:0.0: probe with driver snd-usb-6fire failed with error -32 [ 2326.608948][T29363] Bluetooth: hci4: command 0x0406 tx timeout [ 2326.617286][T29415] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 2326.638961][T29415] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 2326.653377][T11607] usb 10-1: USB disconnect, device number 23 [ 2326.765454][T30235] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2328.958788][T29415] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 2328.972603][T29415] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 2328.992626][T29363] Bluetooth: hci1: command 0x0c1a tx timeout [ 2331.518828][ C1] sched: DL replenish lagged too much [ 2425.926490][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 2425.933506][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P30244/1:b..l [ 2425.942145][ C1] rcu: (detected by 1, t=10503 jiffies, g=150825, q=286268 ncpus=2) [ 2425.950235][ C1] task:syz.0.7178 state:R running task stack:27432 pid:30244 tgid:30239 ppid:26303 task_flags:0x400040 flags:0x00004006 [ 2425.965301][ C1] Call Trace: [ 2425.968615][ C1] [ 2425.971573][ C1] __schedule+0x16a2/0x4cb0 [ 2425.976123][ C1] ? preempt_schedule_irq+0xb5/0x150 [ 2425.981435][ C1] ? __pfx___schedule+0x10/0x10 [ 2425.986320][ C1] ? __lock_acquire+0xab9/0xd20 [ 2425.991196][ C1] ? preempt_schedule_irq+0xaa/0x150 [ 2425.996513][ C1] preempt_schedule_irq+0xb5/0x150 [ 2426.001642][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 2426.007385][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 2426.013217][ C1] irqentry_exit+0x6f/0x90 [ 2426.017649][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2426.023638][ C1] RIP: 0010:lock_acquire+0xcd/0x360 [ 2426.028855][ C1] Code: 0f 85 eb 00 00 00 65 48 8b 04 25 08 c0 99 92 83 b8 ec 0a 00 00 00 0f 85 d5 00 00 00 48 c7 44 24 30 00 00 00 00 9c 8f 44 24 30 <4c> 89 74 24 10 4d 89 fe 4c 8b 7c 24 30 fa 48 c7 c7 5e 20 98 8d e8 [ 2426.048491][ C1] RSP: 0018:ffffc9000b4b7298 EFLAGS: 00000246 [ 2426.054582][ C1] RAX: ffff888060a15a00 RBX: 0000000000000000 RCX: a684f308d7e2ba00 [ 2426.062572][ C1] RDX: 0000000000000000 RSI: ffffffff81728b12 RDI: 1ffffffff1c27dc4 [ 2426.070557][ C1] RBP: ffffffff81728af5 R08: 0000000000000000 R09: 0000000000000000 [ 2426.078541][ C1] R10: ffffc9000b4b7458 R11: ffffffff81ace5d0 R12: 0000000000000002 [ 2426.086528][ C1] R13: ffffffff8e13ee20 R14: 0000000000000000 R15: 0000000000000000 [ 2426.094522][ C1] ? unwind_next_frame+0xa5/0x2390 [ 2426.099654][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2426.105824][ C1] ? unwind_next_frame+0xc2/0x2390 [ 2426.110970][ C1] ? unwind_next_frame+0xa5/0x2390 [ 2426.116099][ C1] ? __x64_sys_sendmsg+0x19b/0x260 [ 2426.121230][ C1] ? unwind_next_frame+0xa5/0x2390 [ 2426.126360][ C1] unwind_next_frame+0xc2/0x2390 [ 2426.131310][ C1] ? unwind_next_frame+0xa5/0x2390 [ 2426.136448][ C1] ? unwind_next_frame+0xa5/0x2390 [ 2426.141580][ C1] ? ___sys_sendmsg+0x21f/0x2a0 [ 2426.146460][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2426.152627][ C1] arch_stack_walk+0x11c/0x150 [ 2426.157414][ C1] ? __x64_sys_sendmsg+0x19b/0x260 [ 2426.162551][ C1] stack_trace_save+0x9c/0xe0 [ 2426.167241][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 2426.172622][ C1] ? kasan_save_free_info+0x46/0x50 [ 2426.177839][ C1] ? consume_skb+0x9e/0xf0 [ 2426.182264][ C1] ? unix_dgram_sendmsg+0x604/0x1870 [ 2426.187572][ C1] ? __sock_sendmsg+0x219/0x270 [ 2426.192462][ C1] ? __lock_acquire+0xab9/0xd20 [ 2426.197337][ C1] kasan_save_track+0x3e/0x80 [ 2426.202028][ C1] ? kasan_save_track+0x3e/0x80 [ 2426.206892][ C1] ? kasan_save_free_info+0x46/0x50 [ 2426.212107][ C1] ? __kasan_slab_free+0x62/0x70 [ 2426.217059][ C1] ? kmem_cache_free+0x18f/0x400 [ 2426.222008][ C1] ? unix_dgram_sendmsg+0x604/0x1870 [ 2426.227304][ C1] ? __sock_sendmsg+0x219/0x270 [ 2426.232187][ C1] ? ____sys_sendmsg+0x505/0x830 [ 2426.237156][ C1] ? ___sys_sendmsg+0x21f/0x2a0 [ 2426.242031][ C1] ? __x64_sys_sendmsg+0x19b/0x260 [ 2426.247223][ C1] ? unix_dgram_sendmsg+0x604/0x1870 [ 2426.252526][ C1] kasan_save_free_info+0x46/0x50 [ 2426.257573][ C1] __kasan_slab_free+0x62/0x70 [ 2426.262352][ C1] kmem_cache_free+0x18f/0x400 [ 2426.267135][ C1] unix_dgram_sendmsg+0x604/0x1870 [ 2426.272282][ C1] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 2426.278040][ C1] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 2426.283620][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2426.288927][ C1] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 2426.294497][ C1] __sock_sendmsg+0x219/0x270 [ 2426.299202][ C1] ____sys_sendmsg+0x505/0x830 [ 2426.303993][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2426.309318][ C1] ? import_iovec+0x74/0xa0 [ 2426.313859][ C1] ___sys_sendmsg+0x21f/0x2a0 [ 2426.318560][ C1] ? __pfx____sys_sendmsg+0x10/0x10 [ 2426.323815][ C1] ? __fget_files+0x2a/0x420 [ 2426.328425][ C1] ? __fget_files+0x3a0/0x420 [ 2426.333222][ C1] __x64_sys_sendmsg+0x19b/0x260 [ 2426.338174][ C1] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2426.343659][ C1] ? do_user_addr_fault+0xc8a/0x1390 [ 2426.348961][ C1] ? do_syscall_64+0xbe/0x3b0 [ 2426.353660][ C1] do_syscall_64+0xfa/0x3b0 [ 2426.358184][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 2426.363400][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2426.369480][ C1] ? clear_bhb_loop+0x60/0xb0 [ 2426.374172][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2426.380074][ C1] RIP: 0033:0x7f4da9d8e929 [ 2426.384503][ C1] RSP: 002b:00007f4daab76038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2426.392937][ C1] RAX: ffffffffffffffda RBX: 00007f4da9fb6160 RCX: 00007f4da9d8e929 [ 2426.400920][ C1] RDX: 0000000000004000 RSI: 0000200000000700 RDI: 0000000000000006 [ 2426.408902][ C1] RBP: 00007f4da9e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 2426.416885][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2426.424866][ C1] R13: 0000000000000001 R14: 00007f4da9fb6160 R15: 00007ffc68955578 [ 2426.432872][ C1] [ 2426.435899][ C1] rcu: rcu_preempt kthread starved for 286 jiffies! g150825 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 2426.447013][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 2426.456991][ C1] rcu: RCU grace-period kthread stack dump: [ 2426.462883][ C1] task:rcu_preempt state:R running task stack:26904 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 2426.476394][ C1] Call Trace: [ 2426.479685][ C1] [ 2426.482630][ C1] __schedule+0x16a2/0x4cb0 [ 2426.487160][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 2426.492375][ C1] ? schedule+0x165/0x360 [ 2426.496725][ C1] ? __lock_acquire+0xab9/0xd20 [ 2426.501589][ C1] ? __pfx___schedule+0x10/0x10 [ 2426.506469][ C1] ? schedule+0x91/0x360 [ 2426.510730][ C1] schedule+0x165/0x360 [ 2426.514901][ C1] schedule_timeout+0x12b/0x270 [ 2426.519763][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 2426.525143][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 2426.531054][ C1] ? __pfx_process_timeout+0x10/0x10 [ 2426.536366][ C1] ? prepare_to_swait_event+0x341/0x380 [ 2426.541939][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 2426.546820][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 2426.552990][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 2426.558286][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 2426.563509][ C1] ? finish_swait+0xcd/0x1f0 [ 2426.568115][ C1] rcu_gp_kthread+0x99/0x390 [ 2426.572729][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 2426.577943][ C1] ? __kthread_parkme+0x7b/0x200 [ 2426.582902][ C1] ? __kthread_parkme+0x1a1/0x200 [ 2426.587951][ C1] kthread+0x711/0x8a0 [ 2426.592056][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 2426.597266][ C1] ? __pfx_kthread+0x10/0x10 [ 2426.601869][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 2426.607079][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 2426.612292][ C1] ? __pfx_kthread+0x10/0x10 [ 2426.616895][ C1] ret_from_fork+0x3fc/0x770 [ 2426.621501][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 2426.626634][ C1] ? __switch_to_asm+0x39/0x70 [ 2426.631407][ C1] ? __switch_to_asm+0x33/0x70 [ 2426.636175][ C1] ? __pfx_kthread+0x10/0x10 [ 2426.640776][ C1] ret_from_fork_asm+0x1a/0x30 [ 2426.645574][ C1] [ 2426.648598][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 2426.654941][ C1] Sending NMI from CPU 1 to CPUs 0: [ 2426.660182][ C0] NMI backtrace for cpu 0 [ 2426.660196][ C0] CPU: 0 UID: 0 PID: 11630 Comm: kworker/u8:5 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 2426.660214][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2426.660225][ C0] Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker [ 2426.660249][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 [ 2426.660267][ C0] Code: 89 fb e8 23 00 00 00 48 8b 3d a4 e6 f8 0b 48 89 de 5b e9 13 91 56 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 c0 99 92 65 8b 15 88 72 [ 2426.660279][ C0] RSP: 0018:ffffc90000006b18 EFLAGS: 00000297 [ 2426.660292][ C0] RAX: ffffffff894722c8 RBX: ffff88816556c150 RCX: ffff88802922bc00 [ 2426.660303][ C0] RDX: 0000000000000100 RSI: 0000000000000132 RDI: 0000000000010000 [ 2426.660313][ C0] RBP: ffffc90000006e30 R08: 0aaaaaaaaaaa0000 R09: dd860aaaaaaaaaaa [ 2426.660323][ C0] R10: 0aaaaaaaaaaa0000 R11: dd860aaaaaaaaaaa R12: 1ffff1102caad82a [ 2426.660335][ C0] R13: ffff88816556c140 R14: 0000000000000132 R15: dffffc0000000000 [ 2426.660345][ C0] FS: 0000000000000000(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000 [ 2426.660358][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2426.660369][ C0] CR2: 00005555900095c8 CR3: 0000000078e32000 CR4: 00000000003526f0 [ 2426.660382][ C0] Call Trace: [ 2426.660388][ C0] [ 2426.660394][ C0] __dev_queue_xmit+0x16a/0x3a70 [ 2426.660416][ C0] ? __lock_acquire+0xab9/0xd20 [ 2426.660438][ C0] ? synproxy_pernet+0x23/0x240 [ 2426.660460][ C0] ? synproxy_pernet+0x23/0x240 [ 2426.660475][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 2426.660492][ C0] ? __asan_memset+0x22/0x50 [ 2426.660506][ C0] ? ipv6_synproxy_hook+0x297/0xda0 [ 2426.660526][ C0] ? __lock_acquire+0xab9/0xd20 [ 2426.660546][ C0] ? ip6_finish_output+0x234/0x7d0 [ 2426.660562][ C0] ? ip6_finish_output+0x234/0x7d0 [ 2426.660580][ C0] ? ip6_finish_output2+0xf99/0x16a0 [ 2426.660600][ C0] ip6_finish_output2+0x11bc/0x16a0 [ 2426.660619][ C0] ? ip6_finish_output2+0x701/0x16a0 [ 2426.660639][ C0] ? __pfx_ip6_finish_output2+0x10/0x10 [ 2426.660656][ C0] ? ip6_mtu+0x7d/0x3f0 [ 2426.660672][ C0] ? ip6_mtu+0x7d/0x3f0 [ 2426.660688][ C0] ip6_finish_output+0x234/0x7d0 [ 2426.660705][ C0] synproxy_send_tcp_ipv6+0x4c1/0x680 [ 2426.660724][ C0] ? __pfx_synproxy_send_tcp_ipv6+0x10/0x10 [ 2426.660747][ C0] ? __build_skb_around+0x257/0x3e0 [ 2426.660764][ C0] ? synproxy_send_client_synack_ipv6+0x34f/0xca0 [ 2426.660778][ C0] ? skb_put+0x11b/0x210 [ 2426.660794][ C0] synproxy_send_client_synack_ipv6+0x80e/0xca0 [ 2426.660818][ C0] ? __pfx_synproxy_send_client_synack_ipv6+0x10/0x10 [ 2426.660834][ C0] ? nft_tproxy_eval+0x594/0x1c00 [ 2426.660850][ C0] ? synproxy_pernet+0x45/0x270 [ 2426.660870][ C0] nft_synproxy_eval_v6+0x36e/0x560 [ 2426.660891][ C0] ? __pfx_nft_synproxy_eval_v6+0x10/0x10 [ 2426.660909][ C0] ? nf_ip_checksum+0x13c/0x510 [ 2426.660929][ C0] nft_synproxy_do_eval+0x3d7/0x570 [ 2426.660949][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 2426.660967][ C0] ? __local_bh_enable_ip+0x12d/0x1c0 [ 2426.660992][ C0] nft_do_chain+0x409/0x1920 [ 2426.661011][ C0] ? ip6t_do_table+0x1376/0x1550 [ 2426.661029][ C0] ? nf_nat_inet_fn+0x924/0xba0 [ 2426.661048][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 2426.661062][ C0] ? ipv6_find_hdr+0xc78/0x1050 [ 2426.661094][ C0] ? nf_nat_ipv6_fn+0x21d/0x2d0 [ 2426.661114][ C0] ? __pfx_nf_nat_ipv6_fn+0x10/0x10 [ 2426.661136][ C0] nft_do_chain_inet+0x25d/0x340 [ 2426.661160][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 2426.661175][ C0] ? nf_nat_ipv6_local_in+0x14f/0x650 [ 2426.661196][ C0] ? __pfx_nf_nat_ipv6_local_in+0x10/0x10 [ 2426.661217][ C0] ? NF_HOOK+0x9a/0x3a0 [ 2426.661233][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 2426.661250][ C0] nf_hook_slow+0xc5/0x220 [ 2426.661268][ C0] NF_HOOK+0x206/0x3a0 [ 2426.661284][ C0] ? __pfx_ip6_input_finish+0x10/0x10 [ 2426.661300][ C0] ? NF_HOOK+0x9a/0x3a0 [ 2426.661315][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 2426.661333][ C0] ? __pfx_ip6_input_finish+0x10/0x10 [ 2426.661356][ C0] ip6_input+0x16a/0x270 [ 2426.661371][ C0] ? ip6_input+0x23/0x270 [ 2426.661389][ C0] NF_HOOK+0x309/0x3a0 [ 2426.661404][ C0] ? skb_orphan+0xaf/0xd0 [ 2426.661420][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 2426.661436][ C0] ? NF_HOOK+0x9a/0x3a0 [ 2426.661451][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 2426.661468][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 2426.661490][ C0] __netif_receive_skb+0xd3/0x380 [ 2426.661512][ C0] ? process_backlog+0x2d5/0x14f0 [ 2426.661527][ C0] process_backlog+0x60e/0x14f0 [ 2426.661539][ C0] ? __lock_acquire+0xab9/0xd20 [ 2426.661563][ C0] ? __pfx_process_backlog+0x10/0x10 [ 2426.661582][ C0] __napi_poll+0xc4/0x480 [ 2426.661599][ C0] ? net_rx_action+0x46d/0xe30 [ 2426.661614][ C0] net_rx_action+0x707/0xe30 [ 2426.661626][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 2426.661654][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 2426.661688][ C0] handle_softirqs+0x283/0x870 [ 2426.661708][ C0] ? do_softirq+0xec/0x180 [ 2426.661728][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 2426.661749][ C0] ? mod_peer_timer+0x21/0x260 [ 2426.661765][ C0] do_softirq+0xec/0x180 [ 2426.661781][ C0] [ 2426.661786][ C0] [ 2426.661792][ C0] ? __pfx_do_softirq+0x10/0x10 [ 2426.661815][ C0] ? lockdep_softirqs_on+0x13b/0x1c0 [ 2426.661833][ C0] __local_bh_enable_ip+0x17d/0x1c0 [ 2426.661850][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 2426.661868][ C0] ? mod_peer_timer+0x21/0x260 [ 2426.661884][ C0] ? mod_peer_timer+0x20c/0x260 [ 2426.661902][ C0] wg_packet_handshake_send_worker+0x1e3/0x320 [ 2426.661921][ C0] ? __pfx_wg_packet_handshake_send_worker+0x10/0x10 [ 2426.661952][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 2426.661967][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 2426.661984][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 2426.662003][ C0] process_scheduled_works+0xae1/0x17b0 [ 2426.662038][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 2426.662066][ C0] worker_thread+0x8a0/0xda0 [ 2426.662086][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 2426.662107][ C0] ? __kthread_parkme+0x7b/0x200 [ 2426.662131][ C0] kthread+0x711/0x8a0 [ 2426.662153][ C0] ? __pfx_worker_thread+0x10/0x10 [ 2426.662170][ C0] ? __pfx_kthread+0x10/0x10 [ 2426.662186][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 2426.662201][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 2426.662218][ C0] ? __pfx_kthread+0x10/0x10 [ 2426.662233][ C0] ret_from_fork+0x3fc/0x770 [ 2426.662252][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 2426.662273][ C0] ? __switch_to_asm+0x39/0x70 [ 2426.662286][ C0] ? __switch_to_asm+0x33/0x70 [ 2426.662298][ C0] ? __pfx_kthread+0x10/0x10 [ 2426.662313][ C0] ret_from_fork_asm+0x1a/0x30 [ 2426.662336][ C0]