last executing test programs: 8.170417577s ago: executing program 1 (id=641): r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) write$uinput_user_dev(r0, &(0x7f0000000a00)={'syz0\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x8, 0x6, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x2922, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x2004, 0x3, 0x4, 0xf252, 0x80, 0x800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x0, 0x1ff, 0x8000, 0x0, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x2, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x6, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x5, 0x5, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x2, 0x1, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd5, 0x7, 0x1f, 0x404, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x48, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0xe5b, 0x1000, 0x80041101, 0x4, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x6, 0x0, 0x3, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0x3, 0xcac, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x0, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x6, 0x4, 0xe47, 0x3, 0x1654, 0x4, 0x200, 0x2851, 0x3b, 0x20000002, 0x10000005, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a8, 0x6, 0x44, 0x409, 0x3, 0x4, 0x4, 0x10, 0x4, 0xffffffff, 0x7fff, 0x2, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000140)={'hsr0\x00', &(0x7f0000000540)=@ethtool_test={0x1a, 0x1ff, 0x4, 0x6, [0x81, 0x2, 0x5, 0xf, 0x2d, 0xe]}}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x100008b}, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0) madvise(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0xd) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x6, 0x0, 0x7fff0000}]}) close_range(r3, r3, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r5 = fanotify_init(0x200, 0x0) socket(0xa, 0x3, 0x87) fanotify_mark(r5, 0x1, 0x4800003e, r4, 0x0) r6 = io_uring_setup(0x7d76, &(0x7f00000003c0)={0x0, 0x3a9f, 0x40, 0x1, 0x6}) r7 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0, r6}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) io_uring_enter(r7, 0x3516, 0x5000000, 0x0, 0x0, 0xfffffdcf) socket(0xa, 0x3, 0x3a) 7.182219245s ago: executing program 1 (id=645): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3, 0x0, 0x0, 0xf, 0x2}]}, {0x0, [0x0, 0x5f, 0x5f]}}, 0x0, 0x29, 0x0, 0xf000000}, 0x28) 7.042596202s ago: executing program 1 (id=648): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) (async) mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) openat$binder_debug(0xffffff9c, &(0x7f0000019080)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) (async) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32=r2, @ANYBLOB="60005080110001004abee339084eeef16f162471f4000000080003000aac0f00050002"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 32) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 32) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0) (async) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x1, 0x0, 0x0, 0x0, 0xb, 0xfffffffffffffffe, 0xfffffffc}, 0x0) (async) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="01000000", @ANYRES16=0x0, @ANYBLOB="01002bbd7000000000001400000018000180140002006e657464657673696d300000000000000500190001000000"], 0x34}}, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff0000000002000000"], 0x50}}, 0x4000850) (async, rerun: 64) r5 = socket(0x10, 0x3, 0x0) (rerun: 64) sendmmsg$alg(r5, &(0x7f0000000140), 0x4924b68, 0x0) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb261a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4d8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c952197b0a508c0e16fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0xb) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) (async, rerun: 32) socket$key(0xf, 0x3, 0x2) (async, rerun: 32) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000019100)={&(0x7f00000190c0)=ANY=[@ANYRESDEC=r0, @ANYRESOCT=r1], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) (async) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000018"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) (async, rerun: 32) openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x141040, 0x42) (async, rerun: 32) mount(&(0x7f0000000000)=@sr0, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x100080f, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r9, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200) 6.750350562s ago: executing program 1 (id=650): socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_control_io$sierra_net(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000400)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x12}, @l2cap_cid_signaling={{0xe}, [@l2cap_info_req={{0xa, 0xf5, 0x2}, {0x4}}, @l2cap_conn_req={{0x2, 0xea, 0x4}, {0x4, 0x4}}]}}, 0x17) sendmsg$TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, 0x0, 0x20000000) read$msr(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(0x0, 0x8e) pipe2$9p(0x0, 0x84000) r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000180)={0x0, 0x4}, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000020, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) 6.001728969s ago: executing program 0 (id=652): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a04000000ffffffffe6ffffffffffffe7ee0000000000000000020000", 0x58}], 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r3, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xa, 0x0, 0x580, 0x0, 0x28, {[@timestamp={0x5, 0xa, 0xfffe, 0x700}, @generic={0x0, 0x8, "d58838000391"}]}}}}}}, 0x4a) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) recvmmsg$unix(r6, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0xa32, 0x60, 0x0) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000580), r1) getsockopt$PNPIPE_IFINDEX(r5, 0x113, 0x2, &(0x7f00000005c0)=0x0, &(0x7f0000000600)=0x4) sendmsg$MPTCP_PM_CMD_REMOVE(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)=ANY=[@ANYBLOB="00010000", @ANYRES16=r7, @ANYBLOB="000405000000fddbdf25090000003800018008000b000000000014000400ff01000000000000000000000000000108000300e00000020800030000000000060005004e230000080003000600000028000680060005004e240000050f1750640002000200000014000400000000000000000000000000000000003c0001801400040020010000000000000000021400040000000000ff0f00000000000000000000060005004e21000005000200020000000c00018008000300e0000001340001800500020006000000", @ANYRES32=r8, @ANYBLOB="06000100020000000600010002000000060005004e23000008000300e00000020800030002000000"], 0x100}, 0x1, 0x0, 0x0, 0x40000}, 0x40010) sendmsg(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f0000000500)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="203b64229dd17b000000040603000000000000000000010000070900024fd2f6d423a5eabecfaa54"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4891) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r9 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_RUN(r9, 0xae80, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@can_newroute={0x34, 0x18, 0x276d793c29a3c3b7, 0x70bd31, 0x25dfdbff, {}, [@CGW_CS_XOR={0x8, 0x5, {0xfc, 0x2, 0x6, 0xf6}}, @CGW_MOD_XOR={0x15, 0x3, {{{0x4, 0x1, 0x1, 0x1}, 0x8, 0x2, 0x0, 0x0, "7d38f30c3016981a"}, 0x6}}]}, 0x34}}, 0x0) 4.9327791s ago: executing program 1 (id=655): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix={0x0, 0x0, 0x35315258, 0x0, 0x0, 0x0, 0x7, 0x400}}) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000040)=0xfffffffa) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000480)={0x0, 0x701c, 0x700, 0x1, 0x1ef}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r6 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r6, 0x0, 0x0, 0x1000}) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r7, 0x0, 0x0, 0x0, {0x414}, 0x1}) io_uring_enter(r2, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) unshare(0x22020600) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffe, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x8000000000000001}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x9464}, 0x0, 0x0) 4.932525039s ago: executing program 0 (id=656): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix={0x0, 0x0, 0x35315258, 0x0, 0x0, 0x0, 0x7, 0x400}}) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000040)=0xfffffffa) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000480)={0x0, 0x701c, 0x700, 0x1, 0x1ef}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r6 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r6, 0x0, 0x0, 0x1000}) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r7, 0x0, 0x0, 0x0, {0x414}, 0x1}) io_uring_enter(r2, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) unshare(0x22020600) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffe, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x8000000000000001}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x9464}, 0x0, 0x0) 4.047948952s ago: executing program 2 (id=657): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r1, 0x4020aed2, &(0x7f0000000000)={0x0, 0xe000, 0x8}) r3 = openat$vsock(0xffffff9c, &(0x7f0000000040), 0x511000, 0x0) r4 = syz_open_dev$video(&(0x7f0000000000), 0x5dfbd751, 0x401) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000040)) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x208, 0x51, 0x0, 0x52, 0x57}) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r5, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001800dd8d000000ba7e9698ed1fbfa80e000000000002"], 0x3c}}, 0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r6, &(0x7f0000000000)={0x27}, 0x62) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r7, &(0x7f0000000000)={0x27}, 0x74) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r8, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000880)=ANY=[@ANYBLOB="180000000002010300000000ec420000000000000000040098957d6bb1102466cd9e021d58d2f1278ede5ff0ca09f8207c9bf1cdfca494aae4aad2720570a0a8255a4702cade62441ef3370f3aa694fe8173219df10d9f297a7593315181d61b06e03da5565c4a3052579167fde9aac6a17958da196abfb6c2fdabba1612dba1b8eb9bec6ff22a3ae66889dd449011b5af0d1b859d0cd0ea2d5f816a45df6d1c78d30feca6da69d031d1f476dce980cf98862ff25aa9a961e119d9277e499cf8ffffffff7f0000000000008674d119af460c07fc499d57078d22ab1a3c1f760eec4c3609343fde924eec1e5ed06b0daa8ff9e49d5e68632ed7"], 0x18}, 0x1, 0x0, 0x0, 0x880}, 0x40c4) write$binfmt_elf64(r3, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x9, 0x9f, 0x3, 0x40, 0x3, 0x3, 0x9, 0x21, 0x40, 0x273, 0xff, 0x101, 0x38, 0x1, 0x5, 0x5, 0x7}, [{0x1, 0x9, 0x31, 0xfffffffffffffff8, 0x8443, 0x7, 0xfffffffffffffffe, 0x15}], "cf3b78f8ca3c8b90583c0726d1f85f183b97cdc251935c38903a829633ee579861895d3a04a5d2e7981d16f9b7168ae9e4fe4f3b3130eb83aea2c3d73133da", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x5b7) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f00000001c0)={0x3000, 0x18000}) 4.047504929s ago: executing program 1 (id=658): openat$ptmx(0xffffffffffffff9c, 0x0, 0x40980, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x1) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet(0xa, 0x801, 0x84) connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r4, 0x8) r5 = accept4(r4, 0x0, 0x0, 0x0) userfaultfd(0x801) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0xb) ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, 0x0) r7 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x600, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r7, 0x84, 0x66, &(0x7f00000004c0)={r8, 0x1}, &(0x7f0000000500)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000480)={r8, 0x40, 0xffff, 0x9, 0x3ff, 0x6}, &(0x7f0000000440)=0x14) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) 4.008374536s ago: executing program 0 (id=659): socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x800000}, 0x18) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) futex(&(0x7f0000000300)=0x1, 0x8, 0x1, &(0x7f0000000500), &(0x7f0000000540)=0x1, 0x2) bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r5, 0x8000000000000003}, 0x18) prlimit64(r0, 0x4, &(0x7f00000001c0)={0x6, 0x6400}, &(0x7f0000000280)) socket$inet6_mptcp(0xa, 0x1, 0x106) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r8, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r7, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) 3.958166523s ago: executing program 3 (id=660): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$l2tp6(0xa, 0x2, 0x73) recvfrom(r2, 0x0, 0x0, 0x12000, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x8c, 0x1, [@m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x2, 0x5f, 0x0, 0x101, 0x8cb8}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x3}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0xa0}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x38, r5, 0x701, 0x0, 0x25dfdbff, {0x2e}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}]}, 0x38}, 0x1, 0x0, 0x0, 0xc008}, 0x4008010) ioctl$KVM_SET_TSC_KHZ_vm(r1, 0xaea2, 0x80000000) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 3.672863431s ago: executing program 2 (id=661): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @private=0xa010102}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) ioctl$sock_ifreq(r0, 0xdde95ed1881fe497, &(0x7f00000000c0)={'dvmrp0\x00', @ifru_data=&(0x7f0000000000)="295cac6f2af12333e5128925635371c08746e9879757804bc4ee67112f67849d"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000080)=ANY=[@ANYBLOB="1802000000000000000000000000000085100000010000009500000000000000180000000001000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000028850000005000000095"], &(0x7f0000000300)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0xa}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='contention_begin\x00', r3}, 0x18) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r4}, 0x38) 3.672571055s ago: executing program 3 (id=662): r0 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000000, 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0/file0\x00', 0x8) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0xc00000, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x7fff, 0x0, 0x1}}, 0x40) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000540)=""/67, 0x0, 0x4}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/57, 0xd000}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000a80)={0x6, 0x0, [{0x10000, 0xfd, &(0x7f0000000880)=""/253}, {0xdddd1000, 0x3c, &(0x7f00000004c0)=""/60}, {0x3000, 0xc9, &(0x7f0000000980)=""/201}, {0x58000, 0x46, &(0x7f00000005c0)=""/70}, {0x60000, 0x96, &(0x7f00000007c0)=""/150}, {0xeeee0000, 0x6, &(0x7f0000000500)=""/6}]}) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r3 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000640)="4625c43dc1cc3dc19072e91d3e3e4ed976469ee5d77bfdbfbf6af40d8ca95ea11cc344bcd646dce49db71ebdb9b1e476f9bcb6ff4261c9ba86547085606d0bd4d5c2b96a06b48b6c8e0dd357af5fbae8d4905ea6242a780f968577b19f8fb80ba1", 0xffffffffffffff74, 0x810, &(0x7f0000004ff0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$evdev(&(0x7f0000000580), 0x1, 0x2800) 3.073797007s ago: executing program 3 (id=663): socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_control_io$sierra_net(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000400)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x12}, @l2cap_cid_signaling={{0xe}, [@l2cap_info_req={{0xa, 0xf5, 0x2}, {0x4}}, @l2cap_conn_req={{0x2, 0xea, 0x4}, {0x4, 0x4}}]}}, 0x17) sendmsg$TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, 0x0, 0x20000000) read$msr(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(0x0, 0x8e) pipe2$9p(0x0, 0x84000) r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000180)={0x0, 0x4}, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000020, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) 2.767964194s ago: executing program 2 (id=664): r0 = socket$kcm(0x29, 0x5, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000f9000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) (async) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000001d00210000000000000000000700000005000000000000000a00020077a9c6f76f000000060005"], 0x34}}, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) r4 = socket$inet_tcp(0x2, 0x1, 0x0) (async) r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xd) (async) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000080)={0x40000000}) (async) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)) (async) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r8, r7, 0x25, 0x0, @void}, 0x10) (async) syz_emit_ethernet(0xbc6, &(0x7f0000000a00)=ANY=[], 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NG_TYPE={0xfffffffffffffeb3}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)=ANY=[@ANYBLOB="140013001000010000000000000000000000000a74000000060a017e67b9340400000000000000000200000648000480440001800c0001007061796c6f6164003400028008000440000000000800054000000000080003400000008b82d252b5dfbb3d00080006400000000108000840000000010900010073797a30000000000900020073797a32000000001400000011000100000000000000000068337420"], 0x9c}}, 0x0) 2.653809202s ago: executing program 2 (id=665): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$caif_stream(0x25, 0x1, 0x2) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x240400c2) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x1, 0x2, 0x4}]}]}}, &(0x7f0000000f40)=""/4089, 0x32, 0xff9, 0x1}, 0x28) capset(0x0, &(0x7f0000000140)) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x6000000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_IGNORE_DF={0x5}]}}}]}, 0x40}}, 0x0) ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x80801, 0x0) ioctl$BLKTRACESTART(r6, 0x125f, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100), &(0x7f0000000140)) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) 2.263687139s ago: executing program 3 (id=666): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2b, 0x80801, 0x1) connect$inet6(r1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f0000007a00)=[{{&(0x7f0000000100)=@alg, 0x80, &(0x7f0000000200)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/29, 0x1d}, {&(0x7f0000002880)=""/251, 0xfb}], 0x4, &(0x7f0000000300)=""/102, 0x66}, 0x588}, {{&(0x7f0000000540)=@qipcrtr, 0x80, &(0x7f0000000440)=[{&(0x7f0000002980)=""/150, 0x96}, {&(0x7f0000002d00)=""/4096, 0x1000}, {&(0x7f0000002a40)=""/195, 0xc3}], 0x3, &(0x7f00000016c0)=""/90, 0x5a}, 0x1}, {{&(0x7f0000002b40)=@in6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000002bc0)=[{&(0x7f00000005c0)=""/14, 0xe}], 0x1, &(0x7f0000002c00)=""/104, 0x68}, 0x7}, {{0x0, 0x0, &(0x7f0000005300)=[{&(0x7f0000003d80)=""/218, 0xda}, {&(0x7f0000003e80)=""/85, 0x55}, {0x0}, {&(0x7f0000004000)=""/166, 0xa6}, {&(0x7f0000002c80)=""/35, 0x23}, {&(0x7f00000040c0)=""/193, 0xc1}, {&(0x7f00000041c0)=""/4096, 0x1000}, {&(0x7f00000051c0)=""/73, 0x49}, {&(0x7f0000005240)=""/131, 0x83}], 0x9, &(0x7f0000005380)=""/232, 0xe8}, 0x800}, {{&(0x7f0000005480)=@ieee802154, 0x80, &(0x7f0000005640)=[{&(0x7f0000005500)=""/39, 0x27}, {&(0x7f0000005800)=""/4096, 0x1000}], 0x2}, 0x1dd49ea2}, {{&(0x7f0000005680)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000005740)=[{&(0x7f0000006800)=""/4096, 0x1000}, {&(0x7f0000005700)=""/6, 0x6}], 0x2, &(0x7f0000007800)=""/136, 0x88}, 0x9}, {{&(0x7f00000078c0)=@l2, 0x80, &(0x7f0000007940)=[{&(0x7f0000005780)=""/38, 0x26}], 0x1, &(0x7f0000007980)=""/128, 0x80}, 0x3}], 0x7, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0x1, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000280)={0x0, 0x800, 0x0, 0x0, 0x4, "0062ba7d820000001652bdc5fcbdc8dace6b04"}) r4 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r4, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close(r4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r5 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rpc\x00') lseek(r6, 0x4, 0x3) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000080)=0x5, 0x4) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r5, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0) r8 = socket$igmp(0x2, 0x3, 0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000001740), r0) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000001780)={'wlan1\x00'}) sendmsg$NL80211_CMD_LEAVE_OCB(r0, 0x0, 0x0) 1.869216244s ago: executing program 0 (id=667): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix={0x0, 0x0, 0x35315258, 0x0, 0x0, 0x0, 0x7, 0x400}}) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000040)=0xfffffffa) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000480)={0x0, 0x701c, 0x700, 0x1, 0x1ef}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r6 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r6, 0x0, 0x0, 0x1000}) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r7, 0x0, 0x0, 0x0, {0x414}, 0x1}) io_uring_enter(r2, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39) unshare(0x22020600) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffe, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x8000000000000001}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x9464}, 0x0, 0x0) 490.818231ms ago: executing program 0 (id=668): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x44, r3, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x7ff, 0x74}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 489.718682ms ago: executing program 0 (id=669): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @private=0xa010102}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0xdde95ed1881fe497, &(0x7f00000000c0)={'dvmrp0\x00', @ifru_data=&(0x7f0000000000)="295cac6f2af12333e5128925635371c08746e9879757804bc4ee67112f67849d"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) ioctl$UI_DEV_CREATE(r1, 0x5501) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000080)=ANY=[@ANYBLOB="1802000000000000000000000000000085100000010000009500000000000000180000000001000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000028850000005000000095"], &(0x7f0000000300)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0xa}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='contention_begin\x00', r2}, 0x18) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r3}, 0x38) 424.828145ms ago: executing program 3 (id=670): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='sched\x00') read$FUSE(r0, &(0x7f0000000440)={0x2020}, 0x2020) ioctl$KVM_DIRTY_TLB(r0, 0x400caeaa, &(0x7f0000000080)={0x0, 0xdfc7}) (async) ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001) (async, rerun: 64) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) (rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) (async, rerun: 64) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) (async, rerun: 64) getpgrp(0xffffffffffffffff) (async) setgid(0x0) (async) socket(0x10, 0x803, 0x0) (async) socket(0x1d, 0x3, 0x8) (async) sched_getattr(0x0, &(0x7f00000001c0)={0x38}, 0x38, 0x0) (async) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) (async) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR2(r2, 0xc02464bb, &(0x7f0000000080)={0x1, r4, 0x1fc, 0x1000, 0x2, 0x800008, 0x0, 0x4, 0x4000}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sys_enter\x00', r6}, 0x18) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)={0x28, r5, 0x9c3fa077fa966179, 0x70bd26, 0x25dfdbfe, {{0x7e}, {@val={0x8}, @val={0xc, 0x99, {0xf, 0x37}}}}}, 0x28}}, 0x20006054) 351.446068ms ago: executing program 2 (id=671): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = dup(0xffffffffffffffff) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r0, 0x4068aea3, &(0x7f0000000100)) 344.533784ms ago: executing program 2 (id=672): openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080), 0x121101, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x800000000001, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa15, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r0}, 0x8) socket(0x400000000010, 0x3, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x8001, 0x8000, 0x6, 0x0, 0xffffffffffffffff, 0x80000002}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000001c0), 0x3) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3) r5 = semget$private(0x0, 0x20000000102, 0x0) semctl$SEM_STAT(r5, 0x2, 0x12, &(0x7f0000000040)=""/177) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=ANY=[@ANYBLOB="340000001100010027bd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="c00000000014060014003500776732000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004) 0s ago: executing program 3 (id=673): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56759, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0xfffffffe}}}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), r2) r9 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) r10 = dup(r9) lseek(r10, 0x20000000001, 0x1) r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') getdents64(r11, &(0x7f0000000100)=""/83, 0x53) getdents64(r11, 0x0, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), 0xffffffffffffffff) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_devices(r13, &(0x7f0000000640)=ANY=[@ANYBLOB='b '], 0x47) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r14 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r15 = openat$cgroup_devices(r14, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0) splice(r12, 0x0, r15, 0x0, 0x8, 0x0) ioctl$VHOST_NET_SET_BACKEND(r11, 0x4008af30, &(0x7f00000005c0)={0x0, r10}) sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="08010000", @ANYRES16=r8, @ANYBLOB="04002cbd7000fbdbdf250e00000008000400040000000c00028008000600040000000400028040000380060007004e200000060004000700000008000300050000000500080006000000060004000700000014000600ff0200000400000000000000000000016c00018008000b007369700008000800fdffffff0800080001000080080005000400000006000100020000001400032000000000000000000000000000000000080009003a00000014000300fe8000000000000000000000000000bb080009003b0000000800090077000000280001800800090049000000090006006e6f6e6500000000060002008400000008000800001000000800050009000000"], 0x108}, 0x1, 0x0, 0x0, 0x24040004}, 0x4c850) kernel console output (not intermixed with test programs): [ 54.076267][ T5939] bridge_slave_0: entered promiscuous mode [ 54.086050][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.088543][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.091248][ T5939] bridge_slave_1: entered allmulticast mode [ 54.094154][ T5939] bridge_slave_1: entered promiscuous mode [ 54.160934][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.164151][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.166614][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.169024][ T5951] bridge_slave_0: entered allmulticast mode [ 54.171854][ T5951] bridge_slave_0: entered promiscuous mode [ 54.180953][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.183391][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.186161][ T5951] bridge_slave_1: entered allmulticast mode [ 54.188952][ T5951] bridge_slave_1: entered promiscuous mode [ 54.196958][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.238630][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.241306][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.244044][ T5940] bridge_slave_0: entered allmulticast mode [ 54.247017][ T5940] bridge_slave_0: entered promiscuous mode [ 54.255462][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.257863][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.260424][ T5940] bridge_slave_1: entered allmulticast mode [ 54.263135][ T5940] bridge_slave_1: entered promiscuous mode [ 54.294612][ T5939] team0: Port device team_slave_0 added [ 54.298163][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.301430][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.304648][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.307902][ T5950] bridge_slave_0: entered allmulticast mode [ 54.311694][ T5950] bridge_slave_0: entered promiscuous mode [ 54.316586][ T5939] team0: Port device team_slave_1 added [ 54.324918][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.333559][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.336354][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.339269][ T5950] bridge_slave_1: entered allmulticast mode [ 54.343187][ T5950] bridge_slave_1: entered promiscuous mode [ 54.358413][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.380769][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.384900][ T5951] team0: Port device team_slave_0 added [ 54.395729][ T5950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.400241][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.402675][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.411304][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.418406][ T5951] team0: Port device team_slave_1 added [ 54.433615][ T5950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.437142][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.439510][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.448213][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.453397][ T5940] team0: Port device team_slave_0 added [ 54.475577][ T5940] team0: Port device team_slave_1 added [ 54.477942][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.480658][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.489198][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.501165][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.503488][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.511646][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.527771][ T5950] team0: Port device team_slave_0 added [ 54.535866][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.538146][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.546633][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.552417][ T5950] team0: Port device team_slave_1 added [ 54.561947][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.564246][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.572684][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.616220][ T5951] hsr_slave_0: entered promiscuous mode [ 54.619663][ T5951] hsr_slave_1: entered promiscuous mode [ 54.625627][ T5939] hsr_slave_0: entered promiscuous mode [ 54.627940][ T5939] hsr_slave_1: entered promiscuous mode [ 54.630364][ T5939] debugfs: 'hsr0' already exists in 'hsr' [ 54.632353][ T5939] Cannot create hsr debugfs directory [ 54.643488][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.646034][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.656366][ T5950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.668348][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.671337][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.681601][ T5950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.715624][ T5940] hsr_slave_0: entered promiscuous mode [ 54.718002][ T5940] hsr_slave_1: entered promiscuous mode [ 54.720448][ T5940] debugfs: 'hsr0' already exists in 'hsr' [ 54.722379][ T5940] Cannot create hsr debugfs directory [ 54.777588][ T5950] hsr_slave_0: entered promiscuous mode [ 54.780769][ T5950] hsr_slave_1: entered promiscuous mode [ 54.783672][ T5950] debugfs: 'hsr0' already exists in 'hsr' [ 54.786071][ T5950] Cannot create hsr debugfs directory [ 55.008320][ T5951] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.015098][ T5951] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.020130][ T5951] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.030805][ T5951] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.059929][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.066503][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.071614][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.082360][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.123735][ T5940] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.133194][ T5940] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.138320][ T5940] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.145796][ T5940] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.220934][ T5950] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.232125][ T5950] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.241824][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.251394][ T5950] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.258650][ T5950] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.332923][ T5951] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.358995][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.362404][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.379669][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.385863][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.388342][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.413980][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.461803][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.468266][ T5940] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.481956][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.484742][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.494333][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.497384][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.503441][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.505831][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.523980][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.527210][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.540592][ T5950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.583672][ T5950] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.593762][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.596395][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.612769][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.615194][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.630845][ T5302] Bluetooth: hci2: command tx timeout [ 55.632345][ T64] Bluetooth: hci3: command tx timeout [ 55.632377][ T5947] Bluetooth: hci0: command tx timeout [ 55.636871][ T5955] Bluetooth: hci1: command tx timeout [ 55.658446][ T5950] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.713694][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.759478][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.779509][ T5951] veth0_vlan: entered promiscuous mode [ 55.791849][ T5951] veth1_vlan: entered promiscuous mode [ 55.797777][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.829205][ T5950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.837403][ T5939] veth0_vlan: entered promiscuous mode [ 55.856855][ T5939] veth1_vlan: entered promiscuous mode [ 55.860642][ T5951] veth0_macvtap: entered promiscuous mode [ 55.869491][ T5951] veth1_macvtap: entered promiscuous mode [ 55.892585][ T5950] veth0_vlan: entered promiscuous mode [ 55.897286][ T5940] veth0_vlan: entered promiscuous mode [ 55.904025][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.908801][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.920459][ T5950] veth1_vlan: entered promiscuous mode [ 55.927240][ T5939] veth0_macvtap: entered promiscuous mode [ 55.930814][ T1205] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.934289][ T1205] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.938312][ T5940] veth1_vlan: entered promiscuous mode [ 55.943835][ T1205] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.947383][ T1205] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.956136][ T5939] veth1_macvtap: entered promiscuous mode [ 55.988110][ T5940] veth0_macvtap: entered promiscuous mode [ 55.996833][ T5940] veth1_macvtap: entered promiscuous mode [ 56.001550][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.022027][ T5950] veth0_macvtap: entered promiscuous mode [ 56.030982][ T1205] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.038617][ T1205] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.046106][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.052719][ T5950] veth1_macvtap: entered promiscuous mode [ 56.071506][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.074969][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.077805][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.082914][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.089252][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.100751][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.103733][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.111447][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.116333][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.124072][ T1047] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.130620][ T1047] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.131643][ T5951] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.134209][ T1047] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.146058][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.152179][ T1047] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.171409][ T1047] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.196437][ T1047] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.209345][ T1047] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.217242][ T1047] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.236763][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.240292][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.281888][ T1047] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.284476][ T1047] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.303397][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.309912][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.320152][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.323579][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.326277][ T6032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'. [ 56.335945][ T6032] netlink: 2804 bytes leftover after parsing attributes in process `syz.3.4'. [ 56.373447][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.376439][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.396587][ T6032] sit0: entered promiscuous mode [ 56.420227][ T6032] netlink: 'syz.3.4': attribute type 1 has an invalid length. [ 56.423500][ T6032] netlink: 1 bytes leftover after parsing attributes in process `syz.3.4'. [ 56.450304][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.470627][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.478498][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.524518][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.527808][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.613256][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 56.681716][ T6039] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2'. [ 56.691998][ T6039] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 56.694477][ T6039] IPv6: NLM_F_CREATE should be set when creating new route [ 56.881043][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.887355][ T6045] tipc: Started in network mode [ 56.889144][ T6045] tipc: Node identity e28be1bcc74a, cluster identity 4711 [ 56.892150][ T6045] tipc: Enabled bearer , priority 0 [ 56.895649][ T6045] syzkaller0: entered promiscuous mode [ 56.897486][ T6045] syzkaller0: entered allmulticast mode [ 56.900854][ T6046] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 56.904076][ T6046] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 56.912575][ T6046] vhci_hcd vhci_hcd.0: Device attached [ 56.980460][ T5295] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 57.103265][ T6040] Zero length message leads to an empty skb [ 57.110285][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.153371][ T5295] usb 7-1: config 1 has an invalid interface number: 7 but max is 0 [ 57.156271][ T5295] usb 7-1: config 1 has no interface number 0 [ 57.158362][ T5295] usb 7-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 57.162497][ T5295] usb 7-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 57.165789][ T5295] usb 7-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 57.171070][ T5295] usb 7-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 57.174112][ T5295] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 57.176777][ T5295] usb 7-1: Product: syz [ 57.178188][ T5295] usb 7-1: Manufacturer: syz [ 57.189998][ T5295] usb 7-1: SerialNumber: syz [ 57.194565][ T6042] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 57.200129][ T54] usb 38-1: SetAddress Request (2) to port 0 [ 57.204399][ T54] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 57.384402][ T6052] ======================================================= [ 57.384402][ T6052] WARNING: The mand mount option has been deprecated and [ 57.384402][ T6052] and is ignored by this kernel. Remove the mand [ 57.384402][ T6052] option from the mount to silence this warning. [ 57.384402][ T6052] ======================================================= [ 57.421769][ T6052] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 57.514751][ T6042] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 57.595922][ T6047] vhci_hcd: connection reset by peer [ 57.602161][ T1140] vhci_hcd vhci_hcd.0: stop threads [ 57.604462][ T1140] vhci_hcd vhci_hcd.0: release socket [ 57.606966][ T1140] vhci_hcd vhci_hcd.0: disconnect device [ 57.615410][ T6043] tipc: Resetting bearer [ 57.633603][ T6043] tipc: Disabling bearer [ 57.710395][ T64] Bluetooth: hci2: command tx timeout [ 57.712469][ T64] Bluetooth: hci0: command tx timeout [ 57.714976][ T5955] Bluetooth: hci3: command tx timeout [ 57.715022][ T5302] Bluetooth: hci1: command tx timeout [ 57.722856][ T5302] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 57.725484][ T5302] Bluetooth: Wrong link type (-22) [ 58.251978][ T5295] usb 7-1: Incompatible driver and firmware versions [ 58.257079][ T5295] usb 7-1: USB disconnect, device number 2 [ 59.059324][ T6064] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9'. [ 59.100360][ T6064] netlink: 2804 bytes leftover after parsing attributes in process `syz.3.9'. [ 59.146207][ T6064] netlink: 'syz.3.9': attribute type 1 has an invalid length. [ 59.149041][ T6064] netlink: 1 bytes leftover after parsing attributes in process `syz.3.9'. [ 59.723345][ T6058] IPVS: set_ctl: invalid protocol: 58 224.0.0.2:21 [ 59.790118][ T64] Bluetooth: hci3: command tx timeout [ 59.792767][ T5302] Bluetooth: hci0: command tx timeout [ 59.800641][ T5302] Bluetooth: hci1: command tx timeout [ 59.800649][ T64] Bluetooth: hci2: command tx timeout [ 60.504251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 60.507025][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 60.509823][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 60.612591][ T76] Bluetooth: hci4: Frame reassembly failed (-84) [ 60.844670][ T6081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13'. [ 60.852388][ T6081] netlink: 2804 bytes leftover after parsing attributes in process `syz.0.13'. [ 60.864930][ T6081] sit0: entered promiscuous mode [ 60.870544][ T6081] netlink: 'syz.0.13': attribute type 1 has an invalid length. [ 60.873158][ T6081] netlink: 1 bytes leftover after parsing attributes in process `syz.0.13'. [ 60.960184][ T6085] netlink: 'syz.3.14': attribute type 1 has an invalid length. [ 61.016233][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.331038][ T6090] NILFS (nullb0): couldn't find nilfs on the device [ 61.357073][ T6090] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 61.362335][ T6090] team0: Port device batadv1 added [ 61.379494][ T6090] hfs: can't find a HFS filesystem on dev nullb0 [ 61.876005][ T5302] Bluetooth: hci1: command tx timeout [ 61.876050][ T5947] Bluetooth: hci0: command tx timeout [ 61.876058][ T5949] Bluetooth: hci3: command tx timeout [ 61.882044][ T5955] Bluetooth: hci2: command tx timeout [ 62.340157][ T54] usb 38-1: device descriptor read/8, error -110 [ 62.462336][ T6103] netlink: 'syz.1.18': attribute type 1 has an invalid length. [ 62.670134][ T64] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 62.745445][ T54] usb usb38-port1: attempt power cycle [ 63.421139][ T54] usb usb38-port1: unable to enumerate USB device [ 63.440806][ T6026] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 63.602104][ T6026] usb 7-1: config 1 has an invalid interface number: 7 but max is 0 [ 63.605049][ T6026] usb 7-1: config 1 has no interface number 0 [ 63.607881][ T6026] usb 7-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 63.613437][ T6026] usb 7-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 63.618459][ T6026] usb 7-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 63.624949][ T6026] usb 7-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 63.628102][ T6026] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.631108][ T6026] usb 7-1: Product: syz [ 63.632836][ T6026] usb 7-1: Manufacturer: syz [ 63.634775][ T6026] usb 7-1: SerialNumber: syz [ 63.644414][ T6111] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 63.880555][ T6111] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 64.102014][ T64] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 64.104277][ T64] Bluetooth: Wrong link type (-22) [ 64.133957][ T6119] [ 64.256256][ T6026] usb 7-1: Incompatible driver and firmware versions [ 64.266101][ T6026] usb 7-1: USB disconnect, device number 3 [ 64.296023][ T6128] __nla_validate_parse: 3 callbacks suppressed [ 64.296042][ T6128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24'. [ 64.331859][ T6128] netlink: 'syz.3.24': attribute type 1 has an invalid length. [ 64.334694][ T6128] netlink: 1 bytes leftover after parsing attributes in process `syz.3.24'. [ 64.612242][ T6131] netlink: 24 bytes leftover after parsing attributes in process `syz.1.25'. [ 65.807705][ T6135] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 65.808715][ T6144] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 65.809924][ T6135] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 65.812313][ T6144] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 65.815665][ T6135] vhci_hcd vhci_hcd.0: Device attached [ 65.819117][ T6144] vhci_hcd vhci_hcd.0: Device attached [ 66.090078][ T55] usb 42-1: SetAddress Request (2) to port 0 [ 66.092386][ T55] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 66.094872][ T34] usb 38-1: SetAddress Request (6) to port 0 [ 66.097075][ T34] usb 38-1: new SuperSpeed USB device number 6 using vhci_hcd [ 66.390673][ T6146] vhci_hcd: connection reset by peer [ 66.393037][ T1148] vhci_hcd vhci_hcd.2: stop threads [ 66.395536][ T1148] vhci_hcd vhci_hcd.2: release socket [ 66.398123][ T1148] vhci_hcd vhci_hcd.2: disconnect device [ 66.540114][ T6145] vhci_hcd: connection reset by peer [ 66.543819][ T46] vhci_hcd vhci_hcd.0: stop threads [ 66.546195][ T46] vhci_hcd vhci_hcd.0: release socket [ 66.548923][ T46] vhci_hcd vhci_hcd.0: disconnect device [ 66.937390][ T6153] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29'. [ 66.960956][ T6153] netlink: 2804 bytes leftover after parsing attributes in process `syz.3.29'. [ 67.061864][ T6153] netlink: 'syz.3.29': attribute type 1 has an invalid length. [ 67.065477][ T6153] netlink: 1 bytes leftover after parsing attributes in process `syz.3.29'. [ 67.749537][ T6165] process 'syz.3.32' launched './file0' with NULL argv: empty string added [ 69.703495][ T6176] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 69.705735][ T6176] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 69.709314][ T6176] vhci_hcd vhci_hcd.0: Device attached [ 69.791132][ T6181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.35'. [ 69.795942][ T6181] netlink: 2804 bytes leftover after parsing attributes in process `syz.0.35'. [ 69.807114][ T6181] netlink: 'syz.0.35': attribute type 1 has an invalid length. [ 69.809913][ T6181] netlink: 1 bytes leftover after parsing attributes in process `syz.0.35'. [ 69.835792][ T6182] netlink: 4 bytes leftover after parsing attributes in process `syz.3.34'. [ 69.841428][ T6179] netlink: 2804 bytes leftover after parsing attributes in process `syz.3.34'. [ 69.852863][ T6179] netlink: 'syz.3.34': attribute type 1 has an invalid length. [ 69.856095][ T6179] netlink: 1 bytes leftover after parsing attributes in process `syz.3.34'. [ 70.119934][ T6177] vhci_hcd: connection closed [ 70.122344][ T13] vhci_hcd vhci_hcd.2: stop threads [ 70.127001][ T13] vhci_hcd vhci_hcd.2: release socket [ 70.129415][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 70.599781][ T6188] usb usb8: usbfs: process 6188 (syz.3.37) did not claim interface 0 before use [ 71.150107][ T34] usb 38-1: device descriptor read/8, error -110 [ 71.153535][ T55] usb 42-1: device descriptor read/8, error -110 [ 71.246836][ T6201] netlink: 4 bytes leftover after parsing attributes in process `syz.2.39'. [ 71.279633][ T6201] sit0: entered promiscuous mode [ 71.287590][ T6201] netlink: 'syz.2.39': attribute type 1 has an invalid length. [ 71.290520][ T6201] netlink: 1 bytes leftover after parsing attributes in process `syz.2.39'. [ 71.593125][ T34] usb usb38-port1: attempt power cycle [ 71.596592][ T55] usb usb42-port1: attempt power cycle [ 71.990150][ T6065] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 72.181382][ T34] usb usb38-port1: unable to enumerate USB device [ 72.186300][ T55] usb usb42-port1: unable to enumerate USB device [ 72.252394][ T6065] usb 5-1: config 1 has an invalid interface number: 7 but max is 0 [ 72.256097][ T6065] usb 5-1: config 1 has no interface number 0 [ 72.259250][ T6065] usb 5-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 72.264935][ T6065] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 72.269208][ T6065] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 72.277868][ T6065] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 72.282969][ T6065] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.286139][ T6065] usb 5-1: Product: syz [ 72.288166][ T6065] usb 5-1: Manufacturer: syz [ 72.290507][ T6065] usb 5-1: SerialNumber: syz [ 72.303286][ T6213] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 72.405707][ T6221] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 72.408865][ T6221] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 72.413491][ T6221] vhci_hcd vhci_hcd.0: Device attached [ 72.519001][ T6213] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 72.680163][ T24] usb 40-1: SetAddress Request (2) to port 0 [ 72.683205][ T24] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 72.730622][ T64] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 72.733940][ T64] Bluetooth: Wrong link type (-22) [ 73.051418][ T6222] vhci_hcd: connection reset by peer [ 73.055244][ T46] vhci_hcd vhci_hcd.1: stop threads [ 73.057256][ T6065] usb 5-1: Incompatible driver and firmware versions [ 73.057801][ T46] vhci_hcd vhci_hcd.1: release socket [ 73.062697][ T6065] usb 5-1: USB disconnect, device number 2 [ 73.068703][ T46] vhci_hcd vhci_hcd.1: disconnect device [ 73.095134][ T6233] netlink: 4 bytes leftover after parsing attributes in process `syz.2.47'. [ 73.099527][ T6233] netlink: 2804 bytes leftover after parsing attributes in process `syz.2.47'. [ 73.112888][ T6233] netlink: 'syz.2.47': attribute type 1 has an invalid length. [ 73.537313][ T55] IPVS: starting estimator thread 0... [ 73.630268][ T6237] IPVS: using max 42 ests per chain, 100800 per kthread [ 74.779723][ T6250] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 76.061742][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.064164][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.820399][ T6294] __nla_validate_parse: 4 callbacks suppressed [ 76.820412][ T6294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 76.826008][ T6294] netlink: 2804 bytes leftover after parsing attributes in process `syz.3.64'. [ 76.832573][ T6294] netlink: 'syz.3.64': attribute type 1 has an invalid length. [ 76.835255][ T6294] netlink: 1 bytes leftover after parsing attributes in process `syz.3.64'. [ 78.586727][ T24] usb 40-1: device descriptor read/8, error -110 [ 79.188288][ T6307] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.296121][ T6313] syzkaller0: entered promiscuous mode [ 79.298456][ T6313] syzkaller0: entered allmulticast mode [ 79.682997][ T24] usb usb40-port1: attempt power cycle [ 79.703191][ T40] audit: type=1326 audit(1766873339.534:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.0.78" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 79.716425][ T40] audit: type=1326 audit(1766873339.534:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.0.78" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 79.724914][ T40] audit: type=1326 audit(1766873339.534:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.0.78" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 79.733565][ T40] audit: type=1326 audit(1766873339.534:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.0.78" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 79.741960][ T40] audit: type=1326 audit(1766873339.534:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.0.78" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 79.750604][ T40] audit: type=1326 audit(1766873339.534:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.0.78" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 79.758647][ T40] audit: type=1326 audit(1766873339.534:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.0.78" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 79.766796][ T40] audit: type=1326 audit(1766873339.534:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.0.78" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 79.774947][ T40] audit: type=1326 audit(1766873339.534:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.0.78" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 79.820163][ T40] audit: type=1326 audit(1766873339.534:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.0.78" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 80.129109][ T6307] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.219832][ T6307] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.251048][ T24] usb usb40-port1: unable to enumerate USB device [ 80.292219][ T6307] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.375526][ T1205] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.389266][ T1205] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.401439][ T1205] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.413779][ T1205] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.496907][ T6334] FAULT_INJECTION: forcing a failure. [ 80.496907][ T6334] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 80.501585][ T6334] CPU: 3 UID: 0 PID: 6334 Comm: syz.2.71 Not tainted syzkaller #0 PREEMPT(full) [ 80.501602][ T6334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.501608][ T6334] Call Trace: [ 80.501613][ T6334] [ 80.501618][ T6334] dump_stack_lvl+0x16c/0x1f0 [ 80.501639][ T6334] should_fail_ex+0x512/0x640 [ 80.501654][ T6334] _copy_from_user+0x2e/0xd0 [ 80.501666][ T6334] __sys_bpf+0x248/0x4980 [ 80.501679][ T6334] ? __pfx___sys_bpf+0x10/0x10 [ 80.501689][ T6334] ? find_held_lock+0x2b/0x80 [ 80.501706][ T6334] ? find_held_lock+0x2b/0x80 [ 80.501723][ T6334] ? __mutex_unlock_slowpath+0x161/0x790 [ 80.501747][ T6334] ? fput+0x70/0xf0 [ 80.501758][ T6334] ? ksys_write+0x1ac/0x250 [ 80.501773][ T6334] ? __pfx_ksys_write+0x10/0x10 [ 80.501791][ T6334] __ia32_sys_bpf+0x76/0xe0 [ 80.501815][ T6334] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.501831][ T6334] __do_fast_syscall_32+0xe8/0x680 [ 80.501850][ T6334] do_fast_syscall_32+0x32/0x80 [ 80.501860][ T6334] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 80.501874][ T6334] RIP: 0023:0xf70cd579 [ 80.501883][ T6334] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 80.501893][ T6334] RSP: 002b:00000000f54bd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 80.501904][ T6334] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000240 [ 80.501910][ T6334] RDX: 0000000000000023 RSI: 0000000000000000 RDI: 0000000000000000 [ 80.501916][ T6334] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 80.501922][ T6334] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 80.501928][ T6334] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 80.501941][ T6334] [ 82.260127][ T6028] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 82.310143][ T6132] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 82.463141][ T6132] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.465406][ T6028] usb 8-1: config 1 has an invalid interface number: 7 but max is 0 [ 82.468234][ T6132] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 82.472822][ T6028] usb 8-1: config 1 has no interface number 0 [ 82.479142][ T6028] usb 8-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 82.481529][ T6132] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 82.485909][ T6028] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 82.490295][ T6132] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.496802][ T6132] usb 6-1: Product: syz [ 82.497015][ T6028] usb 8-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.498675][ T6132] usb 6-1: Manufacturer: syz [ 82.498692][ T6132] usb 6-1: SerialNumber: syz [ 82.513617][ T6028] usb 8-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 82.517861][ T6132] cdc_mbim 6-1:1.0: skipping garbage [ 82.523421][ T6028] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.530135][ T6028] usb 8-1: Product: syz [ 82.532113][ T6028] usb 8-1: Manufacturer: syz [ 82.536041][ T6028] usb 8-1: SerialNumber: syz [ 82.550813][ T6348] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 82.754399][ T6352] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 82.762200][ T6348] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 82.968996][ T64] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 82.972164][ T64] Bluetooth: Wrong link type (-22) [ 83.097827][ T6028] usb 8-1: Incompatible driver and firmware versions [ 83.106853][ T6028] usb 8-1: USB disconnect, device number 2 [ 83.313069][ T6366] netlink: 8 bytes leftover after parsing attributes in process `syz.2.82'. [ 83.316162][ T6366] netlink: 8 bytes leftover after parsing attributes in process `syz.2.82'. [ 83.331398][ T6367] netlink: 4 bytes leftover after parsing attributes in process `syz.0.81'. [ 83.336277][ T6367] netlink: 2804 bytes leftover after parsing attributes in process `syz.0.81'. [ 83.354707][ T6367] netlink: 'syz.0.81': attribute type 1 has an invalid length. [ 83.357773][ T6367] netlink: 1 bytes leftover after parsing attributes in process `syz.0.81'. [ 83.375912][ T6352] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 83.379418][ T6132] cdc_mbim 6-1:1.0: setting tx_max = 16384 [ 83.387626][ T6132] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device [ 83.396470][ T6132] wwan wwan0: port wwan0mbim0 attached [ 83.406178][ T6132] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 1a:c6:b4:8f:ed:97 [ 83.585448][ C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 83.587851][ C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 83.590662][ C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 83.593141][ C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 83.595530][ C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 83.597485][ C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 83.599873][ C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 83.602752][ C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 83.605181][ C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 83.607793][ C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 83.610582][ C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 83.612810][ C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 83.615025][ C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 83.617207][ C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 83.619917][ C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 83.622822][ C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 83.625666][ C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 83.628565][ C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 83.631436][ C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71 [ 83.634314][ C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes [ 83.643562][ T5946] usb 6-1: USB disconnect, device number 2 [ 83.646007][ T5946] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM [ 83.724788][ T5946] wwan wwan0: port wwan0mbim0 disconnected [ 84.718968][ T40] kauditd_printk_skb: 1232 callbacks suppressed [ 84.718980][ T40] audit: type=1326 audit(1766873344.544:1244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.87" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 84.775655][ T40] audit: type=1326 audit(1766873344.554:1245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.87" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 84.815234][ T40] audit: type=1326 audit(1766873344.564:1246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.87" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 84.857398][ T40] audit: type=1326 audit(1766873344.574:1247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.87" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 84.884195][ T40] audit: type=1326 audit(1766873344.574:1248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.87" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 84.909734][ T40] audit: type=1326 audit(1766873344.574:1249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.87" exe="/syz-executor" sig=0 arch=40000003 syscall=71 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 85.290452][ T40] audit: type=1326 audit(1766873344.584:1250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.87" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 85.297589][ T40] audit: type=1326 audit(1766873344.584:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.87" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 85.340210][ T40] audit: type=1326 audit(1766873344.594:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.87" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 85.347424][ T40] audit: type=1326 audit(1766873344.594:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.1.87" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 86.695287][ T10] cfg80211: failed to load regulatory.db [ 86.901706][ T6413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.92'. [ 86.906378][ T6413] netlink: 2804 bytes leftover after parsing attributes in process `syz.2.92'. [ 86.946300][ T6035] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 87.312976][ T6413] netlink: 'syz.2.92': attribute type 1 has an invalid length. [ 87.338769][ T6413] netlink: 1 bytes leftover after parsing attributes in process `syz.2.92'. [ 87.439302][ T6035] usb 8-1: config 1 has an invalid interface number: 7 but max is 0 [ 87.442912][ T6035] usb 8-1: config 1 has no interface number 0 [ 87.445300][ T6035] usb 8-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 87.449326][ T6035] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 87.453136][ T6035] usb 8-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.464045][ T6035] usb 8-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 87.467304][ T6035] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.057984][ T6035] usb 8-1: Product: syz [ 88.059536][ T6035] usb 8-1: Manufacturer: syz [ 88.063932][ T6035] usb 8-1: SerialNumber: syz [ 88.190314][ T6408] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 88.365892][ T6426] netlink: 4 bytes leftover after parsing attributes in process `syz.2.95'. [ 88.376251][ T6426] netlink: 2804 bytes leftover after parsing attributes in process `syz.2.95'. [ 88.399262][ T6426] netlink: 'syz.2.95': attribute type 1 has an invalid length. [ 88.402478][ T6426] netlink: 1 bytes leftover after parsing attributes in process `syz.2.95'. [ 88.415481][ T6408] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 88.621261][ T64] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 88.623529][ T64] Bluetooth: Wrong link type (-22) [ 88.714610][ T6035] usb 8-1: Incompatible driver and firmware versions [ 88.719646][ T6035] usb 8-1: USB disconnect, device number 3 [ 89.270495][ T6435] netlink: 4 bytes leftover after parsing attributes in process `syz.0.98'. [ 89.301889][ T6435] netlink: 'syz.0.98': attribute type 1 has an invalid length. [ 89.303923][ T6435] netlink: 1 bytes leftover after parsing attributes in process `syz.0.98'. [ 90.372077][ T6454] netlink: 4 bytes leftover after parsing attributes in process `syz.0.103'. [ 90.376349][ T6454] netlink: 2804 bytes leftover after parsing attributes in process `syz.0.103'. [ 90.391465][ T6454] netlink: 'syz.0.103': attribute type 1 has an invalid length. [ 90.393929][ T6454] netlink: 1 bytes leftover after parsing attributes in process `syz.0.103'. [ 90.480097][ T6028] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 90.631825][ T6028] usb 6-1: config 1 has an invalid interface number: 7 but max is 0 [ 90.634561][ T6028] usb 6-1: config 1 has no interface number 0 [ 90.636604][ T6028] usb 6-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 90.644081][ T6028] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 90.651946][ T6028] usb 6-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.662944][ T6028] usb 6-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 90.670053][ T6028] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.675835][ T6028] usb 6-1: Product: syz [ 90.679605][ T6028] usb 6-1: Manufacturer: syz [ 90.683209][ T6028] usb 6-1: SerialNumber: syz [ 90.697319][ T6445] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 90.913815][ T6445] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 91.131600][ T64] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 91.134210][ T64] Bluetooth: Wrong link type (-22) [ 91.298175][ T6464] usb usb8: usbfs: process 6464 (syz.2.106) did not claim interface 0 before use [ 91.315022][ T6028] usb 6-1: Incompatible driver and firmware versions [ 91.321263][ T6028] usb 6-1: USB disconnect, device number 3 [ 91.400952][ T6468] netlink: 4 bytes leftover after parsing attributes in process `syz.3.108'. [ 91.412585][ T6468] netlink: 2804 bytes leftover after parsing attributes in process `syz.3.108'. [ 91.426121][ T6468] netlink: 'syz.3.108': attribute type 1 has an invalid length. [ 91.603946][ T6469] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 92.374964][ T6479] netlink: 'syz.2.112': attribute type 8 has an invalid length. [ 92.399474][ T6479] bond0: entered promiscuous mode [ 92.406776][ T6479] bond_slave_0: entered promiscuous mode [ 92.413211][ T6479] bond_slave_1: entered promiscuous mode [ 92.420633][ T6479] gretap0: entered promiscuous mode [ 92.426836][ T6479] bond0: left promiscuous mode [ 92.431722][ T6479] bond_slave_0: left promiscuous mode [ 92.435870][ T6479] bond_slave_1: left promiscuous mode [ 92.442838][ T6479] gretap0: left promiscuous mode [ 93.368503][ T6485] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 93.370847][ T6485] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 93.375053][ T6485] vhci_hcd vhci_hcd.0: Device attached [ 93.440034][ T6028] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 93.591342][ T6028] usb 6-1: config 1 has an invalid interface number: 7 but max is 0 [ 93.594141][ T6028] usb 6-1: config 1 has no interface number 0 [ 93.596191][ T6028] usb 6-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 93.599889][ T6028] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 93.603195][ T6028] usb 6-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.608246][ T6028] usb 6-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 93.611445][ T6028] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.614069][ T6028] usb 6-1: Product: syz [ 93.615510][ T6028] usb 6-1: Manufacturer: syz [ 93.615513][ T6151] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 93.617039][ T6028] usb 6-1: SerialNumber: syz [ 93.618770][ T6475] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 93.743318][ T6486] vhci_hcd: connection reset by peer [ 93.746137][ T76] vhci_hcd vhci_hcd.2: stop threads [ 93.747954][ T76] vhci_hcd vhci_hcd.2: release socket [ 93.749887][ T76] vhci_hcd vhci_hcd.2: disconnect device [ 93.831224][ T6475] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 94.036211][ T64] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 94.039310][ T64] Bluetooth: Wrong link type (-22) [ 94.160791][ T6028] usb 6-1: Incompatible driver and firmware versions [ 94.167859][ T6028] usb 6-1: USB disconnect, device number 4 [ 94.443049][ T6509] __nla_validate_parse: 2 callbacks suppressed [ 94.443093][ T6509] netlink: 4 bytes leftover after parsing attributes in process `syz.2.116'. [ 94.452447][ T6509] netlink: 2804 bytes leftover after parsing attributes in process `syz.2.116'. [ 94.461820][ T6509] netlink: 'syz.2.116': attribute type 1 has an invalid length. [ 94.464321][ T6509] netlink: 1 bytes leftover after parsing attributes in process `syz.2.116'. [ 94.817440][ T6515] program syz.1.119 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 94.981756][ T6516] netlink: 'syz.1.119': attribute type 39 has an invalid length. [ 95.206407][ T6522] overlay: ./bus is not a directory [ 95.292335][ T6528] nfs: Unknown parameter 'ntext' [ 95.577840][ T6542] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 95.706805][ T6544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.127'. [ 95.710823][ T6544] netlink: 2804 bytes leftover after parsing attributes in process `syz.0.127'. [ 95.717858][ T6544] netlink: 'syz.0.127': attribute type 1 has an invalid length. [ 95.720555][ T6544] netlink: 1 bytes leftover after parsing attributes in process `syz.0.127'. [ 97.598850][ T6560] block nbd0: server does not support multiple connections per device. [ 97.614105][ T6560] block nbd0: shutting down sockets [ 98.242347][ T6580] [ 98.412830][ T6586] vlan2: entered promiscuous mode [ 98.416242][ T6586] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 98.419391][ T6586] vlan2: entered allmulticast mode [ 98.421830][ T6586] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 98.542763][ T6589] afs: Unknown parameter 'dyn0x0000000000000004' [ 98.693151][ T6594] [ 98.740166][ T6151] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 100.170063][ T6415] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 100.310607][ T6415] usb 5-1: device descriptor read/64, error -71 [ 100.410169][ T6027] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 100.562510][ T6027] usb 6-1: config 1 has an invalid interface number: 7 but max is 0 [ 100.565979][ T6027] usb 6-1: config 1 has no interface number 0 [ 100.569013][ T6027] usb 6-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 100.573304][ T6027] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 100.576605][ T6027] usb 6-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.581965][ T6027] usb 6-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 100.585072][ T6027] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.587687][ T6027] usb 6-1: Product: syz [ 100.589066][ T6027] usb 6-1: Manufacturer: syz [ 100.590894][ T6027] usb 6-1: SerialNumber: syz [ 100.602293][ T6618] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 100.720240][ T6415] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 100.730497][ T6626] block nbd0: server does not support multiple connections per device. [ 100.734072][ T6626] block nbd0: shutting down sockets [ 100.814377][ T6618] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 100.845824][ T6632] comedi comedi2: board detection failed [ 100.850604][ T6415] usb 5-1: device descriptor read/64, error -71 [ 100.970553][ T6415] usb usb5-port1: attempt power cycle [ 101.025538][ T64] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 101.027819][ T64] Bluetooth: Wrong link type (-22) [ 101.029624][ T64] Bluetooth: hci1: link tx timeout [ 101.031711][ T64] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 101.334966][ T6415] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 101.354739][ T6415] usb 5-1: device descriptor read/8, error -71 [ 101.407835][ T6027] usb 6-1: Incompatible driver and firmware versions [ 101.416594][ T6027] usb 6-1: USB disconnect, device number 5 [ 101.600163][ T6415] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 101.620555][ T6415] usb 5-1: device descriptor read/8, error -71 [ 101.731681][ T6415] usb usb5-port1: unable to enumerate USB device [ 102.158087][ T6656] netlink: 12 bytes leftover after parsing attributes in process `syz.3.160'. [ 102.274817][ T6662] netlink: 'syz.3.163': attribute type 39 has an invalid length. [ 102.379285][ T6664] kernel read not supported for file /!selinuÿ (pid: 6664 comm: syz.3.163) [ 102.383570][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 102.383581][ T40] audit: type=1800 audit(1766873362.214:1267): pid=6664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.163" name=2173656C696E75FF7F dev="mqueue" ino=11122 res=0 errno=0 [ 103.070169][ T5947] Bluetooth: hci1: command 0x0406 tx timeout [ 103.939891][ T6027] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 104.100393][ T6027] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 104.104182][ T6027] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 104.108770][ T6027] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 104.113074][ T6027] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 104.118224][ T6027] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 104.124882][ T6027] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 104.131656][ T6027] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 104.135403][ T6027] usb 8-1: Product: syz [ 104.137354][ T6027] usb 8-1: Manufacturer: syz [ 104.160207][ T6027] cdc_wdm 8-1:1.0: skipping garbage [ 104.165217][ T6027] cdc_wdm 8-1:1.0: skipping garbage [ 104.173565][ T6027] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 104.176333][ T6027] cdc_wdm 8-1:1.0: Unknown control protocol [ 104.288273][ T6717] Bluetooth: MGMT ver 1.23 [ 104.358640][ C2] wdm_int_callback: 25 callbacks suppressed [ 104.358655][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 104.363223][ C2] wdm_int_callback: 25 callbacks suppressed [ 104.363235][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 104.367998][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 104.370252][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 104.372709][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 104.374959][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 104.377193][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 104.379394][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 104.381658][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 104.384230][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 104.386483][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 104.388689][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 104.390948][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 104.393177][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 104.396378][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 104.398810][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 104.401536][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 104.403939][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 104.406175][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 104.408406][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 104.414961][ T6027] usb 8-1: USB disconnect, device number 4 [ 104.417341][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 104.756266][ T6727] loop2: detected capacity change from 0 to 7 [ 104.765370][ T6727] Dev loop2: unable to read RDB block 7 [ 104.768220][ T6727] loop2: unable to read partition table [ 104.772581][ T6727] loop2: partition table beyond EOD, truncated [ 104.777951][ T6727] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 104.799910][ T5351] Dev loop2: unable to read RDB block 7 [ 104.802005][ T5351] loop2: unable to read partition table [ 104.804372][ T5351] loop2: partition table beyond EOD, truncated [ 104.897395][ T6732] ipvlan0: mtu less than device minimum [ 105.926260][ T6751] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.121653][ T40] audit: type=1326 audit(1766873621.958:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.1.193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 106.133425][ T40] audit: type=1326 audit(1766873621.958:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.1.193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 106.142044][ T40] audit: type=1326 audit(1766873621.958:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.1.193" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 106.150273][ T40] audit: type=1326 audit(1766873621.958:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.1.193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 106.157828][ T40] audit: type=1326 audit(1766873621.958:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.1.193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 106.166383][ T40] audit: type=1326 audit(1766873621.958:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.1.193" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 106.173894][ T40] audit: type=1326 audit(1766873621.958:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.1.193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 106.182056][ T40] audit: type=1326 audit(1766873621.958:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.1.193" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 106.189647][ T40] audit: type=1326 audit(1766873621.958:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.1.193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 106.848033][ T6775] input: syz1 as /devices/virtual/input/input5 [ 107.151755][ T6777] syz.3.197 uses obsolete (PF_INET,SOCK_PACKET) [ 107.718035][ T6027] usb 8-1: new full-speed USB device number 5 using dummy_hcd [ 107.743210][ T6789] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 107.745414][ T6789] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 107.748948][ T6789] vhci_hcd vhci_hcd.0: Device attached [ 107.871353][ T6027] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 107.877061][ T6027] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 107.882755][ T6027] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 107.886744][ T6027] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.894240][ T6787] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 107.897601][ T6787] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 107.912244][ T6027] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 108.017886][ T6151] usb 40-1: SetAddress Request (6) to port 0 [ 108.019990][ T6151] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd [ 108.126729][ T6027] usb 8-1: USB disconnect, device number 5 [ 108.226325][ T6790] vhci_hcd: connection reset by peer [ 108.229785][ T1047] vhci_hcd vhci_hcd.1: stop threads [ 108.231709][ T1047] vhci_hcd vhci_hcd.1: release socket [ 108.234425][ T1047] vhci_hcd vhci_hcd.1: disconnect device [ 108.682251][ T6797] netlink: 8 bytes leftover after parsing attributes in process `syz.2.211'. [ 108.686007][ T6797] netlink: 8 bytes leftover after parsing attributes in process `syz.2.211'. [ 108.879747][ T6812] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 108.882969][ T6812] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 108.888609][ T6812] vhci_hcd vhci_hcd.0: Device attached [ 108.903615][ T6812] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.208'. [ 108.916532][ T6807] sit0: left promiscuous mode [ 108.924962][ T6807] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.928688][ T6807] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.976106][ T6813] vhci_hcd: cannot find a urb of seqnum 8 max seqnum 2 [ 108.980508][ T12] vhci_hcd vhci_hcd.1: stop threads [ 108.982851][ T12] vhci_hcd vhci_hcd.1: release socket [ 108.985413][ T12] vhci_hcd vhci_hcd.1: disconnect device [ 109.010595][ T6807] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 109.030286][ T6807] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 109.158705][ T1205] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.163243][ T1205] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.166974][ T1205] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.171214][ T1205] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.368673][ T6827] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 109.371607][ T6827] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 109.375435][ T6827] vhci_hcd vhci_hcd.0: Device attached [ 109.679124][ T6480] usb 38-1: SetAddress Request (10) to port 0 [ 109.686687][ T6480] usb 38-1: new SuperSpeed USB device number 10 using vhci_hcd [ 109.755124][ T6848] usb usb8: usbfs: process 6848 (syz.1.218) did not claim interface 0 before use [ 109.983828][ T6828] vhci_hcd: connection reset by peer [ 109.990189][ T1214] vhci_hcd vhci_hcd.0: stop threads [ 109.992722][ T1214] vhci_hcd vhci_hcd.0: release socket [ 109.995240][ T1214] vhci_hcd vhci_hcd.0: disconnect device [ 110.834947][ T6860] netlink: 'syz.0.219': attribute type 10 has an invalid length. [ 111.630707][ T6877] overlay: Unknown parameter '/' [ 112.512028][ T6885] netlink: 4 bytes leftover after parsing attributes in process `syz.2.227'. [ 112.764550][ T6899] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 112.767164][ T6899] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 112.770404][ T6899] vhci_hcd vhci_hcd.0: Device attached [ 112.783368][ T6899] fuse: Unknown parameter '0x0000000000000009 [ 112.783368][ T6899] ' [ 113.180535][ T6900] vhci_hcd: connection reset by peer [ 113.191133][ T12] vhci_hcd vhci_hcd.1: stop threads [ 113.193611][ T12] vhci_hcd vhci_hcd.1: release socket [ 113.196744][ T6151] usb 40-1: device descriptor read/8, error -110 [ 113.196931][ T12] vhci_hcd vhci_hcd.1: disconnect device [ 113.385966][ T6925] netlink: 4 bytes leftover after parsing attributes in process `syz.2.235'. [ 113.389538][ T6925] netlink: 2804 bytes leftover after parsing attributes in process `syz.2.235'. [ 113.430180][ T6925] netlink: 'syz.2.235': attribute type 1 has an invalid length. [ 113.433941][ T6925] netlink: 1 bytes leftover after parsing attributes in process `syz.2.235'. [ 113.585922][ T6151] usb usb40-port1: attempt power cycle [ 114.177866][ T6151] usb usb40-port1: unable to enumerate USB device [ 114.216341][ T6933] vlan2: entered promiscuous mode [ 114.216382][ T6933] mac80211_hwsim hwsim8 wlan1: entered promiscuous mode [ 114.728411][ T6947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.244'. [ 114.754468][ T6480] usb 38-1: device descriptor read/8, error -110 [ 115.178991][ T6962] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 115.181976][ T6962] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 115.187504][ T6962] vhci_hcd vhci_hcd.0: Device attached [ 115.199555][ T6962] netlink: 6032 bytes leftover after parsing attributes in process `syz.2.247'. [ 115.235973][ T6480] usb usb38-port1: attempt power cycle [ 115.291473][ T6963] vhci_hcd: cannot find a urb of seqnum 8 max seqnum 1 [ 115.299346][ T1140] vhci_hcd vhci_hcd.2: stop threads [ 115.301664][ T1140] vhci_hcd vhci_hcd.2: release socket [ 115.307985][ T1140] vhci_hcd vhci_hcd.2: disconnect device [ 115.332319][ T6957] netlink: 'syz.1.245': attribute type 10 has an invalid length. [ 115.378535][ T6965] netlink: 'syz.1.245': attribute type 10 has an invalid length. [ 115.421902][ T6957] batman_adv: batadv0: Adding interface: team0 [ 115.427189][ T6965] netlink: 2 bytes leftover after parsing attributes in process `syz.1.245'. [ 115.430639][ T6957] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 115.474696][ T6957] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 115.497533][ T40] kauditd_printk_skb: 48 callbacks suppressed [ 115.497547][ T40] audit: type=1326 audit(1766873631.332:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 115.525620][ T40] audit: type=1326 audit(1766873631.342:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 115.533089][ T40] audit: type=1326 audit(1766873631.342:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 115.543062][ T40] audit: type=1326 audit(1766873631.342:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 115.553314][ T40] audit: type=1326 audit(1766873631.342:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 115.561163][ T40] audit: type=1326 audit(1766873631.342:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 115.571998][ T40] audit: type=1326 audit(1766873631.342:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 115.587015][ T40] audit: type=1326 audit(1766873631.342:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 115.595965][ T40] audit: type=1326 audit(1766873631.342:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 115.603375][ T40] audit: type=1326 audit(1766873631.342:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 115.896325][ T6480] usb usb38-port1: unable to enumerate USB device [ 116.834752][ T6978] netlink: 4 bytes leftover after parsing attributes in process `syz.3.253'. [ 116.838431][ T6978] netlink: 44 bytes leftover after parsing attributes in process `syz.3.253'. [ 116.841841][ T6978] netlink: 44 bytes leftover after parsing attributes in process `syz.3.253'. [ 116.982958][ T6984] vlan2: entered promiscuous mode [ 116.986200][ T6984] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode [ 117.052415][ T6987] netlink: zone id is out of range [ 117.061018][ T6987] netlink: 9 bytes leftover after parsing attributes in process `syz.1.256'. [ 117.067241][ T6987] gretap0: entered promiscuous mode [ 117.079224][ T6987] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 117.083752][ T6987] overlayfs: maximum fs stacking depth exceeded [ 118.130449][ T1223] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.141828][ T1223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.234616][ T7017] netlink: 8 bytes leftover after parsing attributes in process `syz.3.266'. [ 118.370699][ T7023] netlink: 'syz.1.269': attribute type 1 has an invalid length. [ 118.492741][ T7023] netlink: 224 bytes leftover after parsing attributes in process `syz.1.269'. [ 118.636617][ T7031] bridge_slave_0: left allmulticast mode [ 118.638741][ T7031] bridge_slave_0: left promiscuous mode [ 118.640805][ T7031] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.649525][ T7031] bridge_slave_1: left promiscuous mode [ 118.652238][ T7031] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.670936][ T7031] bond0: (slave bond_slave_0): Releasing backup interface [ 118.679388][ T7031] bond0: (slave bond_slave_1): Releasing backup interface [ 118.691976][ T7031] team0: Port device team_slave_0 removed [ 118.700478][ T7031] team0: Port device team_slave_1 removed [ 118.704982][ T7031] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.707515][ T7031] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.711659][ T7031] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.715307][ T7031] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.735045][ T7031] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 118.771454][ T7032] team0: Mode changed to "loadbalance" [ 118.812379][ T7002] comedi comedi0: reset error (fatal) [ 118.856703][ T7032] netlink: 'syz.0.271': attribute type 10 has an invalid length. [ 118.870049][ T7032] team0: Port device dummy0 added [ 119.400466][ T7063] tipc: Started in network mode [ 119.403033][ T7063] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 119.407651][ T7063] tipc: Enabling of bearer rejected, failed to enable media [ 119.630698][ T7049] netlink: 'syz.2.277': attribute type 12 has an invalid length. [ 120.008157][ T7085] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 120.011176][ T7085] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 120.014885][ T7085] vhci_hcd vhci_hcd.0: Device attached [ 120.106476][ T7091] netlink: 20 bytes leftover after parsing attributes in process `syz.2.294'. [ 120.110172][ T7091] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 120.113168][ T7091] IPv6: NLM_F_CREATE should be set when creating new route [ 120.129477][ T7086] vhci_hcd: connection closed [ 120.130187][ T1214] vhci_hcd vhci_hcd.1: stop threads [ 120.134720][ T1214] vhci_hcd vhci_hcd.1: release socket [ 120.136946][ T1214] vhci_hcd vhci_hcd.1: disconnect device [ 120.154499][ T7093] CUSE: unknown device info "ÿ" [ 120.156676][ T7093] CUSE: unknown device info "" [ 120.158887][ T7093] CUSE: DEVNAME unspecified [ 120.342433][ T7099] fuse: Bad value for 'fd' [ 121.169003][ T7107] bond1 (unregistering): Released all slaves [ 121.219038][ T7111] overlay: Unknown parameter '/' [ 123.042222][ T7140] netlink: 'syz.3.309': attribute type 1 has an invalid length. [ 123.045059][ T7140] netlink: 224 bytes leftover after parsing attributes in process `syz.3.309'. [ 123.516755][ T7149] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.617210][ T7157] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode [ 123.620166][ T7157] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode [ 123.670379][ T7159] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 123.927692][ T7160] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 123.933012][ T7160] overlayfs: failed to look up (tracing) for ino (-66) [ 124.053053][ T7162] bridge_slave_0: left allmulticast mode [ 124.100444][ T7162] bridge_slave_0: left promiscuous mode [ 124.110618][ T7162] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.116428][ T7162] bridge_slave_1: left allmulticast mode [ 124.123954][ T7162] bridge_slave_1: left promiscuous mode [ 124.219888][ T7162] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.294213][ T7125] syz.1.303 (7125) used greatest stack depth: 19656 bytes left [ 124.310296][ T7169] netlink: 'syz.2.314': attribute type 10 has an invalid length. [ 124.465722][ T7162] bond0: (slave bond_slave_0): Releasing backup interface [ 124.473484][ T7162] bond0: (slave bond_slave_1): Releasing backup interface [ 124.492357][ T7162] team0: Port device team_slave_0 removed [ 124.502718][ T7162] team0: Port device team_slave_1 removed [ 124.506590][ T7162] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.511320][ T7162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.520349][ T7162] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.524463][ T7162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 124.532925][ T7162] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 124.556687][ T7165] team0: Mode changed to "loadbalance" [ 124.585319][ T7169] team0: Port device dummy0 added [ 125.975708][ T7191] netlink: 36 bytes leftover after parsing attributes in process `syz.1.322'. [ 125.978922][ T7191] netlink: 12 bytes leftover after parsing attributes in process `syz.1.322'. [ 126.029213][ T6151] IPVS: starting estimator thread 0... [ 126.128900][ T7193] IPVS: using max 44 ests per chain, 105600 per kthread [ 126.341001][ T7191] netlink: 8 bytes leftover after parsing attributes in process `syz.1.322'. [ 126.427600][ T7206] netlink: 28 bytes leftover after parsing attributes in process `syz.0.326'. [ 126.436011][ T7208] FAULT_INJECTION: forcing a failure. [ 126.436011][ T7208] name failslab, interval 1, probability 0, space 0, times 0 [ 126.441804][ T7208] CPU: 3 UID: 0 PID: 7208 Comm: syz.3.329 Tainted: G L syzkaller #0 PREEMPT(full) [ 126.441833][ T7208] Tainted: [L]=SOFTLOCKUP [ 126.441839][ T7208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 126.441865][ T7208] Call Trace: [ 126.441873][ T7208] [ 126.441889][ T7208] dump_stack_lvl+0x16c/0x1f0 [ 126.441949][ T7208] should_fail_ex+0x512/0x640 [ 126.441970][ T7208] ? __kmalloc_noprof+0xca/0x910 [ 126.441998][ T7208] should_failslab+0xc2/0x120 [ 126.442026][ T7208] __kmalloc_noprof+0xeb/0x910 [ 126.442044][ T7208] ? __lock_acquire+0x436/0x2890 [ 126.442061][ T7208] ? bpf_test_init.isra.0+0x88/0x130 [ 126.442088][ T7208] ? bpf_test_init.isra.0+0x88/0x130 [ 126.442109][ T7208] bpf_test_init.isra.0+0x88/0x130 [ 126.442133][ T7208] bpf_prog_test_run_skb+0x489/0x31a0 [ 126.442164][ T7208] ? find_held_lock+0x2b/0x80 [ 126.442196][ T7208] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 126.442223][ T7208] ? fput+0x70/0xf0 [ 126.442244][ T7208] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 126.442268][ T7208] __sys_bpf+0x1035/0x4980 [ 126.442290][ T7208] ? __pfx___sys_bpf+0x10/0x10 [ 126.442306][ T7208] ? find_held_lock+0x2b/0x80 [ 126.442333][ T7208] ? find_held_lock+0x2b/0x80 [ 126.442362][ T7208] ? __mutex_unlock_slowpath+0x161/0x790 [ 126.442405][ T7208] ? fput+0x70/0xf0 [ 126.442422][ T7208] ? ksys_write+0x1ac/0x250 [ 126.442446][ T7208] ? __pfx_ksys_write+0x10/0x10 [ 126.442476][ T7208] __ia32_sys_bpf+0x76/0xe0 [ 126.442493][ T7208] ? lockdep_hardirqs_on+0x7c/0x110 [ 126.442520][ T7208] __do_fast_syscall_32+0xe8/0x680 [ 126.442550][ T7208] do_fast_syscall_32+0x32/0x80 [ 126.442565][ T7208] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 126.442587][ T7208] RIP: 0023:0xf70dd579 [ 126.442601][ T7208] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 126.442618][ T7208] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 126.442636][ T7208] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000240 [ 126.442647][ T7208] RDX: 0000000000000023 RSI: 0000000000000000 RDI: 0000000000000000 [ 126.442657][ T7208] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 126.442666][ T7208] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 126.442676][ T7208] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 126.442700][ T7208] [ 128.560794][ T7256] Driver unsupported XDP return value 0 on prog (id 94) dev N/A, expect packet loss! [ 128.578500][ T6480] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 128.744175][ T6480] usb 7-1: Using ep0 maxpacket: 8 [ 128.750490][ T6480] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 128.754102][ T6480] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 128.790114][ T6480] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 128.793526][ T6480] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 128.797092][ T6480] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 128.845695][ T6480] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 128.867252][ T6480] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.084610][ T6480] usb 7-1: usb_control_msg returned -32 [ 129.088291][ T6480] usbtmc 7-1:16.0: can't read capabilities [ 129.238175][ T7267] overlayfs: failed to resolve './file1/file0': -2 [ 129.434886][ T7269] netlink: 28 bytes leftover after parsing attributes in process `syz.3.347'. [ 129.477144][ T7272] program syz.0.348 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 129.787732][ T7272] netlink: 'syz.0.348': attribute type 39 has an invalid length. [ 129.964541][ T53] libceph: connect (1)[c::]:6789 error -101 [ 129.970875][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 129.992573][ T7282] ceph: No mds server is up or the cluster is laggy [ 130.528148][ T7292] team0: Port device dummy0 removed [ 130.537154][ T7292] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 131.001001][ T7300] mmap: syz.0.356 (7300) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 131.305242][ T6035] usb 7-1: USB disconnect, device number 4 [ 131.636475][ T7317] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 131.795300][ T7317] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 131.800864][ T7317] overlayfs: failed to look up (tracing) for ino (-66) [ 132.239432][ T7322] netlink: 8 bytes leftover after parsing attributes in process `syz.1.360'. [ 132.242426][ T7322] netlink: 24 bytes leftover after parsing attributes in process `syz.1.360'. [ 132.246831][ T7322] ata1.00: invalid multi_count 1 ignored [ 133.445547][ T6035] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 133.596453][ T6035] usb 5-1: config 160 has an invalid interface number: 200 but max is 0 [ 133.603474][ T6035] usb 5-1: config 160 has no interface number 0 [ 133.606192][ T6035] usb 5-1: config 160 interface 200 has no altsetting 0 [ 133.613533][ T6035] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 133.616940][ T6035] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.620038][ T6035] usb 5-1: Product: syz [ 133.622704][ T6035] usb 5-1: Manufacturer: syz [ 133.624399][ T6035] usb 5-1: SerialNumber: syz [ 134.669062][ T7359] wireguard0: entered promiscuous mode [ 134.671052][ T7359] wireguard0: entered allmulticast mode [ 136.137203][ T6035] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 136.140579][ T6035] usb 5-1: MIDIStreaming interface descriptor not found [ 136.201338][ T6035] usb 5-1: USB disconnect, device number 7 [ 136.397601][ T7391] netlink: 'syz.0.379': attribute type 8 has an invalid length. [ 137.083382][ T7396] netlink: 12 bytes leftover after parsing attributes in process `syz.3.382'. [ 137.186112][ T7402] netlink: 8 bytes leftover after parsing attributes in process `syz.3.384'. [ 137.370751][ T7411] netlink: 8 bytes leftover after parsing attributes in process `syz.3.386'. [ 137.429801][ T7414] netlink: 'syz.1.385': attribute type 21 has an invalid length. [ 137.433195][ T7414] netlink: 'syz.1.385': attribute type 1 has an invalid length. [ 137.435984][ T7414] netlink: 100 bytes leftover after parsing attributes in process `syz.1.385'. [ 137.458051][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.460979][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.504020][ T7414] comedi comedi1: dt2801: a I/O base address must be specified [ 138.211258][ T7424] netlink: 8 bytes leftover after parsing attributes in process `syz.3.390'. [ 138.219249][ T7424] netlink: 24 bytes leftover after parsing attributes in process `syz.3.390'. [ 138.229705][ T7424] ata1.00: invalid multi_count 1 ignored [ 138.732542][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 138.732557][ T40] audit: type=1800 audit(1766873653.584:1355): pid=7432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.391" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 138.749576][ T7439] bridge1: entered promiscuous mode [ 138.752059][ T7439] bridge1: entered allmulticast mode [ 139.202988][ T7444] netlink: 'syz.2.396': attribute type 8 has an invalid length. [ 140.409123][ T7457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.394'. [ 140.413033][ T7457] netlink: 3 bytes leftover after parsing attributes in process `syz.3.394'. [ 141.103587][ T7457] batadv1: entered allmulticast mode [ 141.282463][ T7464] input: syz1 as /devices/virtual/input/input7 [ 141.563495][ T40] audit: type=1326 audit(1766873656.416:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.1.402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 141.577417][ T40] audit: type=1326 audit(1766873656.416:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.1.402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 141.591816][ T40] audit: type=1326 audit(1766873656.416:1359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.1.402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 141.604510][ T40] audit: type=1326 audit(1766873656.416:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.1.402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 141.618388][ T40] audit: type=1326 audit(1766873656.426:1360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.1.402" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 141.632228][ T40] audit: type=1326 audit(1766873656.426:1361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.1.402" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x0 [ 141.647346][ T40] audit: type=1326 audit(1766873656.476:1362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.1.402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 141.661293][ T40] audit: type=1326 audit(1766873656.476:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.1.402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 141.673254][ T40] audit: type=1326 audit(1766873656.526:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.1.402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 143.540107][ T10] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 143.690008][ T10] usb 8-1: Using ep0 maxpacket: 32 [ 143.701160][ T10] usb 8-1: config 0 has an invalid interface number: 12 but max is 0 [ 143.716419][ T10] usb 8-1: config 0 has no interface number 0 [ 143.719362][ T10] usb 8-1: config 0 interface 12 has no altsetting 0 [ 143.731990][ T10] usb 8-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 143.735635][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.738990][ T10] usb 8-1: Product: syz [ 143.746132][ T10] usb 8-1: Manufacturer: syz [ 143.748226][ T10] usb 8-1: SerialNumber: syz [ 143.766573][ T10] usb 8-1: config 0 descriptor?? [ 143.779754][ T10] f81534 8-1:0.12: required endpoints missing [ 143.916364][ T40] kauditd_printk_skb: 75 callbacks suppressed [ 143.916377][ T40] audit: type=1326 audit(1766873658.767:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7513 comm="syz.0.414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 143.927176][ T40] audit: type=1326 audit(1766873658.767:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7513 comm="syz.0.414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 143.937788][ T40] audit: type=1326 audit(1766873658.777:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7513 comm="syz.0.414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 143.946403][ T40] audit: type=1326 audit(1766873658.777:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7513 comm="syz.0.414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 143.954132][ T40] audit: type=1326 audit(1766873658.777:1444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7513 comm="syz.0.414" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 143.961682][ T40] audit: type=1326 audit(1766873658.777:1445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7513 comm="syz.0.414" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x0 [ 143.973091][ T40] audit: type=1326 audit(1766873658.827:1446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7513 comm="syz.0.414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 143.982182][ T10] usb 8-1: USB disconnect, device number 6 [ 143.987720][ T40] audit: type=1326 audit(1766873658.827:1447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7513 comm="syz.0.414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 144.030021][ T40] audit: type=1326 audit(1766873658.877:1448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7513 comm="syz.0.414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 144.039072][ T40] audit: type=1326 audit(1766873658.887:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7513 comm="syz.0.414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 144.078037][ T7517] bridge0: port 3(erspan0) entered blocking state [ 144.082140][ T7517] bridge0: port 3(erspan0) entered disabled state [ 144.086903][ T7517] erspan0: entered allmulticast mode [ 144.091768][ T7517] erspan0: entered promiscuous mode [ 144.094700][ T7517] bridge0: port 3(erspan0) entered blocking state [ 144.098016][ T7517] bridge0: port 3(erspan0) entered forwarding state [ 144.879353][ T7542] netlink: 4 bytes leftover after parsing attributes in process `syz.1.423'. [ 144.886117][ T7542] netlink: 2804 bytes leftover after parsing attributes in process `syz.1.423'. [ 145.003075][ T7542] sit0: entered promiscuous mode [ 145.050768][ T7542] netlink: 'syz.1.423': attribute type 1 has an invalid length. [ 145.054956][ T7542] netlink: 1 bytes leftover after parsing attributes in process `syz.1.423'. [ 145.200192][ T64] Bluetooth: hci0: link tx timeout [ 145.203727][ T64] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 145.210053][ T64] Bluetooth: hci0: link tx timeout [ 145.212343][ T64] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 145.218523][ T64] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 145.221718][ T64] Bluetooth: Wrong link type (-22) [ 145.223808][ T64] Bluetooth: hci0: link tx timeout [ 145.225726][ T64] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 145.230173][ T64] Bluetooth: hci0: link tx timeout [ 145.235199][ T64] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 145.706381][ T7564] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2182154216 (4364308432 ns) > initial count (507749598 ns). Using initial count to start timer. [ 145.709256][ T7559] netlink: 4 bytes leftover after parsing attributes in process `syz.2.429'. [ 145.816510][ T7566] netlink: 300 bytes leftover after parsing attributes in process `syz.1.431'. [ 147.018391][ T6480] IPVS: starting estimator thread 0... [ 147.108344][ T7584] IPVS: using max 42 ests per chain, 100800 per kthread [ 147.288211][ T64] Bluetooth: hci0: command 0x0406 tx timeout [ 147.303840][ T7590] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.492777][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.497068][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.528008][ T64] Bluetooth: hci0: command 0x0406 tx timeout [ 149.907358][ T7626] netlink: 4 bytes leftover after parsing attributes in process `syz.0.447'. [ 149.912525][ T7626] netlink: 2804 bytes leftover after parsing attributes in process `syz.0.447'. [ 149.926186][ T7626] netlink: 'syz.0.447': attribute type 1 has an invalid length. [ 149.929236][ T7626] netlink: 1 bytes leftover after parsing attributes in process `syz.0.447'. [ 149.995861][ T7625] program syz.2.448 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 150.435924][ T7637] netlink: 4 bytes leftover after parsing attributes in process `syz.3.449'. [ 150.439894][ T7637] netlink: 2804 bytes leftover after parsing attributes in process `syz.3.449'. [ 150.450996][ T7637] sit0: entered promiscuous mode [ 150.453238][ T7637] netlink: 'syz.3.449': attribute type 1 has an invalid length. [ 150.455899][ T7637] netlink: 1 bytes leftover after parsing attributes in process `syz.3.449'. [ 150.591820][ T7636] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 151.661206][ T7658] netlink: 4 bytes leftover after parsing attributes in process `syz.1.457'. [ 151.676727][ T7658] netlink: 2804 bytes leftover after parsing attributes in process `syz.1.457'. [ 151.683815][ T7658] netlink: 'syz.1.457': attribute type 1 has an invalid length. [ 151.686924][ T7658] netlink: 1 bytes leftover after parsing attributes in process `syz.1.457'. [ 152.459373][ T7671] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 152.462423][ T7671] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 152.466378][ T7671] vhci_hcd vhci_hcd.0: Device attached [ 152.474887][ T7671] netlink: 'syz.0.459': attribute type 3 has an invalid length. [ 152.736159][ T5946] usb 38-1: SetAddress Request (14) to port 0 [ 152.738976][ T5946] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd [ 152.833925][ T7677] qnx6: unable to read the first superblock [ 153.080478][ T7672] vhci_hcd: connection reset by peer [ 153.082940][ T1140] vhci_hcd vhci_hcd.0: stop threads [ 153.084765][ T1140] vhci_hcd vhci_hcd.0: release socket [ 153.086708][ T1140] vhci_hcd vhci_hcd.0: disconnect device [ 153.716622][ T7695] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 153.718949][ T7695] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 153.722170][ T7695] vhci_hcd vhci_hcd.0: Device attached [ 153.771577][ T7695] netlink: 'syz.1.467': attribute type 3 has an invalid length. [ 153.789759][ T7699] netlink: 48 bytes leftover after parsing attributes in process `syz.2.469'. [ 153.805916][ T7701] netlink: 'syz.0.468': attribute type 1 has an invalid length. [ 154.001846][ T7705] tmpfs: Bad value for 'mpol' [ 154.004910][ T6035] usb 40-1: SetAddress Request (10) to port 0 [ 154.007770][ T6035] usb 40-1: new SuperSpeed USB device number 10 using vhci_hcd [ 154.354372][ T7696] vhci_hcd: connection reset by peer [ 154.357860][ T170] vhci_hcd vhci_hcd.1: stop threads [ 154.360092][ T170] vhci_hcd vhci_hcd.1: release socket [ 154.364256][ T170] vhci_hcd vhci_hcd.1: disconnect device [ 155.134013][ T7743] batadv2: entered allmulticast mode [ 155.145519][ T7743] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 155.149009][ T7743] bridge0: port 4(batadv2) entered blocking state [ 155.152881][ T7743] bridge0: port 4(batadv2) entered disabled state [ 155.157206][ T7743] batadv2: entered promiscuous mode [ 155.159387][ T7743] bridge0: port 4(batadv2) entered blocking state [ 155.161709][ T7743] bridge0: port 4(batadv2) entered forwarding state [ 155.294718][ T7751] __nla_validate_parse: 9 callbacks suppressed [ 155.294732][ T7751] netlink: 4 bytes leftover after parsing attributes in process `syz.0.484'. [ 155.304382][ T7751] netlink: 2804 bytes leftover after parsing attributes in process `syz.0.484'. [ 155.316505][ T7751] netlink: 'syz.0.484': attribute type 1 has an invalid length. [ 155.319152][ T7751] netlink: 1 bytes leftover after parsing attributes in process `syz.0.484'. [ 155.634336][ T170] batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled [ 155.637619][ T170] batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled [ 155.778945][ T7763] netlink: 32 bytes leftover after parsing attributes in process `syz.3.489'. [ 156.992302][ T7785] netlink: 'syz.0.498': attribute type 10 has an invalid length. [ 157.311038][ T7802] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 157.313783][ T7802] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 157.317112][ T7802] vhci_hcd vhci_hcd.0: Device attached [ 157.325234][ T7802] netlink: 24 bytes leftover after parsing attributes in process `syz.0.500'. [ 157.889771][ T7803] vhci_hcd: connection closed [ 157.890440][ T1047] vhci_hcd vhci_hcd.0: stop threads [ 157.894111][ T1047] vhci_hcd vhci_hcd.0: release socket [ 157.896147][ T1047] vhci_hcd vhci_hcd.0: disconnect device [ 158.003438][ T7810] netlink: 'syz.1.505': attribute type 31 has an invalid length. [ 158.006439][ T7810] netlink: 'syz.1.505': attribute type 1 has an invalid length. [ 158.082951][ T5946] usb 38-1: device descriptor read/8, error -110 [ 158.095996][ T7812] netlink: 20 bytes leftover after parsing attributes in process `syz.1.506'. [ 158.100567][ T7812] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 158.519370][ T7834] netlink: 4 bytes leftover after parsing attributes in process `syz.2.513'. [ 158.520643][ T7834] netlink: 2804 bytes leftover after parsing attributes in process `syz.2.513'. [ 158.530784][ T7834] netlink: 'syz.2.513': attribute type 1 has an invalid length. [ 158.530831][ T7834] netlink: 1 bytes leftover after parsing attributes in process `syz.2.513'. [ 158.646402][ T7824] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in; [ 158.646402][ T7824] program syz.1.510 not setting count and/or reply_len properly [ 158.647575][ T7824] FAULT_INJECTION: forcing a failure. [ 158.647575][ T7824] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.647669][ T7824] CPU: 1 UID: 0 PID: 7824 Comm: syz.1.510 Tainted: G L syzkaller #0 PREEMPT(full) [ 158.647697][ T7824] Tainted: [L]=SOFTLOCKUP [ 158.647700][ T7824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.647707][ T7824] Call Trace: [ 158.647711][ T7824] [ 158.647715][ T7824] dump_stack_lvl+0x16c/0x1f0 [ 158.647735][ T7824] should_fail_ex+0x512/0x640 [ 158.647751][ T7824] _copy_from_iter+0x2a4/0x16c0 [ 158.647767][ T7824] ? __pfx__copy_from_iter+0x10/0x10 [ 158.647779][ T7824] ? find_held_lock+0x2b/0x80 [ 158.647794][ T7824] ? pfn_valid+0x26a/0x4d0 [ 158.647813][ T7824] copy_page_from_iter+0xde/0x180 [ 158.647836][ T7824] bio_copy_from_iter+0x11e/0x280 [ 158.647859][ T7824] blk_rq_map_user_iov+0xf33/0x1510 [ 158.647881][ T7824] ? __pfx_blk_rq_map_user_iov+0x10/0x10 [ 158.647900][ T7824] ? policy_nodemask+0xea/0x4e0 [ 158.647926][ T7824] ? find_held_lock+0x2b/0x80 [ 158.647953][ T7824] ? sg_common_write.constprop.0+0xbf9/0x1c00 [ 158.647970][ T7824] ? import_ubuf+0x1b6/0x220 [ 158.647982][ T7824] blk_rq_map_user_io+0x1ff/0x230 [ 158.647995][ T7824] ? __pfx_blk_rq_map_user_io+0x10/0x10 [ 158.648007][ T7824] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 158.648031][ T7824] sg_common_write.constprop.0+0xd43/0x1c00 [ 158.648047][ T7824] ? __pfx__printk+0x10/0x10 [ 158.648059][ T7824] ? __pfx_sg_common_write.constprop.0+0x10/0x10 [ 158.648073][ T7824] ? __pfx____ratelimit+0x10/0x10 [ 158.648091][ T7824] sg_write+0x813/0xe10 [ 158.648104][ T7824] ? __pfx_sg_write+0x10/0x10 [ 158.648117][ T7824] ? __pfx_aa_file_perm+0x10/0x10 [ 158.648145][ T7824] ? bpf_lsm_file_permission+0x9/0x10 [ 158.648159][ T7824] ? security_file_permission+0x71/0x210 [ 158.648174][ T7824] ? iov_iter_advance+0x1e3/0x6c0 [ 158.648185][ T7824] ? rw_verify_area+0xcf/0x6c0 [ 158.648201][ T7824] ? __pfx_sg_write+0x10/0x10 [ 158.648211][ T7824] vfs_writev+0x5df/0xde0 [ 158.648229][ T7824] ? __pfx_vfs_writev+0x10/0x10 [ 158.648244][ T7824] ? finish_task_switch.isra.0+0x207/0xbd0 [ 158.648261][ T7824] ? rcu_is_watching+0x12/0xc0 [ 158.648285][ T7824] ? __fget_files+0x20e/0x3c0 [ 158.648305][ T7824] ? do_writev+0x132/0x340 [ 158.648319][ T7824] do_writev+0x132/0x340 [ 158.648334][ T7824] ? __pfx_do_writev+0x10/0x10 [ 158.648353][ T7824] __do_fast_syscall_32+0xe8/0x680 [ 158.648373][ T7824] do_fast_syscall_32+0x32/0x80 [ 158.648383][ T7824] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 158.648398][ T7824] RIP: 0023:0xf70cd579 [ 158.648407][ T7824] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 158.648418][ T7824] RSP: 002b:00000000f549c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000092 [ 158.648429][ T7824] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000400 [ 158.648436][ T7824] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 158.648442][ T7824] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 158.648448][ T7824] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 158.648455][ T7824] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 158.648469][ T7824] [ 158.660960][ T5946] usb usb38-port1: attempt power cycle [ 159.053450][ T6035] usb 40-1: device descriptor read/8, error -110 [ 159.462842][ T6035] usb usb40-port1: attempt power cycle [ 159.522761][ T7855] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 159.535489][ T7855] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 159.539314][ T7855] overlayfs: failed to look up (tracing) for ino (-66) [ 159.722555][ T5946] usb usb38-port1: unable to enumerate USB device [ 160.167860][ T6035] usb usb40-port1: unable to enumerate USB device [ 160.170844][ T7866] netlink: 4 bytes leftover after parsing attributes in process `syz.1.522'. [ 160.323116][ T7870] netlink: 'syz.1.522': attribute type 1 has an invalid length. [ 160.325747][ T7870] __nla_validate_parse: 1 callbacks suppressed [ 160.325755][ T7870] netlink: 1 bytes leftover after parsing attributes in process `syz.1.522'. [ 160.384083][ T7873] FAULT_INJECTION: forcing a failure. [ 160.384083][ T7873] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 160.384114][ T7873] CPU: 2 UID: 0 PID: 7873 Comm: syz.0.524 Tainted: G L syzkaller #0 PREEMPT(full) [ 160.384137][ T7873] Tainted: [L]=SOFTLOCKUP [ 160.384142][ T7873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 160.384151][ T7873] Call Trace: [ 160.384157][ T7873] [ 160.384164][ T7873] dump_stack_lvl+0x16c/0x1f0 [ 160.384193][ T7873] should_fail_ex+0x512/0x640 [ 160.384216][ T7873] should_fail_alloc_page+0xe7/0x130 [ 160.384243][ T7873] prepare_alloc_pages+0x401/0x670 [ 160.384267][ T7873] ? __lock_acquire+0x436/0x2890 [ 160.384287][ T7873] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 160.384308][ T7873] ? __lock_acquire+0x436/0x2890 [ 160.384333][ T7873] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 160.384353][ T7873] ? find_held_lock+0x2b/0x80 [ 160.384379][ T7873] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 160.384403][ T7873] ? is_bpf_text_address+0x94/0x1a0 [ 160.384425][ T7873] ? kernel_text_address+0x8d/0x100 [ 160.384443][ T7873] ? __kernel_text_address+0xd/0x40 [ 160.384461][ T7873] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 160.384487][ T7873] ? policy_nodemask+0xea/0x4e0 [ 160.384513][ T7873] alloc_pages_mpol+0x1fb/0x550 [ 160.384537][ T7873] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 160.384561][ T7873] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 160.384584][ T7873] ? stack_depot_save_flags+0x3de/0x9b0 [ 160.384605][ T7873] ___kmalloc_large_node+0x10c/0x150 [ 160.384623][ T7873] __kmalloc_large_node_noprof+0x1c/0x70 [ 160.384638][ T7873] ? con_font_op+0x77e/0x1040 [ 160.384662][ T7873] __kmalloc_noprof.cold+0xc/0x62 [ 160.384685][ T7873] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 160.384705][ T7873] ? vc_do_resize+0x1de/0x10e0 [ 160.384728][ T7873] ? vc_do_resize+0x1de/0x10e0 [ 160.384746][ T7873] vc_do_resize+0x1de/0x10e0 [ 160.384778][ T7873] ? __pfx_vc_do_resize+0x10/0x10 [ 160.384796][ T7873] ? xfd_validate_state+0x61/0x180 [ 160.384814][ T7873] ? save_fpregs_to_fpstate+0x144/0x270 [ 160.384839][ T7873] fbcon_do_set_font+0x449/0x940 [ 160.384871][ T7873] fbcon_set_font+0xaef/0xc90 [ 160.384894][ T7873] ? __pfx_fbcon_set_font+0x10/0x10 [ 160.384909][ T7873] con_font_op+0x77e/0x1040 [ 160.384935][ T7873] ? __pfx_con_font_op+0x10/0x10 [ 160.384959][ T7873] ? __might_fault+0xe3/0x190 [ 160.384977][ T7873] ? __might_fault+0xe3/0x190 [ 160.384993][ T7873] ? __might_fault+0x13b/0x190 [ 160.385020][ T7873] vt_compat_ioctl+0x369/0x4e0 [ 160.385039][ T7873] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 160.385056][ T7873] ? hook_file_ioctl_common+0x144/0x410 [ 160.385080][ T7873] ? __fget_files+0x20e/0x3c0 [ 160.385101][ T7873] ? __fput_deferred+0x430/0x480 [ 160.385118][ T7873] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 160.385136][ T7873] tty_compat_ioctl+0x2f1/0x4d0 [ 160.385159][ T7873] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 160.385183][ T7873] __ia32_compat_sys_ioctl+0x242/0x370 [ 160.385207][ T7873] __do_fast_syscall_32+0xe8/0x680 [ 160.385234][ T7873] do_fast_syscall_32+0x32/0x80 [ 160.385249][ T7873] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 160.385267][ T7873] RIP: 0023:0xf7f46579 [ 160.385280][ T7873] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 160.385296][ T7873] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 160.385311][ T7873] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b72 [ 160.385321][ T7873] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 160.385331][ T7873] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 160.385340][ T7873] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 160.385349][ T7873] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 160.385371][ T7873] [ 160.631098][ T5947] Bluetooth: hci0: unexpected event for opcode 0x0c1c [ 160.635279][ T7879] netlink: 'syz.0.527': attribute type 10 has an invalid length. [ 160.677518][ T7879] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.687502][ T7879] bond0: (slave team0): Enslaving as an active interface with an up link [ 162.532007][ T7920] efs: device does not support 512 byte blocks [ 162.534151][ T7920] device does not support 512 byte blocks [ 162.534151][ T7920] [ 162.615982][ T7924] netlink: 4 bytes leftover after parsing attributes in process `syz.2.540'. [ 162.620023][ T7924] netlink: 2804 bytes leftover after parsing attributes in process `syz.2.540'. [ 162.632488][ T7926] faux_driver vgem: [drm] Unknown color mode 65545; guessing buffer size. [ 162.759284][ T7928] netlink: 'syz.2.540': attribute type 1 has an invalid length. [ 162.762253][ T7928] netlink: 1 bytes leftover after parsing attributes in process `syz.2.540'. [ 163.751398][ T7949] QAT: failed to copy from user. [ 166.941918][ T7971] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 166.944086][ T7971] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 166.947934][ T7971] vhci_hcd vhci_hcd.0: Device attached [ 167.353389][ T7976] infiniband syz2: set down [ 167.355102][ T7976] infiniband syz2: added ipvlan0 [ 167.372487][ T7978] sit0: left promiscuous mode [ 167.410939][ T7978] vlan2: left promiscuous mode [ 167.412671][ T7978] mac80211_hwsim hwsim8 wlan1: left promiscuous mode [ 167.416228][ T7978] mac80211_hwsim hwsim5 syzkaller0: left promiscuous mode [ 167.592230][ T7971] netlink: 24 bytes leftover after parsing attributes in process `syz.1.553'. [ 167.982573][ T7976] RDS/IB: syz2: added [ 167.984937][ T7976] smc: adding ib device syz2 with port count 1 [ 167.991317][ T7976] smc: ib device syz2 port 1 has no pnetid [ 168.197827][ T5946] usb 40-1: SetAddress Request (14) to port 0 [ 168.201448][ T5946] usb 40-1: new SuperSpeed USB device number 14 using vhci_hcd [ 168.608222][ T7973] netlink: 'syz.2.554': attribute type 10 has an invalid length. [ 168.763103][ T7994] FAULT_INJECTION: forcing a failure. [ 168.763103][ T7994] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.769163][ T7994] CPU: 2 UID: 0 PID: 7994 Comm: syz.0.559 Tainted: G L syzkaller #0 PREEMPT(full) [ 168.769182][ T7994] Tainted: [L]=SOFTLOCKUP [ 168.769186][ T7994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 168.769192][ T7994] Call Trace: [ 168.769197][ T7994] [ 168.769202][ T7994] dump_stack_lvl+0x16c/0x1f0 [ 168.769223][ T7994] should_fail_ex+0x512/0x640 [ 168.769238][ T7994] _copy_from_user+0x2e/0xd0 [ 168.769250][ T7994] bpf_test_init.isra.0+0xce/0x130 [ 168.769267][ T7994] bpf_prog_test_run_skb+0x489/0x31a0 [ 168.769285][ T7994] ? find_held_lock+0x2b/0x80 [ 168.769304][ T7994] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 168.769321][ T7994] ? fput+0x70/0xf0 [ 168.769333][ T7994] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 168.769348][ T7994] __sys_bpf+0x1035/0x4980 [ 168.769360][ T7994] ? __pfx___sys_bpf+0x10/0x10 [ 168.769381][ T7994] ? find_held_lock+0x2b/0x80 [ 168.769398][ T7994] ? find_held_lock+0x2b/0x80 [ 168.769414][ T7994] ? __mutex_unlock_slowpath+0x161/0x790 [ 168.769440][ T7994] ? fput+0x70/0xf0 [ 168.769450][ T7994] ? ksys_write+0x1ac/0x250 [ 168.769465][ T7994] ? __pfx_ksys_write+0x10/0x10 [ 168.769482][ T7994] __ia32_sys_bpf+0x76/0xe0 [ 168.769492][ T7994] ? lockdep_hardirqs_on+0x7c/0x110 [ 168.769508][ T7994] __do_fast_syscall_32+0xe8/0x680 [ 168.769563][ T7994] do_fast_syscall_32+0x32/0x80 [ 168.769583][ T7994] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 168.769611][ T7994] RIP: 0023:0xf7f46579 [ 168.769639][ T7994] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 168.769658][ T7994] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 168.769674][ T7994] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000240 [ 168.769681][ T7994] RDX: 0000000000000023 RSI: 0000000000000000 RDI: 0000000000000000 [ 168.769688][ T7994] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 168.769694][ T7994] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 168.769700][ T7994] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 168.769714][ T7994] [ 168.868723][ T7974] vhci_hcd: connection reset by peer [ 168.871263][ T1223] vhci_hcd vhci_hcd.1: stop threads [ 168.873092][ T1223] vhci_hcd vhci_hcd.1: release socket [ 168.875056][ T1223] vhci_hcd vhci_hcd.1: disconnect device [ 169.038673][ T8006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.562'. [ 169.042827][ T8006] netlink: 2804 bytes leftover after parsing attributes in process `syz.0.562'. [ 169.199523][ T8006] sit0: entered promiscuous mode [ 169.202837][ T8006] netlink: 'syz.0.562': attribute type 1 has an invalid length. [ 169.206382][ T8006] netlink: 1 bytes leftover after parsing attributes in process `syz.0.562'. [ 169.359535][ T5947] Bluetooth: hci3: link tx timeout [ 169.362209][ T5947] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 169.368991][ T5947] Bluetooth: hci3: link tx timeout [ 169.371352][ T5947] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 169.374582][ T5947] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 169.376962][ T5947] Bluetooth: Wrong link type (-22) [ 169.379104][ T5947] Bluetooth: hci3: link tx timeout [ 169.380927][ T5947] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 169.383476][ T5947] Bluetooth: hci3: link tx timeout [ 169.385158][ T5947] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 171.403734][ T5947] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 171.407897][ T5947] Bluetooth: Wrong link type (-22) [ 171.436313][ T5955] Bluetooth: hci3: command 0x0406 tx timeout [ 172.836424][ T8069] x_tables: duplicate underflow at hook 1 [ 172.942721][ T8074] NILFS (nullb0): couldn't find nilfs on the device [ 173.023633][ T8076] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 173.029316][ T8076] team0: Port device batadv2 added [ 173.037892][ T8076] hfs: can't find a HFS filesystem on dev nullb0 [ 173.435762][ T5946] usb 40-1: device descriptor read/8, error -110 [ 173.515277][ T5947] Bluetooth: hci3: command 0x0406 tx timeout [ 173.583207][ T8087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.587'. [ 173.588298][ T8087] netlink: 2804 bytes leftover after parsing attributes in process `syz.1.587'. [ 173.601611][ T8087] netlink: 'syz.1.587': attribute type 1 has an invalid length. [ 173.604413][ T8087] netlink: 1 bytes leftover after parsing attributes in process `syz.1.587'. [ 173.849390][ T5946] usb usb40-port1: attempt power cycle [ 173.926105][ T8099] netlink: 4 bytes leftover after parsing attributes in process `syz.3.590'. [ 173.931187][ T8099] netlink: 2804 bytes leftover after parsing attributes in process `syz.3.590'. [ 173.942676][ T8099] netlink: 'syz.3.590': attribute type 1 has an invalid length. [ 173.945380][ T8099] netlink: 1 bytes leftover after parsing attributes in process `syz.3.590'. [ 174.468727][ T5946] usb usb40-port1: unable to enumerate USB device [ 175.615927][ T8120] netlink: 'syz.1.592': attribute type 8 has an invalid length. [ 175.918760][ T8126] kvm: kvm [8125]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000006f) = 0x6 [ 175.954926][ T64] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 175.957769][ T64] Bluetooth: Wrong link type (-22) [ 176.146225][ T8135] netlink: 4 bytes leftover after parsing attributes in process `syz.0.600'. [ 176.149665][ T8135] netlink: 2804 bytes leftover after parsing attributes in process `syz.0.600'. [ 176.156606][ T8135] netlink: 'syz.0.600': attribute type 1 has an invalid length. [ 176.159127][ T8135] netlink: 1 bytes leftover after parsing attributes in process `syz.0.600'. [ 177.703082][ T24] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 177.824762][ T8165] FAULT_INJECTION: forcing a failure. [ 177.824762][ T8165] name failslab, interval 1, probability 0, space 0, times 0 [ 177.828976][ T8165] CPU: 3 UID: 0 PID: 8165 Comm: syz.3.609 Tainted: G L syzkaller #0 PREEMPT(full) [ 177.828997][ T8165] Tainted: [L]=SOFTLOCKUP [ 177.829001][ T8165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 177.829008][ T8165] Call Trace: [ 177.829013][ T8165] [ 177.829018][ T8165] dump_stack_lvl+0x16c/0x1f0 [ 177.829039][ T8165] should_fail_ex+0x512/0x640 [ 177.829052][ T8165] ? fs_reclaim_acquire+0xae/0x150 [ 177.829070][ T8165] should_failslab+0xc2/0x120 [ 177.829088][ T8165] __kmalloc_noprof+0xeb/0x910 [ 177.829100][ T8165] ? tomoyo_encode2+0x100/0x3e0 [ 177.829118][ T8165] ? tomoyo_encode2+0x100/0x3e0 [ 177.829131][ T8165] tomoyo_encode2+0x100/0x3e0 [ 177.829147][ T8165] tomoyo_encode+0x29/0x50 [ 177.829161][ T8165] tomoyo_realpath_from_path+0x18f/0x6e0 [ 177.829180][ T8165] tomoyo_path_number_perm+0x245/0x580 [ 177.829192][ T8165] ? tomoyo_path_number_perm+0x237/0x580 [ 177.829205][ T8165] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 177.829230][ T8165] ? find_held_lock+0x2b/0x80 [ 177.829245][ T8165] ? hook_file_ioctl_common+0x144/0x410 [ 177.829261][ T8165] ? __fget_files+0x20e/0x3c0 [ 177.829275][ T8165] ? __fput_deferred+0x430/0x480 [ 177.829299][ T8165] security_file_ioctl_compat+0x9b/0x240 [ 177.829314][ T8165] __ia32_compat_sys_ioctl+0xc3/0x370 [ 177.829331][ T8165] __do_fast_syscall_32+0xe8/0x680 [ 177.829350][ T8165] do_fast_syscall_32+0x32/0x80 [ 177.829360][ T8165] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 177.829373][ T8165] RIP: 0023:0xf70dd579 [ 177.829382][ T8165] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 177.829392][ T8165] RSP: 002b:00000000f54ac55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 177.829403][ T8165] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c04064a0 [ 177.829409][ T8165] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 177.829415][ T8165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 177.829421][ T8165] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 177.829427][ T8165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 177.829462][ T8165] [ 177.829476][ T8165] ERROR: Out of memory at tomoyo_realpath_from_path. [ 177.922885][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 177.928429][ T24] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 177.935939][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.949919][ T24] pvrusb2: Hardware description: Terratec Grabster AV400 [ 177.953521][ T24] pvrusb2: ********** [ 177.954853][ T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 177.958171][ T24] pvrusb2: Important functionality might not be entirely working. [ 177.960793][ T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 177.965286][ T24] pvrusb2: ********** [ 178.151916][ T2488] pvrusb2: Invalid write control endpoint [ 178.188641][ T2488] pvrusb2: Invalid write control endpoint [ 178.196310][ T2488] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 178.201344][ T2488] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 178.204364][ T2488] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 178.208643][ T2488] pvrusb2: Device being rendered inoperable [ 178.214833][ T2488] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 178.218575][ T2488] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 178.227819][ T2488] pvrusb2: Attached sub-driver cx25840 [ 178.230881][ T2488] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 178.236365][ T2488] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 178.419264][ T24] usb 7-1: USB disconnect, device number 5 [ 180.474886][ T5302] Bluetooth: hci1: command 0x0406 tx timeout [ 180.474967][ T5955] Bluetooth: hci2: command 0x0406 tx timeout [ 180.647145][ T8193] netlink: 12 bytes leftover after parsing attributes in process `syz.2.615'. [ 180.693227][ T8197] netlink: 'syz.3.619': attribute type 1 has an invalid length. [ 180.696135][ T8197] netlink: 228 bytes leftover after parsing attributes in process `syz.3.619'. [ 180.700234][ T8197] netlink: 8 bytes leftover after parsing attributes in process `syz.3.619'. [ 180.839879][ T8205] netlink: 4 bytes leftover after parsing attributes in process `syz.0.617'. [ 180.844758][ T8205] netlink: 2804 bytes leftover after parsing attributes in process `syz.0.617'. [ 180.930213][ T8205] netlink: 'syz.0.617': attribute type 1 has an invalid length. [ 180.934187][ T8205] netlink: 1 bytes leftover after parsing attributes in process `syz.0.617'. [ 181.107846][ T8210] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 181.110077][ T8210] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 181.115333][ T8210] vhci_hcd vhci_hcd.0: Device attached [ 181.381155][ T55] usb 44-1: SetAddress Request (2) to port 0 [ 181.383376][ T55] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 181.922300][ T8211] vhci_hcd: connection reset by peer [ 181.927918][ T1047] vhci_hcd vhci_hcd.3: stop threads [ 181.930494][ T1047] vhci_hcd vhci_hcd.3: release socket [ 181.951110][ T1047] vhci_hcd vhci_hcd.3: disconnect device [ 182.759985][ T8233] loop2: detected capacity change from 0 to 7 [ 182.763438][ T8233] Dev loop2: unable to read RDB block 7 [ 182.765524][ T8233] loop2: unable to read partition table [ 182.767587][ T8233] loop2: partition table beyond EOD, truncated [ 182.769705][ T8233] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 183.024068][ T8235] capability: warning: `syz.3.630' uses 32-bit capabilities (legacy support in use) [ 183.428415][ T64] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 183.460263][ T40] kauditd_printk_skb: 74 callbacks suppressed [ 183.460280][ T40] audit: type=1326 audit(1766873698.317:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 183.472848][ T40] audit: type=1326 audit(1766873698.317:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 183.483284][ T40] audit: type=1326 audit(1766873698.327:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 183.493513][ T40] audit: type=1326 audit(1766873698.327:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 183.501764][ T40] audit: type=1326 audit(1766873698.327:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 183.509094][ T40] audit: type=1326 audit(1766873698.327:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 183.524114][ T40] audit: type=1326 audit(1766873698.327:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 183.533873][ T40] audit: type=1326 audit(1766873698.327:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 183.543501][ T40] audit: type=1326 audit(1766873698.327:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 183.553660][ T40] audit: type=1326 audit(1766873698.337:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8238 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7ffc0000 [ 184.037839][ T8247] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 184.125950][ T8258] netlink: 4 bytes leftover after parsing attributes in process `syz.3.638'. [ 184.130056][ T8258] bridge_slave_1: left allmulticast mode [ 184.131934][ T8258] bridge_slave_1: left promiscuous mode [ 184.133823][ T8258] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.142352][ T8258] bridge_slave_0: left allmulticast mode [ 184.144814][ T8258] bridge_slave_0: left promiscuous mode [ 184.147875][ T8258] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.445869][ T8266] input: syz1 as /devices/virtual/input/input21 [ 185.439125][ T6132] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 185.628850][ T6132] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 185.647755][ T6132] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 185.653703][ T6132] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 185.659765][ T6132] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 185.666183][ T6132] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 185.672907][ T6132] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.682065][ T6132] usb 7-1: config 0 descriptor?? [ 185.688806][ T8282] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 185.918652][ T8286] input: syz1 as /devices/virtual/input/input22 [ 185.958574][ T5953] udevd[5953]: setting owner of /dev/input/js0 to uid=0, gid=104 failed: No such file or directory [ 186.014425][ T8289] netlink: 56 bytes leftover after parsing attributes in process `syz.1.648'. [ 186.232086][ T6132] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd [ 186.248948][ T6132] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 186.412214][ T64] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 186.556975][ T55] usb 44-1: device descriptor read/8, error -110 [ 186.596968][ T6480] usb 7-1: USB disconnect, device number 6 [ 186.896195][ T8302] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 186.959045][ T55] usb usb44-port1: attempt power cycle [ 187.541482][ T55] usb usb44-port1: unable to enumerate USB device [ 188.224344][ T8299] fido_id[8299]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb7/report_descriptor': No such file or directory [ 189.084172][ T8328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.657'. [ 189.956601][ T64] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 190.302243][ T8350] netlink: 4 bytes leftover after parsing attributes in process `syz.2.664'. [ 190.506050][ T8340] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 190.508484][ T8340] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 190.512314][ T8340] vhci_hcd vhci_hcd.0: Device attached [ 190.876524][ T6027] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 192.441354][ T8356] vhci_hcd: connection reset by peer [ 192.448897][ T46] vhci_hcd vhci_hcd.1: stop threads [ 192.451271][ T46] vhci_hcd vhci_hcd.1: release socket [ 192.453681][ T46] vhci_hcd vhci_hcd.1: disconnect device [ 193.131420][ T8386] mac80211_hwsim hwsim2 syzkaller0: entered promiscuous mode [ 193.133940][ T8386] mac80211_hwsim hwsim2 syzkaller0: entered allmulticast mode [ 193.148241][ T8386] tipc: Enabled bearer , priority 0 [ 193.154161][ T8386] [ 193.155020][ T8386] ====================================================== [ 193.157327][ T8386] WARNING: possible circular locking dependency detected [ 193.159631][ T8386] syzkaller #0 Tainted: G L [ 193.161921][ T8386] ------------------------------------------------------ [ 193.164431][ T8386] syz.3.673/8386 is trying to acquire lock: [ 193.166515][ T8386] ffff88802572a888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 193.170065][ T8386] [ 193.170065][ T8386] but task is already holding lock: [ 193.173091][ T8386] ffff88801342d068 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80 [ 193.175922][ T8386] [ 193.175922][ T8386] which lock already depends on the new lock. [ 193.175922][ T8386] [ 193.179305][ T8386] [ 193.179305][ T8386] the existing dependency chain (in reverse order) is: [ 193.182331][ T8386] [ 193.182331][ T8386] -> #2 (&pipe->mutex){+.+.}-{4:4}: [ 193.184859][ T8386] __mutex_lock+0x1aa/0x1ca0 [ 193.186724][ T8386] anon_pipe_write+0x15d/0x1bd0 [ 193.188548][ T8386] __kernel_write_iter+0x720/0xb10 [ 193.190458][ T8386] __kernel_write+0xf5/0x140 [ 193.192106][ T8386] autofs_notify_daemon+0x4db/0xd60 [ 193.193986][ T8386] autofs_wait+0x10f3/0x1ac0 [ 193.195835][ T8386] autofs_mount_wait+0x132/0x3c0 [ 193.197689][ T8386] autofs_d_automount+0x4b2/0x960 [ 193.199577][ T8386] __traverse_mounts+0x1b9/0x830 [ 193.201407][ T8386] step_into_slowpath+0x772/0xf50 [ 193.203226][ T8386] path_lookupat+0x627/0xc40 [ 193.204919][ T8386] filename_lookup+0x224/0x5f0 [ 193.206898][ T8386] kern_path+0x35/0x50 [ 193.208621][ T8386] lookup_bdev+0xd8/0x280 [ 193.210467][ T8386] resume_store+0x1d6/0x490 [ 193.212206][ T8386] kobj_attr_store+0x58/0x80 [ 193.213963][ T8386] sysfs_kf_write+0xf2/0x150 [ 193.215662][ T8386] kernfs_fop_write_iter+0x3af/0x570 [ 193.217631][ T8386] vfs_write+0x7d3/0x11d0 [ 193.219246][ T8386] ksys_write+0x12a/0x250 [ 193.220875][ T8386] __do_fast_syscall_32+0xe8/0x680 [ 193.222868][ T8386] do_fast_syscall_32+0x32/0x80 [ 193.224762][ T8386] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 193.227535][ T8386] [ 193.227535][ T8386] -> #1 (&sbi->pipe_mutex){+.+.}-{4:4}: [ 193.230493][ T8386] __mutex_lock+0x1aa/0x1ca0 [ 193.232222][ T8386] autofs_notify_daemon+0x4a6/0xd60 [ 193.234160][ T8386] autofs_wait+0x10f3/0x1ac0 [ 193.236104][ T8386] autofs_mount_wait+0x132/0x3c0 [ 193.238133][ T8386] autofs_d_automount+0x4b2/0x960 [ 193.240060][ T8386] __traverse_mounts+0x1b9/0x830 [ 193.242251][ T8386] step_into_slowpath+0x772/0xf50 [ 193.244162][ T8386] path_lookupat+0x627/0xc40 [ 193.245932][ T8386] filename_lookup+0x224/0x5f0 [ 193.247712][ T8386] kern_path+0x35/0x50 [ 193.249256][ T8386] lookup_bdev+0xd8/0x280 [ 193.250866][ T8386] resume_store+0x1d6/0x490 [ 193.252502][ T8386] kobj_attr_store+0x58/0x80 [ 193.254169][ T8386] sysfs_kf_write+0xf2/0x150 [ 193.255844][ T8386] kernfs_fop_write_iter+0x3af/0x570 [ 193.257753][ T8386] vfs_write+0x7d3/0x11d0 [ 193.259345][ T8386] ksys_write+0x12a/0x250 [ 193.260931][ T8386] __do_fast_syscall_32+0xe8/0x680 [ 193.262693][ T8386] do_fast_syscall_32+0x32/0x80 [ 193.264515][ T8386] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 193.267174][ T8386] [ 193.267174][ T8386] -> #0 (&of->mutex){+.+.}-{4:4}: [ 193.269816][ T8386] __lock_acquire+0x1669/0x2890 [ 193.271540][ T8386] lock_acquire+0x179/0x330 [ 193.273657][ T8386] __mutex_lock+0x1aa/0x1ca0 [ 193.275394][ T8386] kernfs_fop_write_iter+0x28f/0x570 [ 193.277283][ T8386] iter_file_splice_write+0xa24/0x12b0 [ 193.279293][ T8386] do_splice+0x1478/0x1fc0 [ 193.280890][ T8386] __do_splice+0x32a/0x360 [ 193.282470][ T8386] __ia32_sys_splice+0x189/0x250 [ 193.284182][ T8386] __do_fast_syscall_32+0xe8/0x680 [ 193.286312][ T8386] do_fast_syscall_32+0x32/0x80 [ 193.288046][ T8386] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 193.290512][ T8386] [ 193.290512][ T8386] other info that might help us debug this: [ 193.290512][ T8386] [ 193.294150][ T8386] Chain exists of: [ 193.294150][ T8386] &of->mutex --> &sbi->pipe_mutex --> &pipe->mutex [ 193.294150][ T8386] [ 193.298567][ T8386] Possible unsafe locking scenario: [ 193.298567][ T8386] [ 193.300910][ T8386] CPU0 CPU1 [ 193.302616][ T8386] ---- ---- [ 193.304571][ T8386] lock(&pipe->mutex); [ 193.306004][ T8386] lock(&sbi->pipe_mutex); [ 193.308263][ T8386] lock(&pipe->mutex); [ 193.310505][ T8386] lock(&of->mutex); [ 193.311805][ T8386] [ 193.311805][ T8386] *** DEADLOCK *** [ 193.311805][ T8386] [ 193.314387][ T8386] 2 locks held by syz.3.673/8386: [ 193.316247][ T8386] #0: ffff888029c5e420 (sb_writers#10){.+.+}-{0:0}, at: __do_splice+0x32a/0x360 [ 193.319204][ T8386] #1: ffff88801342d068 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80 [ 193.322023][ T8386] [ 193.322023][ T8386] stack backtrace: [ 193.323980][ T8386] CPU: 2 UID: 0 PID: 8386 Comm: syz.3.673 Tainted: G L syzkaller #0 PREEMPT(full) [ 193.324000][ T8386] Tainted: [L]=SOFTLOCKUP [ 193.324004][ T8386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 193.324012][ T8386] Call Trace: [ 193.324017][ T8386] [ 193.324025][ T8386] dump_stack_lvl+0x116/0x1f0 [ 193.324045][ T8386] print_circular_bug+0x275/0x340 [ 193.324065][ T8386] check_noncircular+0x146/0x160 [ 193.324085][ T8386] __lock_acquire+0x1669/0x2890 [ 193.324097][ T8386] ? __do_splice+0x32a/0x360 [ 193.324114][ T8386] ? __do_fast_syscall_32+0xe8/0x680 [ 193.324134][ T8386] lock_acquire+0x179/0x330 [ 193.324144][ T8386] ? kernfs_fop_write_iter+0x28f/0x570 [ 193.324161][ T8386] ? __pfx___might_resched+0x10/0x10 [ 193.324178][ T8386] __mutex_lock+0x1aa/0x1ca0 [ 193.324194][ T8386] ? kernfs_fop_write_iter+0x28f/0x570 [ 193.324210][ T8386] ? kernfs_fop_write_iter+0x28f/0x570 [ 193.324226][ T8386] ? __asan_memcpy+0x3c/0x60 [ 193.324239][ T8386] ? __pfx___mutex_lock+0x10/0x10 [ 193.324257][ T8386] ? __pfx__copy_from_iter+0x10/0x10 [ 193.324270][ T8386] ? trace_kmalloc+0x2b/0xb0 [ 193.324286][ T8386] ? __kmalloc_noprof+0x35d/0x910 [ 193.324297][ T8386] ? kernfs_fop_write_iter+0x237/0x570 [ 193.324314][ T8386] ? kernfs_fop_write_iter+0x28f/0x570 [ 193.324329][ T8386] kernfs_fop_write_iter+0x28f/0x570 [ 193.324346][ T8386] iter_file_splice_write+0xa24/0x12b0 [ 193.324376][ T8386] ? __pfx_iter_file_splice_write+0x10/0x10 [ 193.324395][ T8386] ? __pfx_try_to_wake_up+0x10/0x10 [ 193.324415][ T8386] ? __pfx_iter_file_splice_write+0x10/0x10 [ 193.324433][ T8386] do_splice+0x1478/0x1fc0 [ 193.324450][ T8386] ? __lock_acquire+0x436/0x2890 [ 193.324462][ T8386] ? __pfx_do_splice+0x10/0x10 [ 193.324478][ T8386] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 193.324494][ T8386] ? find_held_lock+0x2b/0x80 [ 193.324511][ T8386] __do_splice+0x32a/0x360 [ 193.324534][ T8386] ? __pfx___do_splice+0x10/0x10 [ 193.324558][ T8386] ? __ia32_compat_sys_openat+0x150/0x210 [ 193.324573][ T8386] __ia32_sys_splice+0x189/0x250 [ 193.324590][ T8386] __do_fast_syscall_32+0xe8/0x680 [ 193.324608][ T8386] do_fast_syscall_32+0x32/0x80 [ 193.324618][ T8386] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 193.324637][ T8386] RIP: 0023:0xf70dd579 [ 193.324650][ T8386] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 193.324666][ T8386] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000139 [ 193.324678][ T8386] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000000000 [ 193.324685][ T8386] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000008 [ 193.324691][ T8386] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 193.324698][ T8386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.324704][ T8386] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 193.324714][ T8386] [ 193.387664][ T64] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 194.254755][ T6065] tipc: Node number set to 1 [ 195.983892][ T6027] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 198.874813][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.877182][ T1417] ieee802154 phy1 wpan1: encryption failed: -22