last executing test programs: 13m32.011479197s ago: executing program 0 (id=1363): bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x26e1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x4008032, 0xffffffffffffffff, 0x2000) r1 = semget$private(0x0, 0x4000000009, 0x88) semctl$SEM_STAT(r1, 0x3, 0x12, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x60600, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f00000000c0)={0x100000, 0x21d000}) 13m27.117619765s ago: executing program 0 (id=1372): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617000000172329330dc778c7a4cae9a4abe0bb43"], 0x0, 0x0, 0x0, 0x0}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000400), &(0x7f0000000440)=0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xff2e) r1 = syz_io_uring_complete(0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r1, 0x0, 0x4040) r3 = syz_open_pts(0xffffffffffffffff, 0x900) r4 = dup3(r3, 0xffffffffffffffff, 0x80000) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, 0x0, 0x0) 13m23.976323653s ago: executing program 0 (id=1380): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/mnt\x00') ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, 0x0) 13m23.72060145s ago: executing program 0 (id=1382): bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x26e1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x4008032, 0xffffffffffffffff, 0x2000) r1 = semget$private(0x0, 0x4000000009, 0x88) semctl$SEM_STAT(r1, 0x3, 0x12, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x60600, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f00000000c0)={0x100000, 0x21d000}) 13m19.35654841s ago: executing program 0 (id=1391): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020}, 0x2020) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x10000800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$inet6_udp(0xa, 0x2, 0x0) r6 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002) ioctl$CEC_S_MODE(r6, 0x40046109, &(0x7f0000000140)=0x12) close(r6) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x2d, 0x0, 0x0, 0xcbf, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1, 0x700, 0x8, 0x101, 0xd66}}) 13m14.234260247s ago: executing program 0 (id=1406): bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000001600)=ANY=[@ANYBLOB="0600000004000000b03700005c000000a1010000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES64, @ANYRES32], 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) getrusage(0x0, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNGETVNETBE(r2, 0x800454df, &(0x7f0000000040)=0x1) syz_io_uring_setup(0x7bc6, &(0x7f0000000280)={0x0, 0x1c2a, 0x20, 0x1, 0xfffffffa, 0x0, r1}, &(0x7f0000000100), &(0x7f00000001c0)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r3 = socket(0xa, 0x3, 0x3a) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000080)={'veth0_vlan\x00', 0x200}) syz_init_net_socket$x25(0x9, 0x5, 0x0) openat$kvm(0xffffff9c, 0x0, 0x46100, 0x0) keyctl$read(0x20, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) recvmsg$kcm(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/32, 0x20}], 0x3, &(0x7f0000000380)=""/40, 0x28}, 0x2140) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) sendmsg$NFT_MSG_GETCHAIN(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000040901080000000000000000008009894c1a43433115fc7a04900277fb1c4733c1309a9f40e20699e060f189d0266fb7d80d875e8579033b398cb62e9dffeb48ca57b33ea8d670be77d07b775277eb4702922d0afebc63699d74f34a1f5bff02ccb0eef1cde7a12e3cf6ec274213b8e3ad68700384fb11d1fb0daa66dc03001cb2727c8b8c4db0e4feb6ea1a601be303df9509"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x8002) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="040e0443050c"], 0x7) sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 12m58.197695944s ago: executing program 32 (id=1406): bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000001600)=ANY=[@ANYBLOB="0600000004000000b03700005c000000a1010000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES64, @ANYRES32], 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) getrusage(0x0, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNGETVNETBE(r2, 0x800454df, &(0x7f0000000040)=0x1) syz_io_uring_setup(0x7bc6, &(0x7f0000000280)={0x0, 0x1c2a, 0x20, 0x1, 0xfffffffa, 0x0, r1}, &(0x7f0000000100), &(0x7f00000001c0)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r3 = socket(0xa, 0x3, 0x3a) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000080)={'veth0_vlan\x00', 0x200}) syz_init_net_socket$x25(0x9, 0x5, 0x0) openat$kvm(0xffffff9c, 0x0, 0x46100, 0x0) keyctl$read(0x20, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) recvmsg$kcm(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/32, 0x20}], 0x3, &(0x7f0000000380)=""/40, 0x28}, 0x2140) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) sendmsg$NFT_MSG_GETCHAIN(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000040901080000000000000000008009894c1a43433115fc7a04900277fb1c4733c1309a9f40e20699e060f189d0266fb7d80d875e8579033b398cb62e9dffeb48ca57b33ea8d670be77d07b775277eb4702922d0afebc63699d74f34a1f5bff02ccb0eef1cde7a12e3cf6ec274213b8e3ad68700384fb11d1fb0daa66dc03001cb2727c8b8c4db0e4feb6ea1a601be303df9509"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x8002) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="040e0443050c"], 0x7) sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 7m11.179094456s ago: executing program 4 (id=2446): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x3a, 0x20000000) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) ioctl$SG_SET_TIMEOUT(r3, 0x2201, 0x0) 7m10.0217914s ago: executing program 4 (id=2447): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000400)=""/132, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x622c03, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000140)={0x5, 0x0, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"]) ioctl$KVM_RUN(r6, 0xae80, 0x0) socket(0xa, 0x3, 0x3a) 7m8.887297743s ago: executing program 4 (id=2450): socket(0x1d, 0x1, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28102) dup(r4) socket$inet6_mptcp(0xa, 0x1, 0x106) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r6, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0xd6, 0x1c, 0xd, 0x5, 0x401, 0xfff5, 0xa, 0x0, 0x52, 0x8000, 0x7e9, 0x401, 0x9aa1, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}}) 7m6.557959459s ago: executing program 4 (id=2453): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000001600)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b75"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x21, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x818}, 0x4000) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x9) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) syz_usb_connect(0x0, 0x1cb, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000100)=""/128) 7m1.860511304s ago: executing program 4 (id=2457): socket(0x11, 0x800000003, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)="ad73364256", 0x5) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r2, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000002080)=@newchain={0xd0, 0x64, 0x2, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0x3}, {0xfff1, 0xd}, {0xfffe, 0xb}}, [@f_rsvp6={{0xa}, {0x4}}, @f_rsvp={{0x9}, {0xc, 0x2, [@TCA_RSVP_CLASSID={0x8, 0x1, {0x9, 0x10}}]}}, @f_rsvp={{0x9}, {0x24, 0x2, [@TCA_RSVP_CLASSID={0x8, 0x1, {0x1, 0xe}}, @TCA_RSVP_DST={0x8, 0x2, @multicast1}, @TCA_RSVP_DST={0x8, 0x2, @empty}, @TCA_RSVP_SRC={0x8, 0x3, @loopback}]}}, @f_rsvp={{0x9}, {0x48, 0x2, [@TCA_RSVP_ACT={0x44, 0x6, [@m_skbedit={0x40, 0xa, 0x0, 0x0, {{0xc}, {0x14, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xffff}}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x3404ca41a2cca0ab, 0x6}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}]}]}}]}, 0xd0}}, 0x20008000) recvmmsg(r2, &(0x7f0000003780)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/65, 0x41}, {&(0x7f0000000680)=""/236, 0xec}], 0x2}, 0x1000}], 0x1, 0x40000000, 0x0) 7m0.717762885s ago: executing program 4 (id=2465): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000001900000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x7, 0xaf, &(0x7f0000000640)=""/175, 0x41100, 0x7, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00D7\x00'], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r1}, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x17, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="0000000000000000c30000000001000095"], &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair(0x1e, 0x5, 0x0, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffd, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r5, 0x3516, 0xe0ff, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @vbi={0xa9, 0x6, 0xfffffffa, 0x59455247, [0x4, 0x9], [0x5, 0x1000], 0x13a}}) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r8) 6m45.478132379s ago: executing program 33 (id=2465): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000001900000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x7, 0xaf, &(0x7f0000000640)=""/175, 0x41100, 0x7, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00D7\x00'], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r1}, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x17, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="0000000000000000c30000000001000095"], &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair(0x1e, 0x5, 0x0, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffd, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r5, 0x3516, 0xe0ff, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @vbi={0xa9, 0x6, 0xfffffffa, 0x59455247, [0x4, 0x9], [0x5, 0x1000], 0x13a}}) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r8) 1m35.161401282s ago: executing program 3 (id=3299): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x7ff, 0x2, 0x7f, 0x8, 0x5, 0x3}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0xea6, 0x8000000000000000, 0x8001, 0x9, 0x2}}]}}}]}, 0x78}}, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) sched_setscheduler(0x0, 0x2, 0x0) getpid() sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x388, @ipv4={'\x00', '\xff\xff', @loopback}, 0x8}, 0x1c) munlockall() writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 1m34.856320267s ago: executing program 3 (id=3302): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x70, 0x30, 0x1, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$rds(0x15, 0x5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000", @ANYRES32=r4, @ANYBLOB="04005b000640000000"], 0x28}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003a00000008000300", @ANYBLOB="05005b"], 0x24}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) 1m33.108791748s ago: executing program 3 (id=3306): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000001600)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b75"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x21, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x818}, 0x4000) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x9) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) syz_usb_connect(0x0, 0x1cb, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000100)=""/128) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x14, r5, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x2000c810}, 0x800) syz_open_dev$sndctrl(0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 1m27.260468054s ago: executing program 3 (id=3312): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) unshare(0x60600) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) 1m26.062338461s ago: executing program 3 (id=3316): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="28010000170001"], 0x128}}, 0x0) 1m25.820740923s ago: executing program 3 (id=3318): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) fcntl$addseals(r3, 0x409, 0x7) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$TCFLSH(r0, 0x400455c8, 0x20000000007) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000200)=0x2) eventfd(0xf) 1m9.60822806s ago: executing program 34 (id=3318): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) fcntl$addseals(r3, 0x409, 0x7) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$TCFLSH(r0, 0x400455c8, 0x20000000007) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000200)=0x2) eventfd(0xf) 19.596523377s ago: executing program 6 (id=3444): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3477, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7535}}]}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) 16.312574595s ago: executing program 6 (id=3450): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x6, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @initr0, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 15.270220148s ago: executing program 1 (id=3454): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x45, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r0, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) fchdir(r5) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0xfffffff8, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) 14.909023242s ago: executing program 7 (id=3455): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="0100"/19]) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x8, @empty, 0x3}, 0x1c) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0xd, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14.906798505s ago: executing program 6 (id=3456): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) mkdir(0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x622c03, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"]) ioctl$KVM_RUN(r5, 0xae80, 0x0) 13.59698109s ago: executing program 1 (id=3460): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00"], 0xac}, 0x1, 0x0, 0x0, 0x1}, 0x0) 12.926998012s ago: executing program 7 (id=3462): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r4, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) 11.592367414s ago: executing program 2 (id=3464): socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) ioprio_set$pid(0x1, r0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000100)={'syz', 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40042) setreuid(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x20102, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x800002, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 10.608111393s ago: executing program 1 (id=3465): bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r0}, 0x18) memfd_create(0x0, 0x0) dup(0xffffffffffffffff) open$dir(&(0x7f0000000140)='./file0\x00', 0x500, 0x40) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'wg0\x00', 0x0}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r5}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r3}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 7.073114405s ago: executing program 5 (id=3466): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x2, {0x3, 0x0, 0x0, 0x5, 0x0, 0x1000, {0x0, 0x0, 0x20, 0xfffffffffffffffd, 0xf5, 0x0, 0x0, 0x0, 0x7, 0x2000, 0x2, 0x0, 0x0, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a00000006000100"], 0x1c}}, 0x0) 6.727769179s ago: executing program 2 (id=3467): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) pipe2$9p(&(0x7f0000001900), 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="190000"], 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) syz_open_dev$mouse(0x0, 0x7, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, 0x0, &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) socketpair$tipc(0x1e, 0x4, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r2, 0x1, 0x0, 0xfffffffd, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @private=0xa010102}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x54}}, 0x0) 6.236437401s ago: executing program 5 (id=3468): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setreuid(0xee01, 0x0) ioprio_get$uid(0x3, 0xee01) 5.457769498s ago: executing program 2 (id=3469): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_rdma(0x10, 0x3, 0x14) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100060005004e230000060001000200000008000300ac1414aa0800060001000000000000000000"], 0x38}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'syzkaller1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000540)={'ip6gre0\x00', &(0x7f00000004c0)={'syztnl1\x00', r4, 0x4, 0x81, 0x4, 0x9, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8, 0x7800, 0x1, 0x40}}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan4\x00'}) sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, 0x0, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x9, 0x8, 0x4, 0x4009, 0xa, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value=0x3f000000}, 0x48) setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000080), 0x4) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(0xffffffffffffffff) r6 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r6, &(0x7f0000000140)=[{&(0x7f0000000080)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a0010000100080c10000000000000000000", 0x58}], 0x1) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x18, 0x24, 0x301, 0x0, 0x80, {0x11}, [@nested={0x4, 0x12f}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$FS_IOC_GETFLAGS(r6, 0x80086601, &(0x7f0000000040)) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r8) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="796100000000000000007e00000033000300", @ANYRES32=0x0, @ANYBLOB="a739dfe54ad99ffa18c27526b51001fb4f778791377c"], 0x1c}}, 0x4000054) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x1419, 0x1}, 0x10}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(r7, &(0x7f0000000740)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000700)={&(0x7f0000000640)={0x88, 0x0, 0x300, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x40}, 0x4004884) r10 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="140000001d000b63d25a80648c2594", 0xf}, {&(0x7f0000000580)="3f1c2725e7", 0x5}], 0x2}, 0x4000000) sendmsg$NFQNL_MSG_CONFIG(r0, 0x0, 0x0) 5.198041908s ago: executing program 5 (id=3470): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = dup(r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000002240)='9p_client_req\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}}) 5.132600481s ago: executing program 1 (id=3471): newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) quotactl$Q_GETFMT(0xffffffff80000402, &(0x7f0000000240)=@filename='./file0\x00', r0, &(0x7f0000000380)) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) syz_open_dev$usbfs(0x0, 0x77, 0x101301) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ptrace$ARCH_SET_GS(0x1e, 0x0, &(0x7f0000000600), 0x1001) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = fsopen(&(0x7f0000000040)='bdev\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) 4.590788086s ago: executing program 7 (id=3472): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000060000007c"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast}) 4.422542927s ago: executing program 6 (id=3473): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffff7f850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00', r1}, 0x10) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10) 4.328185829s ago: executing program 5 (id=3474): r0 = open(0x0, 0xa0840, 0x84) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioprio_set$pid(0x2, 0x0, 0x2000) syz_clone(0x88280, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) 4.326041883s ago: executing program 2 (id=3475): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00"], 0xac}, 0x1, 0x0, 0x0, 0x1}, 0x0) 4.1446604s ago: executing program 7 (id=3476): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7f03) r0 = open(0x0, 0x189a7c, 0x113) r1 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0) pwritev2(r1, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r0, 0x0) 4.144089916s ago: executing program 6 (id=3477): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_batadv\x00', 0x0}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4) sendto$packet(r1, &(0x7f00000000c0)="3f030e03f007120006001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xb318, 0x0, &(0x7f0000000540)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 3.710060915s ago: executing program 1 (id=3478): socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x40fd) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x3) capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x0, 0xa}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001ee5000001000000000000010b000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00R\x00'], 0x1c}, 0x1, 0x0, 0x0, 0x20010883}, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r5, 0x407, 0x100000) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_connect$cdc_ecm(0x3, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a440000000010109024c00010100c08109040000fe03020000052406000005240002000d240f01bfffffff0000000000042413020424130109058103000407100709"], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) close(r0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/power/pm_freeze_timeout', 0x169a82, 0x80) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10) sendfile(r7, r7, 0x0, 0xb) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) 3.217785264s ago: executing program 6 (id=3479): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) mprotect(&(0x7f00000ff000/0x14000)=nil, 0x14000, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) sendmsg$nl_route(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000040)=@ipv4_delroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80, 0x0, 0x0, 0x2}, [@RTA_IP_PROTO={0x5, 0x1b, 0x3a}]}, 0x24}}, 0x0) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='gfs2\x00', 0x10, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg(r4, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=[{0xcc, 0x0, 0x0, "3c4da87de60293ab8e00317cea6c58dda02b90d21411c0fc9791e69e7a973e773ac4bd23def6519001a2534f7ebe2a322477aec357b7aec2b1441378ccc8c9e441c944b449430013e23f58a00e7fc3a27c5f5489e10acd5663fa26243a7350822b17daf36e4b48a68f765705e0e6da16c05095e3af3144f8edbc05a04516fe0c9bf7e1a7f1de653acaa488dc5cd810da3ba59d53a552ae245ce1848d41054dbdf19c5f4e015366629be944986e74a278952e7f6e830637152f22271596b9954e"}, {0x28, 0x118, 0x5, "4467db9509f9d8621501b61337900411c53fbe9a0d0a9b753dfefd"}], 0xf4}, 0x10) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x3) setrlimit(0x1, &(0x7f0000000040)) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) ioctl$TIOCGPGRP(r6, 0x540f, &(0x7f00000000c0)) 3.136445449s ago: executing program 7 (id=3480): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setreuid(0xee01, 0x0) ioprio_get$uid(0x3, 0xee01) 3.135341231s ago: executing program 5 (id=3481): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000200)={@local, @multicast, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x2, 0x1c, 0x65, 0x0, 0x6, 0x2, 0x0, @private=0xa010102, @local}, {0x12, 0xfc, 0x0, @rand_addr=0x64010102}}}}}, 0x0) syz_emit_ethernet(0x3e, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x18) inotify_add_watch(0xffffffffffffffff, 0x0, 0x42000122) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x2, 0x0) setsockopt$netlink_NETLINK_RX_RING(r6, 0x10e, 0x6, &(0x7f0000000000)={0xffff, 0x800, 0x15}, 0x10) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r9 = socket(0x400000000010, 0x3, 0x0) r10 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002300)=@newtfilter={0x840, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x810, 0x2, [@TCA_BASIC_POLICE={0x80c, 0x4, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x6, 0xfffffffe, 0xfffffffa, 0xffffffe5, 0x1, 0x1, 0xfffffffc, 0x9, 0x1, 0x1, 0x6, 0x4, 0xfffffff0, 0x4, 0x3ff, 0x0, 0x37, 0x0, 0xb2c0, 0x4, 0x7, 0x4, 0xc, 0x6, 0x9, 0x9, 0x400, 0x60da5daa, 0x9, 0x1, 0x0, 0xfff, 0x4, 0x8, 0x0, 0x9, 0x4, 0x9, 0x4, 0xf09, 0x8, 0x19, 0xd9f8, 0x400, 0x7, 0xfffffffb, 0x24000, 0xfcb1, 0x4, 0x8, 0x8001, 0x6, 0xb, 0xebd1, 0xd24, 0x4, 0x1, 0x5, 0xb, 0x8, 0x5, 0xf80, 0xaef9, 0x1, 0x1, 0x3, 0x9, 0x4, 0x1, 0x3ff, 0x5, 0xfffffffc, 0x3, 0x68, 0x3, 0x4, 0xfffffffa, 0xffff, 0xe, 0x0, 0x1, 0x1, 0x0, 0x9, 0xffffffff, 0x2, 0xe, 0xfe1, 0x1, 0x3, 0x1, 0x4, 0x400, 0x3113, 0x3, 0x6, 0x669, 0x6, 0x0, 0xfffffff9, 0x6, 0x7fffffff, 0xffffff80, 0x2, 0x3, 0x3, 0x6, 0x4, 0x6, 0x200, 0x6, 0x3, 0x6d45, 0xfda, 0x9, 0x0, 0x3ff, 0x6, 0x1a, 0xfff, 0x2, 0x2, 0x2, 0x4, 0xffffffff, 0x8, 0x3, 0x7f, 0x3ff, 0x8, 0x6, 0xfffffffa, 0x4, 0x3, 0x80000001, 0x4fcb, 0x10000, 0x80000000, 0x8, 0x42, 0x1, 0x8, 0x101, 0x1, 0x6, 0x1, 0x1, 0x400, 0x4, 0x2, 0x7, 0x5, 0x0, 0x400, 0x9, 0x3d, 0x100, 0xffffffda, 0x5, 0x6, 0x3, 0x8, 0x6, 0x6, 0x1a2000, 0x40, 0x7, 0x0, 0xa358, 0x80000001, 0x2, 0x7, 0x44, 0xe, 0xfffffff3, 0x3, 0x5, 0x2, 0xe00000, 0x336, 0x80000000, 0x0, 0x1, 0x0, 0xffffff4d, 0x8, 0x1, 0x2, 0x5a5, 0x8, 0x101, 0x2, 0x9, 0x1, 0x1, 0xfffffff7, 0x73, 0x3ff, 0xc0, 0x946, 0xbd4, 0xb, 0xfbcc, 0x4739, 0x0, 0x9, 0x238b724d, 0x9, 0x0, 0xb358, 0xfffffffd, 0x6, 0xffff, 0x77e, 0x5, 0x7, 0x2, 0x6, 0x9, 0x6, 0x4, 0x5, 0x9, 0x8001, 0x46, 0xe, 0x7f, 0x1, 0x9, 0x3ff, 0x7, 0x8, 0x15, 0xb, 0x9, 0x4, 0x3, 0x1, 0x7fffffff, 0x100, 0xa6f, 0x4, 0x9, 0x1000, 0x27, 0x800, 0x800, 0x9, 0x9, 0x7ff, 0x0, 0x7ff, 0x8, 0x6]}, @TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x3, 0x3a06f14, 0x80, 0x1, 0x0, 0x1, 0xbf81, 0x8, 0x4, 0x2, 0x8001, 0x3, 0xf8, 0xffff, 0x0, 0x10, 0x3, 0x0, 0x600, 0xfa6, 0x8, 0x1, 0x9, 0x7, 0x2, 0x1, 0x53d8, 0x7ff, 0xff, 0x530e, 0xfff, 0xfffffffd, 0x4, 0x7e43, 0x200, 0x40, 0x78, 0x7, 0x1ff, 0x6, 0x0, 0x7, 0x3, 0x2, 0x80000000, 0xffffffff, 0x3, 0x90e, 0xfffffff9, 0x7, 0x4, 0x5, 0xe5a3, 0x7f, 0x0, 0x7, 0x9, 0x800, 0x91, 0x6, 0x3, 0x0, 0x2, 0x60e, 0x6, 0x8, 0x4, 0xc, 0x7, 0x2, 0x80, 0x6, 0x3ff, 0x7, 0x9, 0x5, 0x0, 0x9, 0x2, 0x2, 0x6, 0x4, 0x7, 0x0, 0x9, 0x6, 0x2, 0x80, 0x6c, 0x5, 0x8, 0x8, 0x100000, 0x401, 0xffff2072, 0x9, 0x7, 0x0, 0x4, 0x5, 0x6, 0x3, 0x38, 0x0, 0x1, 0x3bf39bda, 0x0, 0x5, 0xfffffff7, 0xd324, 0x8, 0x2, 0xf, 0x5, 0xfffffff5, 0x7, 0x1, 0x10, 0x7fffffff, 0x2, 0x7, 0x8, 0x3, 0x9, 0x1, 0x2, 0x20e, 0xff, 0x2, 0x200, 0x4, 0x6, 0x7, 0x80000001, 0x1, 0xffffff0b, 0x6, 0xfffffffa, 0x5, 0x2, 0x2, 0xfffffff3, 0xc, 0x0, 0x4, 0x0, 0x89, 0x9, 0x6, 0x355, 0x101, 0x3, 0xa5c7, 0x401, 0x1c1, 0x4, 0x6, 0x400, 0x101, 0x5, 0xfff, 0x6, 0x9, 0x2, 0xfffffffa, 0x10000, 0x7, 0x4, 0x9, 0x7, 0x10001, 0x50000000, 0xa, 0x1, 0x1, 0x80000000, 0xbb, 0x7, 0x800, 0x2, 0x4, 0x4, 0x8, 0x73d, 0x1, 0x80000000, 0x40, 0x200, 0xfb, 0x8, 0x5, 0x7, 0x9, 0x0, 0xfffffffe, 0x6, 0x7fffffd0, 0xd7, 0x81a, 0xe7cf, 0x2, 0x6, 0x3, 0x3, 0x2, 0xffffffff, 0x800, 0x730e, 0x1, 0xfffffffc, 0x3, 0x7, 0x7, 0x4, 0xce4, 0x200, 0x4, 0x1, 0xffff, 0x6, 0x10001, 0x6, 0xfffffff8, 0x3, 0x9, 0x8, 0x2, 0x2, 0x3, 0x2, 0x81, 0x8, 0x4, 0x0, 0x0, 0xa600000, 0x5, 0x1, 0x5, 0x1, 0x1, 0x8, 0x6, 0x0, 0x48315e32, 0x1ff, 0x0, 0x9d, 0xfffff000, 0x1, 0x0, 0x5, 0x160, 0x9, 0x2]}]}]}}]}, 0x840}, 0x1, 0x0, 0x0, 0x4}, 0x4000800) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000200)=@raw={'raw\x00', 0x3c1, 0x3, 0x368, 0x0, 0x1170, 0x1170, 0x0, 0x1170, 0x298, 0x1398, 0x1398, 0x298, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffffff, 0xff000000], [0x0, 0x0, 0x0, 0xffffff00], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x2e, 0x0, 0x0, 0x46}, 0x0, 0x188, 0x1a8, 0x0, {}, [@common=@inet=@socket2={{0x28}, 0x1}, @common=@unspec=@conntrack1={{0xb8}, {{@ipv4=@loopback, [0x0, 0xff000000, 0xffffff00, 0xff], @ipv6=@private1, [0xffffff00, 0xff000000, 0xffffffff, 0xffffff00], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xffffff00], @ipv4=@local, [0xffffffff, 0xffffff00, 0x0, 0xffff00], 0x0, 0x8, 0x8, 0x4e22, 0x4e21, 0x4e23, 0x4e20, 0x100, 0x1240}, 0x81, 0x41}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c8) 3.134489925s ago: executing program 2 (id=3482): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$l2tp6(0xa, 0x2, 0x73) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe) add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000ff0d1400bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) 138.586497ms ago: executing program 5 (id=3483): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) mkdir(0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x622c03, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"]) ioctl$KVM_RUN(r5, 0xae80, 0x0) 91.906202ms ago: executing program 2 (id=3484): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) setresuid(0xee01, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x18) mount(0x0, 0x0, &(0x7f0000000000)='proc\x00', 0x0, 0x0) userfaultfd(0x80001) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@loopback, @in=@empty, 0x4e23}, {@in=@broadcast, 0x4d3, 0x32}, @in=@multicast2, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0xfffffffffffffffe}, {0x800}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) 648.668µs ago: executing program 7 (id=3485): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'dummy0\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @remote}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0xc}, {0xfff3, 0x8}}}, 0x24}}, 0x20040000) 0s ago: executing program 1 (id=3486): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_rdma(0x10, 0x3, 0x14) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100060005004e230000060001000200000008000300ac1414aa0800060001000000000000000000"], 0x38}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'syzkaller1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000540)={'ip6gre0\x00', &(0x7f00000004c0)={'syztnl1\x00', r4, 0x4, 0x81, 0x4, 0x9, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8, 0x7800, 0x1, 0x40}}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan4\x00'}) sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, 0x0, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x9, 0x8, 0x4, 0x4009, 0xa, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value=0x3f000000}, 0x48) setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000080), 0x4) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(0xffffffffffffffff) r6 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r6, &(0x7f0000000140)=[{&(0x7f0000000080)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a0010000100080c10000000000000000000", 0x58}], 0x1) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x18, 0x24, 0x301, 0x0, 0x80, {0x11}, [@nested={0x4, 0x12f}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$FS_IOC_GETFLAGS(r6, 0x80086601, &(0x7f0000000040)) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r8) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="796100000000000000007e00000033000300", @ANYRES32=0x0, @ANYBLOB="a739dfe54ad99ffa18c27526b51001fb4f778791377c"], 0x1c}}, 0x4000054) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x1419, 0x1}, 0x10}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(r7, &(0x7f0000000740)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000700)={&(0x7f0000000640)={0x88, 0x0, 0x300, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x40}, 0x4004884) r10 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="140000001d000b63d25a80648c2594", 0xf}, {&(0x7f0000000580)="3f1c2725e7", 0x5}], 0x2}, 0x4000000) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): idProduct=a415, bcdDevice= 0.40 [ 918.354021][T11527] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 918.373992][T11527] usb 6-1: Product: syz [ 918.389610][T11527] usb 6-1: Manufacturer: syz [ 918.465671][T14947] fuse: Bad value for 'fd' [ 918.630098][ T5947] usb 6-1: USB disconnect, device number 20 [ 920.917125][T14978] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2680'. [ 921.008514][T14978] macvtap5: entered promiscuous mode [ 921.013851][T14978] bond0: entered promiscuous mode [ 921.082277][T14978] macvtap5: entered allmulticast mode [ 921.105474][T14978] bond0: entered allmulticast mode [ 921.115771][T14978] 8021q: adding VLAN 0 to HW filter on device macvtap5 [ 921.237540][ T917] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 921.462245][T14982] bond0: left allmulticast mode [ 921.517964][T14982] bond0: left promiscuous mode [ 921.605248][ T917] usb 6-1: Using ep0 maxpacket: 32 [ 921.606306][ T30] audit: type=1326 audit(1748459934.224:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.3.2679" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff30b58e969 code=0x0 [ 921.622563][ T917] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 921.685394][ T917] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 921.744670][ T917] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 921.925358][ T917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 921.960144][ T917] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 921.985465][ T917] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 922.039616][ T917] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 922.121708][ T917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 922.185400][ T917] usb 6-1: config 0 descriptor?? [ 922.542155][ T917] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 21 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 922.685893][T14992] lo speed is unknown, defaulting to 1000 [ 924.498965][ T917] usb 6-1: USB disconnect, device number 21 [ 924.515886][ T917] usblp0: removed [ 925.093657][T15015] fuse: Bad value for 'fd' [ 925.125326][T11527] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 925.286997][T11527] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 925.317564][T11527] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 925.344744][T11527] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 66 [ 925.375819][T11527] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 925.387789][T11527] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 925.408273][T11527] usb 7-1: Product: syz [ 925.419262][T11527] usb 7-1: Manufacturer: syz [ 925.604716][ T30] audit: type=1326 audit(1748459938.214:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15028 comm="syz.5.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 925.637314][ T30] audit: type=1326 audit(1748459938.224:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15028 comm="syz.5.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 925.965407][ T30] audit: type=1326 audit(1748459938.224:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15028 comm="syz.5.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 925.987358][ T30] audit: type=1326 audit(1748459938.224:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15028 comm="syz.5.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 925.989744][ T917] usb 7-1: USB disconnect, device number 3 [ 926.009611][ T30] audit: type=1326 audit(1748459938.224:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15028 comm="syz.5.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 926.038480][ T30] audit: type=1326 audit(1748459938.224:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15028 comm="syz.5.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 926.213503][ T30] audit: type=1326 audit(1748459938.224:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15028 comm="syz.5.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 926.285800][ T30] audit: type=1326 audit(1748459938.224:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15028 comm="syz.5.2693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 927.135101][ T5931] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 927.135182][ T5876] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 927.315521][ T5876] usb 7-1: Using ep0 maxpacket: 8 [ 927.332366][ T5876] usb 7-1: config 0 has no interfaces? [ 927.349988][ T5876] usb 7-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice=11.00 [ 927.359473][ T5931] usb 4-1: Using ep0 maxpacket: 32 [ 927.374504][ T5931] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 927.402697][ T5876] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 927.463639][ T5876] usb 7-1: config 0 descriptor?? [ 927.465815][ T5931] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 927.601839][ T5931] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 927.633984][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 927.663844][ T5931] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 927.746540][ T5931] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 927.804762][ T978] usb 7-1: USB disconnect, device number 4 [ 927.937187][ T5931] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 928.020972][ T30] audit: type=1804 audit(1748459940.594:1133): pid=15050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.2699" name="/newroot/513/file0/bus/bus" dev="ramfs" ino=54626 res=1 errno=0 [ 928.054139][ T5931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 928.078165][ T5931] usb 4-1: config 0 descriptor?? [ 928.115264][ T30] audit: type=1804 audit(1748459940.604:1134): pid=15050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.2699" name="/newroot/513/file0/bus/bus" dev="ramfs" ino=54626 res=1 errno=0 [ 928.385993][ T5931] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 33 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 929.877444][ T917] usb 4-1: USB disconnect, device number 33 [ 929.888397][ T917] usblp0: removed [ 930.536559][T11527] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 930.751971][T11527] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 930.776162][T11527] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 930.804311][T11527] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 66 [ 930.844420][T11527] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 930.855706][T11527] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 930.863850][T11527] usb 3-1: Product: syz [ 930.896332][T11527] usb 3-1: Manufacturer: syz [ 931.236531][T15094] 9pnet: Unknown protocol version 9p20\++} [ 931.611390][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.678592][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.852402][ T5876] usb 3-1: USB disconnect, device number 42 [ 932.564127][T15093] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 932.751055][T15093] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 932.865585][T15109] fuse: Bad value for 'fd' [ 933.394506][T15116] syzkaller1: tun_chr_ioctl cmd 35111 [ 933.890663][T15121] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2721'. [ 933.971102][T15121] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2721'. [ 934.255650][T15126] netlink: 'syz.6.2722': attribute type 2 has an invalid length. [ 935.437604][T15138] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 935.437604][T15138] program syz.3.2726 not setting count and/or reply_len properly [ 935.495215][T11527] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 935.917084][T11527] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 936.269444][T11527] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 936.325058][T11527] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 936.385066][T11527] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 936.408823][T11527] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 936.442653][T11527] usb 7-1: config 0 descriptor?? [ 937.135496][T11527] usbhid 7-1:0.0: can't add hid device: -71 [ 937.163101][T11527] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 937.190815][T11527] usb 7-1: USB disconnect, device number 5 [ 937.586705][T15161] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2731'. [ 937.924165][T15163] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2735'. [ 937.934310][T15163] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2735'. [ 940.260654][T15184] ALSA: mixer_oss: invalid OSS volume '' [ 941.207448][T15201] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2749'. [ 941.216544][T15201] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2749'. [ 943.860534][T15237] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 943.860534][T15237] program syz.3.2764 not setting count and/or reply_len properly [ 944.825083][ T917] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 945.037172][ T917] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 945.051034][ T917] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 945.063950][ T917] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 66 [ 945.080490][ T917] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 945.091104][ T917] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 945.101799][ T917] usb 2-1: Product: syz [ 945.107156][ T917] usb 2-1: Manufacturer: syz [ 946.264814][ T978] usb 2-1: USB disconnect, device number 39 [ 951.226748][T15291] loop6: detected capacity change from 0 to 524287999 [ 951.826209][T15291] Dev loop6: unable to read RDB block 8 [ 951.832044][T15291] loop6: unable to read partition table [ 951.838121][T15291] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 954.316121][T15297] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 954.322473][T15297] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 954.329161][T15297] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 954.355662][T15297] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 954.556641][T15297] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 955.535701][T15311] lo speed is unknown, defaulting to 1000 [ 955.923739][T15314] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.491368][ T5823] Bluetooth: hci4: command 0x0406 tx timeout [ 956.497611][ T5823] Bluetooth: hci1: command 0x0406 tx timeout [ 956.503638][T11217] Bluetooth: hci3: command 0x0c1a tx timeout [ 956.636758][T15314] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.219601][T15330] syz.6.2793: attempt to access beyond end of device [ 957.219601][T15330] loop6: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 957.254070][T15330] gfs2: error -5 reading superblock [ 957.626380][T15314] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 958.645560][T15326] Bluetooth: hci3: command 0x0c1a tx timeout [ 958.647529][T15314] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 959.122938][T15314] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.175583][T15314] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.242905][T15314] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.311646][T15314] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.430995][T15356] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2799'. [ 960.728827][T15326] Bluetooth: hci3: command 0x0c1a tx timeout [ 961.827283][T15374] lo speed is unknown, defaulting to 1000 [ 963.627004][T15388] vivid-007: disconnect [ 963.842533][ T5825] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 963.875529][ T5825] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 963.890356][ T5825] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 963.917727][ T5825] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 963.926199][ T5825] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 964.378958][T15386] vivid-007: reconnect [ 964.652184][T15391] lo speed is unknown, defaulting to 1000 [ 966.005853][ T5825] Bluetooth: hci2: command tx timeout [ 966.502125][T15391] chnl_net:caif_netlink_parms(): no params data found [ 966.628757][T15426] vivid-007: disconnect [ 966.994465][T15423] vivid-007: reconnect [ 967.835182][ T5947] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 968.007751][ T5947] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 968.035255][ T5947] usb 2-1: config 0 has no interfaces? [ 968.041087][ T5947] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 968.085277][ T5825] Bluetooth: hci2: command tx timeout [ 968.111336][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 968.134144][ T5947] usb 2-1: config 0 descriptor?? [ 970.165214][ T5825] Bluetooth: hci2: command tx timeout [ 970.494614][ T5947] usb 2-1: USB disconnect, device number 40 [ 971.180843][ T49] bond1 (unregistering): Released all slaves [ 971.485651][ T49] bond2 (unregistering): Released all slaves [ 971.594898][T15391] bridge0: port 1(bridge_slave_0) entered blocking state [ 971.603430][T15391] bridge0: port 1(bridge_slave_0) entered disabled state [ 971.612254][T15391] bridge_slave_0: entered allmulticast mode [ 971.648923][T15391] bridge_slave_0: entered promiscuous mode [ 971.659533][T15391] bridge0: port 2(bridge_slave_1) entered blocking state [ 971.668961][T15391] bridge0: port 2(bridge_slave_1) entered disabled state [ 971.677227][T15391] bridge_slave_1: entered allmulticast mode [ 971.900115][T15391] bridge_slave_1: entered promiscuous mode [ 972.080981][T15391] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 972.213295][T15391] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 972.245192][ T5825] Bluetooth: hci2: command tx timeout [ 972.531207][T15470] syz.1.2834: attempt to access beyond end of device [ 972.531207][T15470] loop1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 972.551126][T15470] gfs2: error -5 reading superblock [ 972.624536][T15391] team0: Port device team_slave_0 added [ 972.710906][T15391] team0: Port device team_slave_1 added [ 972.846463][T15478] vivid-007: disconnect [ 973.404313][T15391] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 973.475441][T15391] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 973.537427][T15474] vivid-007: reconnect [ 973.586540][T15391] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 973.601348][T15391] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 973.609276][T15391] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 973.645514][T15391] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 974.181737][ T49] hsr_slave_0: left promiscuous mode [ 974.197836][ T49] hsr_slave_1: left promiscuous mode [ 974.415201][T11527] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 974.576796][T11527] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 974.596838][T11527] usb 2-1: config 0 has no interfaces? [ 974.605211][T11527] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 974.644547][T11527] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 974.662294][T11527] usb 2-1: config 0 descriptor?? [ 977.311618][ T5947] usb 2-1: USB disconnect, device number 41 [ 979.105295][T15521] vivid-007: disconnect [ 979.144604][T15519] vivid-007: reconnect [ 979.271022][T15525] binder: BINDER_SET_CONTEXT_MGR already set [ 979.277320][T15525] binder: 15523:15525 ioctl 4018620d 200000000040 returned -16 [ 980.173310][T15391] hsr_slave_0: entered promiscuous mode [ 980.205878][T15391] hsr_slave_1: entered promiscuous mode [ 980.226350][T15391] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 980.235094][T15391] Cannot create hsr debugfs directory [ 980.504669][T15508] syzkaller1: tun_chr_ioctl cmd 35111 [ 982.184817][ T30] audit: type=1326 audit(1748459994.644:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15543 comm="syz.6.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 982.754451][ T30] audit: type=1326 audit(1748459994.644:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15543 comm="syz.6.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 982.791082][ T30] audit: type=1326 audit(1748459994.644:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15543 comm="syz.6.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 982.821485][ T30] audit: type=1326 audit(1748459994.644:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15543 comm="syz.6.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 982.854173][ T30] audit: type=1326 audit(1748459994.644:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15543 comm="syz.6.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 982.875992][ T30] audit: type=1326 audit(1748459994.654:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15543 comm="syz.6.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 982.927443][ T30] audit: type=1326 audit(1748459994.654:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15543 comm="syz.6.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 983.196663][ T30] audit: type=1326 audit(1748459994.654:1142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15543 comm="syz.6.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 983.218767][ T30] audit: type=1326 audit(1748459994.654:1143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15543 comm="syz.6.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 984.025160][ T30] audit: type=1326 audit(1748459994.654:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15543 comm="syz.6.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 984.375998][ T49] IPVS: stop unused estimator thread 0... [ 984.877614][T15391] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 984.920747][T15391] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 984.940235][T15391] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 985.020205][T15391] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 985.276346][T15578] syzkaller1: tun_chr_ioctl cmd 35111 [ 985.503797][T15391] 8021q: adding VLAN 0 to HW filter on device bond0 [ 985.798042][T15391] 8021q: adding VLAN 0 to HW filter on device team0 [ 985.873883][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 985.881081][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 985.941688][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state [ 985.948948][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 987.043851][T15587] bridge0: entered promiscuous mode [ 988.957658][T15391] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 989.207126][T15391] veth0_vlan: entered promiscuous mode [ 989.234345][T15391] veth1_vlan: entered promiscuous mode [ 989.451793][T15391] veth0_macvtap: entered promiscuous mode [ 989.467830][T15391] veth1_macvtap: entered promiscuous mode [ 989.518540][T15391] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 989.555658][T15391] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 989.604759][T15391] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 989.627669][T15391] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 989.672049][T15391] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 989.693542][T15391] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 989.944686][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 989.977859][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 990.049545][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 990.078726][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 991.742350][T15628] lo speed is unknown, defaulting to 1000 [ 991.768881][T15641] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2880'. [ 991.785473][ T5947] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 991.959817][ T5947] usb 4-1: config index 0 descriptor too short (expected 47546, got 50) [ 991.995702][ T5947] usb 4-1: config 0 has an invalid interface number: 129 but max is 1 [ 992.003956][ T5947] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 992.061743][ T5947] usb 4-1: config 0 has no interface number 1 [ 992.072909][ T5947] usb 4-1: config 0 interface 129 has no altsetting 0 [ 992.091455][ T5947] usb 4-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 992.123411][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 992.147475][ T5947] usb 4-1: Product: syz [ 992.151742][ T5947] usb 4-1: Manufacturer: syz [ 992.187717][ T5947] usb 4-1: SerialNumber: syz [ 992.229615][ T5947] usb 4-1: config 0 descriptor?? [ 992.762994][T15658] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2879'. [ 993.052931][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.060077][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.085276][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 993.085296][ T30] audit: type=1326 audit(1748460005.694:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15661 comm="syz.5.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 993.124713][ T30] audit: type=1326 audit(1748460005.724:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15661 comm="syz.5.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 993.151035][ T30] audit: type=1326 audit(1748460005.724:1154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15661 comm="syz.5.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 993.175481][ T30] audit: type=1326 audit(1748460005.724:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15661 comm="syz.5.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 993.276023][ T30] audit: type=1326 audit(1748460005.724:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15661 comm="syz.5.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 993.754854][T15672] loop6: detected capacity change from 0 to 524287999 [ 994.709213][ T5947] msi2500 4-1:0.129: Registered as swradio24 [ 994.717140][ T5947] msi2500 4-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 994.848611][T15682] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2893'. [ 994.875567][ T5947] videodev: could not get a free minor [ 994.903319][ T5947] msi2500 4-1:0.0: Failed to register as video device (-23) [ 994.942592][ T5947] msi2500 4-1:0.0: probe with driver msi2500 failed with error -23 [ 994.987479][ T5947] usb 4-1: USB disconnect, device number 34 [ 995.326226][ T5947] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 995.333679][ T30] audit: type=1326 audit(1748460007.944:1157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15690 comm="syz.1.2896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80378e969 code=0x7ffc0000 [ 995.370944][ T30] audit: type=1326 audit(1748460007.974:1158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15690 comm="syz.1.2896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7ff80378e969 code=0x7ffc0000 [ 995.408246][ T30] audit: type=1326 audit(1748460007.974:1159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15690 comm="syz.1.2896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80378e969 code=0x7ffc0000 [ 995.453203][ T30] audit: type=1326 audit(1748460007.974:1160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15690 comm="syz.1.2896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7ff80378e969 code=0x7ffc0000 [ 995.565521][ T5947] usb 4-1: Using ep0 maxpacket: 32 [ 995.587047][ T5947] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 995.598841][ T5947] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 995.624127][ T5947] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 995.651536][ T5947] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 995.665948][ T5947] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 995.735348][ T30] audit: type=1326 audit(1748460007.974:1161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15690 comm="syz.1.2896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80378e969 code=0x7ffc0000 [ 996.045099][ T5947] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 996.299077][ T5947] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 996.300610][T15698] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2897'. [ 996.319686][ T5947] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 996.550515][ T5947] usb 4-1: config 0 descriptor?? [ 997.566278][T15700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2897'. [ 997.659574][T15704] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2897'. [ 997.863912][ T5947] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 35 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1000.194502][ T917] usb 4-1: USB disconnect, device number 35 [ 1000.217128][ T917] usblp0: removed [ 1000.365908][T11527] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 1000.426096][ T978] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 1000.869604][T11527] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1000.881137][T15734] loop6: detected capacity change from 0 to 524287999 [ 1000.890197][ T978] usb 6-1: config index 0 descriptor too short (expected 47546, got 50) [ 1000.929795][T11527] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1000.947244][ T978] usb 6-1: config 0 has an invalid interface number: 129 but max is 1 [ 1000.961648][ T978] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1000.971932][T11527] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1000.987573][ T978] usb 6-1: config 0 has no interface number 1 [ 1000.993833][T11527] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1001.055988][ T978] usb 6-1: config 0 interface 129 has no altsetting 0 [ 1001.078282][ T978] usb 6-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1001.118051][T11527] usb 7-1: config 0 descriptor?? [ 1001.132457][ T978] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1001.203895][T11527] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 1001.223993][ T978] usb 6-1: Product: syz [ 1001.246101][ T978] usb 6-1: Manufacturer: syz [ 1001.274827][ T978] usb 6-1: SerialNumber: syz [ 1001.305405][ T978] usb 6-1: config 0 descriptor?? [ 1001.753888][T15738] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2904'. [ 1003.203842][T11527] usb 7-1: USB disconnect, device number 6 [ 1004.093883][T15750] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2911'. [ 1004.308491][ T978] msi2500 6-1:0.129: Registered as swradio24 [ 1004.362681][ T978] msi2500 6-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1004.557730][ T978] videodev: could not get a free minor [ 1004.563263][ T978] msi2500 6-1:0.0: Failed to register as video device (-23) [ 1004.591310][ T978] msi2500 6-1:0.0: probe with driver msi2500 failed with error -23 [ 1004.725500][ T978] usb 6-1: USB disconnect, device number 22 [ 1005.777828][T15777] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2916'. [ 1005.935152][ T5877] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1006.099217][ T5877] usb 3-1: config index 0 descriptor too short (expected 47546, got 50) [ 1006.111906][ T5877] usb 3-1: config 0 has an invalid interface number: 129 but max is 1 [ 1006.125225][ T5877] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1006.135843][ T978] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 1006.152429][ T5877] usb 3-1: config 0 has no interface number 1 [ 1006.158888][ T5877] usb 3-1: config 0 interface 129 has no altsetting 0 [ 1006.198602][ T5877] usb 3-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1006.245362][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1006.277418][ T5877] usb 3-1: Product: syz [ 1006.281677][ T5877] usb 3-1: Manufacturer: syz [ 1006.307998][ T978] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1006.332661][ T978] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1006.347774][ T5877] usb 3-1: SerialNumber: syz [ 1006.378721][ T5877] usb 3-1: config 0 descriptor?? [ 1006.397731][ T978] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1006.444629][ T978] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1006.506892][ T978] usb 7-1: config 0 descriptor?? [ 1006.550088][ T978] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 1006.912011][T15786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2920'. [ 1007.925192][T15793] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2925'. [ 1008.837179][ T5947] usb 7-1: USB disconnect, device number 7 [ 1009.303985][ T5877] msi2500 3-1:0.129: Registered as swradio24 [ 1009.422666][ T5877] msi2500 3-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1009.449707][T15813] netlink: 'syz.1.2930': attribute type 2 has an invalid length. [ 1009.649344][T15800] lo speed is unknown, defaulting to 1000 [ 1009.755328][ T917] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 1009.918625][ T917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1009.953976][ T5877] videodev: could not get a free minor [ 1009.973133][ T917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1009.985271][ T5877] msi2500 3-1:0.0: Failed to register as video device (-23) [ 1010.013058][ T917] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1010.053766][ T917] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1010.120331][ T917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1010.135945][ T5877] msi2500 3-1:0.0: probe with driver msi2500 failed with error -23 [ 1010.201367][ T917] usb 2-1: config 0 descriptor?? [ 1010.222490][ T5877] usb 3-1: USB disconnect, device number 43 [ 1010.768356][ T917] usbhid 2-1:0.0: can't add hid device: -71 [ 1010.776609][ T917] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1010.809868][ T917] usb 2-1: USB disconnect, device number 42 [ 1011.219413][T15833] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2934'. [ 1011.223286][T15835] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2936'. [ 1011.665147][ T5876] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 1012.677333][ T5876] usb 6-1: config index 0 descriptor too short (expected 47546, got 50) [ 1012.686149][ T5876] usb 6-1: config 0 has an invalid interface number: 129 but max is 1 [ 1012.694359][ T5876] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1012.715119][ T917] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 1012.739502][ T5876] usb 6-1: config 0 has no interface number 1 [ 1012.775073][ T5876] usb 6-1: config 0 interface 129 has no altsetting 0 [ 1012.795204][ T5876] usb 6-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1012.814580][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1012.831358][ T5876] usb 6-1: Product: syz [ 1012.845608][ T5876] usb 6-1: Manufacturer: syz [ 1012.850411][ T5876] usb 6-1: SerialNumber: syz [ 1012.867153][ T917] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1012.879144][ T5876] usb 6-1: config 0 descriptor?? [ 1012.887815][ T917] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1012.982891][T15848] lo speed is unknown, defaulting to 1000 [ 1013.053566][ T917] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1013.075286][ T917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1013.118561][ T917] usb 2-1: config 0 descriptor?? [ 1013.149585][ T917] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1013.353994][T15852] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2938'. [ 1014.643572][ T5876] msi2500 6-1:0.129: Registered as swradio24 [ 1014.657718][ T5876] msi2500 6-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1014.809808][T15881] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2949'. [ 1014.823949][T15882] netlink: 'syz.5.2950': attribute type 2 has an invalid length. [ 1014.842132][ T5876] videodev: could not get a free minor [ 1014.863520][ T5876] msi2500 6-1:0.0: Failed to register as video device (-23) [ 1014.907897][T15875] syzkaller1: tun_chr_ioctl cmd 35111 [ 1014.974912][ T5876] msi2500 6-1:0.0: probe with driver msi2500 failed with error -23 [ 1014.998962][ T5876] usb 6-1: USB disconnect, device number 23 [ 1016.075481][ T5947] usb 2-1: USB disconnect, device number 43 [ 1017.285248][ T5876] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 1017.394180][T15903] syz.3.2953: attempt to access beyond end of device [ 1017.394180][T15903] loop3: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 1017.456816][ T5876] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1017.498925][ T5876] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1017.511634][T15903] gfs2: error -5 reading superblock [ 1017.552271][ T5876] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1017.607474][ T5876] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1017.666647][ T5876] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.741109][ T5876] usb 6-1: config 0 descriptor?? [ 1017.754161][ T5876] usb 6-1: can't set config #0, error -71 [ 1017.779320][ T5876] usb 6-1: USB disconnect, device number 24 [ 1018.095800][T15908] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2955'. [ 1018.653161][T15918] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2961'. [ 1018.875099][ T5876] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 1019.175825][T15749] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1019.759434][ T5876] usb 3-1: config index 0 descriptor too short (expected 47546, got 50) [ 1019.775145][ T5876] usb 3-1: config 0 has an invalid interface number: 129 but max is 1 [ 1019.795406][ T5876] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1019.825082][ T5876] usb 3-1: config 0 has no interface number 1 [ 1019.843524][ T5876] usb 3-1: config 0 interface 129 has no altsetting 0 [ 1019.879015][ T5876] usb 3-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1019.909192][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1019.939263][T15749] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1019.948883][ T5876] usb 3-1: Product: syz [ 1019.955214][T15749] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1019.973861][ T5876] usb 3-1: Manufacturer: syz [ 1019.985047][T15749] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1019.994136][T15749] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1019.999465][ T5876] usb 3-1: SerialNumber: syz [ 1020.021653][T15749] usb 4-1: config 0 descriptor?? [ 1020.028953][ T5876] usb 3-1: config 0 descriptor?? [ 1020.071820][T15749] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1020.498579][T15938] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2960'. [ 1020.719325][T15933] syzkaller1: tun_chr_ioctl cmd 35111 [ 1020.845663][T15749] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 1020.887407][T15944] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2966'. [ 1021.055158][T15749] usb 7-1: Using ep0 maxpacket: 16 [ 1021.559763][T15749] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1021.572393][T15749] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1021.630459][T15749] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1021.732996][T15749] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1021.743499][T15749] usb 7-1: Product: syz [ 1021.748105][T15749] usb 7-1: Manufacturer: syz [ 1021.754036][T15749] usb 7-1: SerialNumber: syz [ 1021.760813][T15749] usb 7-1: config 0 descriptor?? [ 1021.772738][T15749] hub 7-1:0.0: bad descriptor, ignoring hub [ 1021.778749][T15749] hub 7-1:0.0: probe with driver hub failed with error -5 [ 1021.912798][ T5876] msi2500 3-1:0.129: Registered as swradio24 [ 1021.920640][ T5876] msi2500 3-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1023.732475][ T5833] usb 4-1: USB disconnect, device number 36 [ 1024.155155][ T5947] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 1024.180281][ T5876] videodev: could not get a free minor [ 1024.213907][ T5876] msi2500 3-1:0.0: Failed to register as video device (-23) [ 1024.253348][T15966] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2974'. [ 1024.283391][ T5876] msi2500 3-1:0.0: probe with driver msi2500 failed with error -23 [ 1024.354071][T15970] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2973'. [ 1024.375528][ T5875] usb 7-1: USB disconnect, device number 8 [ 1024.429793][ T5947] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1024.595474][ T5876] usb 3-1: USB disconnect, device number 44 [ 1024.600013][T15977] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2976'. [ 1024.613568][T15977] netem: change failed [ 1025.325051][ T5947] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1025.355036][ T5947] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1025.364139][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1025.456982][T15961] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1025.584504][ T5947] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1026.055076][ T978] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 1026.268698][ T978] usb 3-1: config index 0 descriptor too short (expected 47546, got 50) [ 1026.292306][ T978] usb 3-1: config 0 has an invalid interface number: 129 but max is 1 [ 1026.315556][ T978] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1026.339179][ T978] usb 3-1: config 0 has no interface number 1 [ 1026.364004][ T978] usb 3-1: config 0 interface 129 has no altsetting 0 [ 1026.405486][ T978] usb 3-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1026.425005][ T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1026.446064][ T978] usb 3-1: Product: syz [ 1026.452018][ T978] usb 3-1: Manufacturer: syz [ 1026.456822][ T978] usb 3-1: SerialNumber: syz [ 1026.468352][ T978] usb 3-1: config 0 descriptor?? [ 1026.643521][T15991] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2977'. [ 1027.014213][T15992] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1027.060776][T15993] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2979'. [ 1027.102221][T15992] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1027.165658][T15749] usb 6-1: USB disconnect, device number 25 [ 1027.233275][T15992] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1027.781326][T15992] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1028.264348][T15992] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1028.303516][T15992] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1028.361108][T15992] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1028.420032][T15992] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1028.475208][ T5947] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1028.623444][T16008] siw: device registration error -23 [ 1029.271184][T16013] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2986'. [ 1029.305274][ T978] msi2500 3-1:0.129: Registered as swradio24 [ 1029.323837][ T978] msi2500 3-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1029.397452][ T5947] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1029.425102][ T5947] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1029.455215][ T5947] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1029.464304][ T5947] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1029.483586][ T978] videodev: could not get a free minor [ 1029.486120][ T5947] usb 4-1: config 0 descriptor?? [ 1029.496279][ T978] msi2500 3-1:0.0: Failed to register as video device (-23) [ 1029.505099][T15967] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 1029.520025][ T978] msi2500 3-1:0.0: probe with driver msi2500 failed with error -23 [ 1029.521823][ T5947] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1029.579946][ T978] usb 3-1: USB disconnect, device number 45 [ 1029.685123][T15967] usb 2-1: Using ep0 maxpacket: 16 [ 1029.692300][T15967] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1029.713636][T16022] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2984'. [ 1029.747450][T15967] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1029.845950][T15967] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1029.869656][T15967] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1029.895222][T15967] usb 2-1: Product: syz [ 1029.907826][T15967] usb 2-1: Manufacturer: syz [ 1029.924471][T15967] usb 2-1: SerialNumber: syz [ 1029.951246][T15967] usb 2-1: config 0 descriptor?? [ 1029.966622][T15967] hub 2-1:0.0: bad descriptor, ignoring hub [ 1029.979625][T15967] hub 2-1:0.0: probe with driver hub failed with error -5 [ 1030.670885][ T1154] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1030.762037][ T1154] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.186736][ T1154] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1031.274253][ T1154] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.618378][ T1154] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1031.710695][ T1154] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.942557][ T5877] usb 2-1: USB disconnect, device number 44 [ 1031.998589][T15967] usb 4-1: USB disconnect, device number 37 [ 1032.027513][T15326] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1032.765414][T15326] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1032.778769][T15326] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1032.802858][ T1154] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1032.814425][ T1154] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1032.915640][T15326] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1032.929097][T15326] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1034.394340][ T1154] bond0 (unregistering): (slave vxlan0): Releasing backup interface [ 1034.577805][ T1154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1034.633285][ T1154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1034.664613][ T1154] bond0 (unregistering): Released all slaves [ 1034.911801][T16049] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2993'. [ 1035.095875][ T5825] Bluetooth: hci0: command tx timeout [ 1035.701366][ T1154] bond1 (unregistering): Released all slaves [ 1035.723138][T16032] lo speed is unknown, defaulting to 1000 [ 1035.826149][ T978] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1035.992404][ T978] usb 4-1: config index 0 descriptor too short (expected 47546, got 50) [ 1036.011225][ T978] usb 4-1: config 0 has an invalid interface number: 129 but max is 1 [ 1036.041590][ T978] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1036.138408][ T978] usb 4-1: config 0 has no interface number 1 [ 1036.144662][ T978] usb 4-1: config 0 interface 129 has no altsetting 0 [ 1036.221514][ T978] usb 4-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1036.253421][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1036.281559][ T978] usb 4-1: Product: syz [ 1036.294992][ T978] usb 4-1: Manufacturer: syz [ 1036.322483][ T978] usb 4-1: SerialNumber: syz [ 1036.388826][ T978] usb 4-1: config 0 descriptor?? [ 1036.829836][ T1154] hsr_slave_0: left promiscuous mode [ 1037.157320][ T5825] Bluetooth: hci0: command tx timeout [ 1037.496961][ T1154] hsr_slave_1: left promiscuous mode [ 1037.509811][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1037.519052][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1037.531160][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1037.546707][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1037.575213][T15967] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1037.598479][ T1154] veth1_macvtap: left promiscuous mode [ 1037.611665][ T1154] veth0_macvtap: left promiscuous mode [ 1037.617505][ T1154] veth1_vlan: left promiscuous mode [ 1037.727545][T15967] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1037.746562][T15967] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1037.760118][T15967] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1037.771899][T15967] usb 6-1: config 0 descriptor?? [ 1037.790834][T15967] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 1038.379767][ T1154] team0 (unregistering): Port device team_slave_1 removed [ 1038.441205][ T1154] team0 (unregistering): Port device team_slave_0 removed [ 1039.016752][T16078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2996'. [ 1039.032897][T16032] chnl_net:caif_netlink_parms(): no params data found [ 1039.400908][ T978] msi2500 4-1:0.129: Registered as swradio24 [ 1039.414233][ T978] msi2500 4-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1039.641004][T16095] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3002'. [ 1040.110828][ T5825] Bluetooth: hci0: command tx timeout [ 1040.254150][ T5877] usb 6-1: USB disconnect, device number 26 [ 1040.582808][ T978] videodev: could not get a free minor [ 1040.588406][ T978] msi2500 4-1:0.0: Failed to register as video device (-23) [ 1040.598979][ T978] msi2500 4-1:0.0: probe with driver msi2500 failed with error -23 [ 1040.609255][ T978] usb 4-1: USB disconnect, device number 38 [ 1042.225237][ T5825] Bluetooth: hci0: command tx timeout [ 1042.651887][T16032] bridge0: port 1(bridge_slave_0) entered blocking state [ 1042.662577][T16032] bridge0: port 1(bridge_slave_0) entered disabled state [ 1042.927437][T16032] bridge_slave_0: entered allmulticast mode [ 1042.971248][T16032] bridge_slave_0: entered promiscuous mode [ 1043.003805][T16032] bridge0: port 2(bridge_slave_1) entered blocking state [ 1043.019344][T16032] bridge0: port 2(bridge_slave_1) entered disabled state [ 1043.037307][T16032] bridge_slave_1: entered allmulticast mode [ 1043.057988][T16032] bridge_slave_1: entered promiscuous mode [ 1043.211325][T16120] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3009'. [ 1043.229480][T16032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1043.333946][ T1154] IPVS: stop unused estimator thread 0... [ 1043.334126][T16032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1043.643577][T16032] team0: Port device team_slave_0 added [ 1043.663844][T16032] team0: Port device team_slave_1 added [ 1044.002297][T16032] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1044.037290][T16032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1044.287873][T16135] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3012'. [ 1044.301058][ T5877] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1044.489462][ T5877] usb 4-1: config index 0 descriptor too short (expected 47546, got 50) [ 1044.599775][ T5877] usb 4-1: config 0 has an invalid interface number: 129 but max is 1 [ 1044.735577][T16032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1044.748799][T16032] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1044.755943][T16032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1044.783061][T16032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1044.879566][ T5877] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1044.890429][ T5877] usb 4-1: config 0 has no interface number 1 [ 1044.898518][ T5877] usb 4-1: config 0 interface 129 has no altsetting 0 [ 1044.908011][ T5877] usb 4-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1044.921115][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1044.940715][ T5877] usb 4-1: Product: syz [ 1044.946435][ T5877] usb 4-1: Manufacturer: syz [ 1044.951071][ T5877] usb 4-1: SerialNumber: syz [ 1044.975595][ T5877] usb 4-1: config 0 descriptor?? [ 1044.988355][T16032] hsr_slave_0: entered promiscuous mode [ 1044.999262][T16032] hsr_slave_1: entered promiscuous mode [ 1045.006018][T16032] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1045.013615][T16032] Cannot create hsr debugfs directory [ 1046.402143][T16153] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3011'. [ 1047.380308][T16161] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 1047.380308][T16161] program syz.6.3020 not setting count and/or reply_len properly [ 1048.114134][ T5877] msi2500 4-1:0.129: Registered as swradio24 [ 1048.145021][ T5877] msi2500 4-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1048.345805][ T5877] videodev: could not get a free minor [ 1048.351978][ T5877] msi2500 4-1:0.0: Failed to register as video device (-23) [ 1048.381071][ T5877] msi2500 4-1:0.0: probe with driver msi2500 failed with error -23 [ 1048.417589][ T5877] usb 4-1: USB disconnect, device number 39 [ 1048.460341][T16032] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1048.513369][T16032] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1048.540264][T16032] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1048.581099][T16032] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1048.894220][T16032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1048.944739][T16032] 8021q: adding VLAN 0 to HW filter on device team0 [ 1048.951888][T16185] Bluetooth: MGMT ver 1.23 [ 1048.963379][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state [ 1048.971874][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1049.017179][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state [ 1049.024451][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1049.323015][T16191] loop6: detected capacity change from 0 to 524287999 [ 1049.937589][T16191] loop6: unable to read partition table [ 1049.943507][T16191] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 1050.431784][T16202] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3031'. [ 1051.110924][T16032] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1051.280345][T16032] veth0_vlan: entered promiscuous mode [ 1051.474074][T16032] veth1_vlan: entered promiscuous mode [ 1051.559023][T16032] veth0_macvtap: entered promiscuous mode [ 1051.603553][T16032] veth1_macvtap: entered promiscuous mode [ 1051.701953][T16032] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1051.820859][T16032] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1051.890812][T16032] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1051.902680][T16032] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1051.920399][T16032] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1051.931390][T16032] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1052.279778][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1052.331646][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1052.378533][ T1318] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1052.397022][ T1318] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1052.571227][T16212] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 1052.571227][T16212] program syz.3.3034 not setting count and/or reply_len properly [ 1054.492135][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.514014][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.969049][T16227] syzkaller1: tun_chr_ioctl cmd 35111 [ 1055.870186][T16248] loop6: detected capacity change from 0 to 524287999 [ 1057.053559][T16248] Dev loop6: unable to read RDB block 8 [ 1057.137971][T16248] loop6: unable to read partition table [ 1057.143904][T16248] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 1057.249763][ T5875] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 1057.427754][ T5875] usb 6-1: config index 0 descriptor too short (expected 47546, got 50) [ 1057.454600][ T5875] usb 6-1: config 0 has an invalid interface number: 129 but max is 1 [ 1057.495075][ T5875] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1057.523978][ T5875] usb 6-1: config 0 has no interface number 1 [ 1057.532678][T16260] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1057.540827][ T5875] usb 6-1: config 0 interface 129 has no altsetting 0 [ 1057.543839][ T5875] usb 6-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1057.558772][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1058.146203][ T5875] usb 6-1: Product: syz [ 1058.389183][ T5875] usb 6-1: Manufacturer: syz [ 1058.415674][ T5875] usb 6-1: SerialNumber: syz [ 1058.459677][ T5875] usb 6-1: config 0 descriptor?? [ 1059.819098][ T5875] msi2500 6-1:0.129: Registered as swradio24 [ 1059.842545][ T5875] msi2500 6-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1060.383485][T16279] syzkaller1: tun_chr_ioctl cmd 35111 [ 1060.385693][ T5875] videodev: could not get a free minor [ 1060.399139][ T5875] msi2500 6-1:0.0: Failed to register as video device (-23) [ 1060.409528][ T5875] msi2500 6-1:0.0: probe with driver msi2500 failed with error -23 [ 1060.419924][ T5875] usb 6-1: USB disconnect, device number 27 [ 1060.635154][T15967] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1061.560351][T15967] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1061.574468][T15967] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1061.684261][T15967] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1061.708752][T15967] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1061.746657][T15967] usb 4-1: config 0 descriptor?? [ 1061.755900][T15967] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1061.982878][T16304] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1063.505328][T15967] usb 4-1: USB disconnect, device number 40 [ 1065.569436][T16332] syzkaller1: tun_chr_ioctl cmd 35111 [ 1065.992116][T16343] 9pnet: Unknown protocol version 9p20\++} [ 1066.328841][T16345] fuse: Bad value for 'rootmode' [ 1066.413217][T16348] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1066.486578][T16345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3073'. [ 1066.575974][T16345] bond_slave_0: entered promiscuous mode [ 1066.581717][T16345] bond_slave_1: entered promiscuous mode [ 1066.661525][T16345] macvtap1: entered promiscuous mode [ 1066.853238][T16345] bond0: entered promiscuous mode [ 1066.859442][T16345] macvtap1: entered allmulticast mode [ 1066.864863][T16345] bond0: entered allmulticast mode [ 1066.875109][T16345] bond_slave_0: entered allmulticast mode [ 1066.880992][T16345] bond_slave_1: entered allmulticast mode [ 1066.891285][T16345] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 1067.123646][T16361] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3076'. [ 1067.793798][T16349] bond0: left allmulticast mode [ 1067.977929][T16349] bond_slave_0: left allmulticast mode [ 1068.003611][T16349] bond_slave_1: left allmulticast mode [ 1068.037537][T16349] bond0: left promiscuous mode [ 1068.042984][T16349] bond_slave_0: left promiscuous mode [ 1068.048566][T16349] bond_slave_1: left promiscuous mode [ 1072.425543][T16401] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1075.702462][T16406] syzkaller1: tun_chr_ioctl cmd 35111 [ 1076.684909][T16419] fuse: Bad value for 'rootmode' [ 1076.709680][T16419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3094'. [ 1076.798096][T16419] macvtap6: entered promiscuous mode [ 1076.803422][T16419] bond0: entered promiscuous mode [ 1076.808741][T16419] macvtap6: entered allmulticast mode [ 1076.814119][T16419] bond0: entered allmulticast mode [ 1076.869272][T16419] 8021q: adding VLAN 0 to HW filter on device macvtap6 [ 1076.941556][T16420] bond0: left allmulticast mode [ 1076.958335][T16420] bond0: left promiscuous mode [ 1081.526590][T16449] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1083.027625][T15326] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1083.037509][T15326] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1083.053309][T15326] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1083.061728][T15326] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1083.072067][T15326] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1083.222241][ T13] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.146958][ T13] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.420957][ T13] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.692578][ T13] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.758290][T16468] syzkaller1: tun_chr_ioctl cmd 35111 [ 1085.125193][T15326] Bluetooth: hci1: command tx timeout [ 1086.077408][T16485] syz.5.3107: attempt to access beyond end of device [ 1086.077408][T16485] loop5: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 1087.086340][T16485] gfs2: error -5 reading superblock [ 1087.145088][ T5947] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1087.216424][ T5825] Bluetooth: hci1: command tx timeout [ 1087.298551][ T5825] Bluetooth: hci2: command 0x0406 tx timeout [ 1087.471897][ T5947] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1087.515140][ T5947] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1087.886002][T16502] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1088.484816][ T5947] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1088.506531][ T5947] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1088.991764][T16491] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1089.016471][ T5947] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1089.132261][ T5947] usb 4-1: USB disconnect, device number 41 [ 1089.286005][T15326] Bluetooth: hci1: command tx timeout [ 1090.851048][ T13] bond0 (unregistering): Released all slaves [ 1091.188287][ T13] bond1 (unregistering): Released all slaves [ 1091.320973][T16521] syzkaller1: tun_chr_ioctl cmd 35111 [ 1091.405138][T15326] Bluetooth: hci1: command tx timeout [ 1091.472943][ T13] : left promiscuous mode [ 1093.738996][T16461] chnl_net:caif_netlink_parms(): no params data found [ 1094.716638][ T13] hsr_slave_0: left promiscuous mode [ 1094.779189][ T13] veth1_macvtap: left promiscuous mode [ 1094.805157][ T13] veth0_macvtap: left promiscuous mode [ 1094.825245][ T13] veth1_vlan: left promiscuous mode [ 1094.841172][ T13] veth0_vlan: left promiscuous mode [ 1094.886076][T15967] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 1096.154348][T15967] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1096.187457][T15967] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1096.210620][T16565] syz.6.3125: attempt to access beyond end of device [ 1096.210620][T16565] loop6: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 1096.231222][T15967] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1096.275820][T16565] gfs2: error -5 reading superblock [ 1096.283835][T15967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1096.369803][T16548] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1096.424632][T15967] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1097.704700][T15967] usb 3-1: USB disconnect, device number 46 [ 1098.362460][T16575] syzkaller1: tun_chr_ioctl cmd 35111 [ 1098.482309][T16578] netlink: 96 bytes leftover after parsing attributes in process `syz.6.3129'. [ 1098.777641][T16461] bridge0: port 1(bridge_slave_0) entered blocking state [ 1098.800169][T16461] bridge0: port 1(bridge_slave_0) entered disabled state [ 1098.850149][T16461] bridge_slave_0: entered allmulticast mode [ 1098.884527][T16461] bridge_slave_0: entered promiscuous mode [ 1098.911433][T16461] bridge0: port 2(bridge_slave_1) entered blocking state [ 1098.935146][T16461] bridge0: port 2(bridge_slave_1) entered disabled state [ 1098.955681][T16461] bridge_slave_1: entered allmulticast mode [ 1098.980361][T16461] bridge_slave_1: entered promiscuous mode [ 1099.870942][T16461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1099.886405][T16602] syz.5.3137 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1100.080048][T16461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1100.261205][T16461] team0: Port device team_slave_0 added [ 1100.273377][ T13] IPVS: stop unused estimator thread 0... [ 1100.312462][T16461] team0: Port device team_slave_1 added [ 1100.399070][T16461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1100.415005][T16461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1100.515014][T16461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1100.525758][T15967] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 1100.635717][T16461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1100.677298][T16461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1100.747284][T15967] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1100.763060][T15967] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1100.799419][T15967] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1100.819921][T16461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1100.833720][T15967] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1100.865405][T16617] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1100.990959][T16621] syzkaller1: tun_chr_ioctl cmd 35111 [ 1101.026166][T15967] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1101.309288][T16461] hsr_slave_0: entered promiscuous mode [ 1101.324050][T16461] hsr_slave_1: entered promiscuous mode [ 1101.739889][T16627] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3143'. [ 1101.910689][T16630] netlink: 'syz.3.3143': attribute type 303 has an invalid length. [ 1101.950284][T16630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3143'. [ 1102.011708][T16627] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3143'. [ 1103.381888][T16461] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1103.401225][T16461] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1103.405094][ T5876] usb 6-1: USB disconnect, device number 28 [ 1103.463548][T16461] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1103.529818][T16461] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1104.802641][T16461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1104.859887][T16461] 8021q: adding VLAN 0 to HW filter on device team0 [ 1104.890858][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1104.898085][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1104.950720][ T1339] bridge0: port 2(bridge_slave_1) entered blocking state [ 1104.957972][ T1339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1105.528043][ T5825] Bluetooth: hci1: command 0x0405 tx timeout [ 1106.212032][T16657] syzkaller1: tun_chr_ioctl cmd 35111 [ 1106.949396][T16683] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3157'. [ 1107.003379][T16461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1107.115936][T16685] netlink: 'syz.5.3157': attribute type 303 has an invalid length. [ 1107.139230][T16685] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3157'. [ 1107.191645][T16461] veth0_vlan: entered promiscuous mode [ 1107.198395][T16683] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3157'. [ 1107.230523][T16461] veth1_vlan: entered promiscuous mode [ 1107.322755][T16461] veth0_macvtap: entered promiscuous mode [ 1107.347621][T16461] veth1_macvtap: entered promiscuous mode [ 1107.400908][T16461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1107.420255][T16461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1107.439054][T16461] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1107.648505][T16461] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1107.659493][T16461] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1107.669001][T16461] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1108.342692][ T5876] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 1108.660210][ T5876] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1108.697705][ T1339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1108.705957][ T5876] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1108.725281][ T1339] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1108.734408][ T5876] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1108.770531][ T5876] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1108.805572][T16690] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1108.817902][ T5876] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 1108.844853][T16539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1108.877150][T16539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1110.875898][ T978] usb 7-1: USB disconnect, device number 9 [ 1111.181346][T16716] input: syz1 as /devices/virtual/input/input39 [ 1111.572314][T16717] syzkaller1: tun_chr_ioctl cmd 35111 [ 1115.066000][ T5947] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1115.996303][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.002665][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.133778][ T5947] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1117.691291][ T5947] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1117.701146][ T5947] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 1117.725100][ T5947] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1117.856910][ T5947] usb 4-1: config 0 descriptor?? [ 1117.862280][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 1117.885246][ T5947] usb 4-1: can't set config #0, error -32 [ 1117.970392][ T5947] usb 4-1: USB disconnect, device number 42 [ 1118.303113][T16771] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3179'. [ 1118.873393][T16769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3181'. [ 1118.940491][T16769] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1118.959985][T16776] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3182'. [ 1119.164502][T16783] netlink: 'syz.2.3182': attribute type 303 has an invalid length. [ 1119.188757][T16769] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1119.271722][T16776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3182'. [ 1119.309248][T16774] syzkaller1: tun_chr_ioctl cmd 35111 [ 1119.549142][T16776] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3182'. [ 1119.928967][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 1119.929017][ T30] audit: type=1326 audit(1748460132.294:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.5.3186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 1120.385843][ T30] audit: type=1326 audit(1748460132.294:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.5.3186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 1120.409166][ T30] audit: type=1326 audit(1748460132.304:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.5.3186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 1120.432494][ T30] audit: type=1326 audit(1748460132.304:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.5.3186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 1120.455801][ T30] audit: type=1326 audit(1748460132.304:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.5.3186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 1120.494414][ T30] audit: type=1326 audit(1748460132.304:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.5.3186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 1120.661950][ T30] audit: type=1326 audit(1748460132.304:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.5.3186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 1120.717287][ T30] audit: type=1326 audit(1748460132.304:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.5.3186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 1120.739487][ T30] audit: type=1326 audit(1748460132.314:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.5.3186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 1120.771998][ T30] audit: type=1326 audit(1748460132.314:1192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.5.3186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0a5d8e969 code=0x7ffc0000 [ 1120.856384][T16795] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1120.865304][T16795] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1120.885169][T16795] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1120.919602][T16795] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1120.926383][T16795] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1120.951725][T16795] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1120.970579][T16795] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1120.986481][T16795] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1122.232334][T16795] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1122.885605][T15326] Bluetooth: hci2: command 0x0406 tx timeout [ 1122.891880][T15326] Bluetooth: hci3: command 0x0c1a tx timeout [ 1122.966116][T15326] Bluetooth: hci0: command 0x0c1a tx timeout [ 1123.158849][T16822] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3189'. [ 1123.169084][T15326] Bluetooth: hci1: command 0x0405 tx timeout [ 1124.575182][ T5947] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 1125.150120][T16839] xt_bpf: check failed: parse error [ 1125.411554][T15326] Bluetooth: hci0: command 0x0c1a tx timeout [ 1125.417679][T15326] Bluetooth: hci1: command 0x0405 tx timeout [ 1125.423822][ T5825] Bluetooth: hci2: command 0x0406 tx timeout [ 1125.487461][ T5947] usb 2-1: Using ep0 maxpacket: 16 [ 1125.549879][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1125.584475][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1125.737514][ T5947] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 1125.746799][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1125.766451][ T5947] usb 2-1: config 0 descriptor?? [ 1127.012174][T16847] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1127.038155][ T5947] hid-multitouch 0003:1FD2:6007.0021: unbalanced delimiter at end of report description [ 1127.167648][ T5947] hid-multitouch 0003:1FD2:6007.0021: probe with driver hid-multitouch failed with error -22 [ 1127.261320][ T5947] usb 2-1: USB disconnect, device number 45 [ 1127.270809][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 1127.270829][ T30] audit: type=1326 audit(1748460139.864:1199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16849 comm="syz.2.3203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1127.341475][ T30] audit: type=1326 audit(1748460139.864:1200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16849 comm="syz.2.3203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1127.364049][ T30] audit: type=1326 audit(1748460139.864:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16849 comm="syz.2.3203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1127.387340][ T30] audit: type=1326 audit(1748460139.864:1202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16849 comm="syz.2.3203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1127.413452][ T30] audit: type=1326 audit(1748460139.874:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16849 comm="syz.2.3203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1127.453001][T11217] Bluetooth: hci1: command 0x0405 tx timeout [ 1127.459324][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 1127.491221][T16848] syzkaller1: tun_chr_ioctl cmd 35111 [ 1128.492596][T16867] 9pnet_fd: Insufficient options for proto=fd [ 1128.606932][T16868] fuse: Bad value for 'fd' [ 1129.095405][T16859] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1129.101611][T16859] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1129.159322][T16859] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1129.165811][T16859] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1130.070624][T16883] IPv4: Oversized IP packet from 127.202.26.0 [ 1130.735308][T11217] Bluetooth: hci3: command 0x0c1a tx timeout [ 1131.125355][T11217] Bluetooth: hci2: command 0x0406 tx timeout [ 1131.205055][T11217] Bluetooth: hci1: command 0x0405 tx timeout [ 1131.211244][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 1131.415658][T16891] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3210'. [ 1132.409737][T16898] syzkaller1: tun_chr_ioctl cmd 35111 [ 1133.122954][T16909] syzkaller1: tun_chr_ioctl cmd 35111 [ 1135.568705][T16928] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3228'. [ 1135.847008][T16931] netlink: 'syz.1.3228': attribute type 303 has an invalid length. [ 1136.497638][T16931] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3228'. [ 1138.322399][T16958] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3229'. [ 1139.350356][ T5984] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1139.390879][T16950] syzkaller1: tun_chr_ioctl cmd 35111 [ 1139.405951][T16964] 9pnet: Unknown protocol version 9p20\++} [ 1139.407600][ T5984] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1140.061436][T16969] bridge1: entered promiscuous mode [ 1141.246871][T16978] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1144.604526][T16985] syzkaller1: tun_chr_ioctl cmd 35111 [ 1145.095947][ T30] audit: type=1326 audit(1748460157.614:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.2.3242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1145.677570][ T30] audit: type=1326 audit(1748460157.614:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.2.3242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1145.703350][ T30] audit: type=1326 audit(1748460157.614:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.2.3242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1145.766933][ T30] audit: type=1326 audit(1748460157.614:1207): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.2.3242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1145.792232][ T30] audit: type=1326 audit(1748460157.614:1208): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.2.3242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1145.815794][ T30] audit: type=1326 audit(1748460157.624:1209): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.2.3242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1145.840874][ T30] audit: type=1326 audit(1748460157.624:1210): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.2.3242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1145.881015][ T30] audit: type=1326 audit(1748460157.624:1211): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.2.3242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1146.206042][ T30] audit: type=1326 audit(1748460157.624:1212): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.2.3242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1146.259920][ T30] audit: type=1326 audit(1748460157.624:1213): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.2.3242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff298e969 code=0x7ffc0000 [ 1147.559908][T17010] 9pnet_virtio: no channels available for device syz [ 1147.645137][ T978] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 1147.807830][ T978] usb 2-1: config index 0 descriptor too short (expected 47546, got 50) [ 1148.095286][ T978] usb 2-1: config 0 has an invalid interface number: 129 but max is 1 [ 1148.134956][ T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1148.177528][ T978] usb 2-1: config 0 has no interface number 1 [ 1148.270077][ T978] usb 2-1: config 0 interface 129 has no altsetting 0 [ 1148.288358][ T978] usb 2-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1148.301015][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1148.322474][ T978] usb 2-1: Product: syz [ 1148.334490][ T978] usb 2-1: Manufacturer: syz [ 1148.596360][ T978] usb 2-1: SerialNumber: syz [ 1149.406516][ T978] usb 2-1: config 0 descriptor?? [ 1150.735207][T17034] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3252'. [ 1151.239445][T17031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3248'. [ 1151.472694][T17044] input: syz0 as /devices/virtual/input/input40 [ 1152.486927][ T978] msi2500 2-1:0.129: Registered as swradio24 [ 1152.493074][ T978] msi2500 2-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1152.515409][T17049] syzkaller1: tun_chr_ioctl cmd 35111 [ 1152.864163][ T978] videodev: could not get a free minor [ 1152.891424][ T978] msi2500 2-1:0.0: Failed to register as video device (-23) [ 1153.551147][ T978] msi2500 2-1:0.0: probe with driver msi2500 failed with error -23 [ 1153.562120][ T978] usb 2-1: USB disconnect, device number 46 [ 1153.624176][T17069] 9pnet_virtio: no channels available for device syz [ 1153.824058][T17076] fuse: Unknown parameter '0x0000000000000003' [ 1154.005963][T17076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3265'. [ 1154.050454][T17076] bond_slave_0: entered promiscuous mode [ 1154.056243][T17076] bond_slave_1: entered promiscuous mode [ 1154.085545][T17076] macvtap1: entered promiscuous mode [ 1154.365790][T17076] bond0: entered promiscuous mode [ 1154.775502][T17076] macvtap1: entered allmulticast mode [ 1154.780961][T17076] bond0: entered allmulticast mode [ 1154.813269][T17076] bond_slave_0: entered allmulticast mode [ 1154.819456][T17076] bond_slave_1: entered allmulticast mode [ 1154.826759][T17076] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 1155.031745][T17081] bond0: left allmulticast mode [ 1155.088471][T17081] bond_slave_0: left allmulticast mode [ 1155.121814][T17081] bond_slave_1: left allmulticast mode [ 1155.135038][T17081] bond0: left promiscuous mode [ 1155.140448][T17081] bond_slave_0: left promiscuous mode [ 1155.145978][T17081] bond_slave_1: left promiscuous mode [ 1155.316676][T17089] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3267'. [ 1157.137131][ T30] kauditd_printk_skb: 43 callbacks suppressed [ 1157.137153][ T30] audit: type=1326 audit(1748460169.754:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17096 comm="syz.3.3271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1157.290286][ T30] audit: type=1326 audit(1748460169.754:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17096 comm="syz.3.3271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1157.378458][ T30] audit: type=1326 audit(1748460169.754:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17096 comm="syz.3.3271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1157.441816][ T30] audit: type=1326 audit(1748460169.754:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17096 comm="syz.3.3271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1157.501050][ T30] audit: type=1326 audit(1748460169.754:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17096 comm="syz.3.3271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1157.555492][ T30] audit: type=1326 audit(1748460169.784:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17096 comm="syz.3.3271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1157.595113][T15749] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1157.613395][ T30] audit: type=1326 audit(1748460169.784:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17096 comm="syz.3.3271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1157.754089][T15749] usb 3-1: config index 0 descriptor too short (expected 47546, got 50) [ 1157.762973][T15749] usb 3-1: config 0 has an invalid interface number: 129 but max is 1 [ 1157.805042][T15749] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1157.826145][T15749] usb 3-1: config 0 has no interface number 1 [ 1157.832310][T15749] usb 3-1: config 0 interface 129 has no altsetting 0 [ 1157.858378][T15749] usb 3-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1157.873109][T15749] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1157.883212][T15749] usb 3-1: Product: syz [ 1157.891511][T15749] usb 3-1: Manufacturer: syz [ 1157.915102][T15749] usb 3-1: SerialNumber: syz [ 1157.931423][T15749] usb 3-1: config 0 descriptor?? [ 1158.508700][T17111] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3272'. [ 1160.312422][T17118] fuse: Bad value for 'fd' [ 1161.250044][T17142] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3280'. [ 1161.593605][T15749] msi2500 3-1:0.129: Registered as swradio24 [ 1161.885069][T15749] msi2500 3-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1162.481623][T15749] videodev: could not get a free minor [ 1162.509407][T15749] msi2500 3-1:0.0: Failed to register as video device (-23) [ 1162.558738][T15749] msi2500 3-1:0.0: probe with driver msi2500 failed with error -23 [ 1162.577350][T15749] usb 3-1: USB disconnect, device number 47 [ 1162.966505][T15967] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 1164.275032][T15967] usb 2-1: Using ep0 maxpacket: 16 [ 1164.306405][T15967] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1164.325405][ T978] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 1164.683314][T15967] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1164.756910][T15967] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1164.775029][T15967] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1164.783923][T15967] usb 2-1: Product: syz [ 1164.844662][T15967] usb 2-1: Manufacturer: syz [ 1164.849558][T15967] usb 2-1: SerialNumber: syz [ 1164.998070][T15967] usb 2-1: config 0 descriptor?? [ 1165.010417][T15967] hub 2-1:0.0: bad descriptor, ignoring hub [ 1165.016503][T15967] hub 2-1:0.0: probe with driver hub failed with error -5 [ 1165.701645][T17177] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3292'. [ 1165.712239][T17177] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3292'. [ 1166.028331][T17176] netlink: 'syz.6.3294': attribute type 2 has an invalid length. [ 1166.126570][ T978] usb 4-1: device descriptor read/all, error -71 [ 1166.456858][ T30] audit: type=1326 audit(1748460179.074:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17180 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1166.495089][T17183] fuse: Bad value for 'fd' [ 1166.509789][ T30] audit: type=1326 audit(1748460179.094:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17180 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1166.541707][ T30] audit: type=1326 audit(1748460179.094:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17180 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1166.572850][T17184] vlan1: entered promiscuous mode [ 1166.578827][T17184] vlan1: entered allmulticast mode [ 1166.584074][T17184] veth0_vlan: entered allmulticast mode [ 1166.596093][ T30] audit: type=1326 audit(1748460179.094:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17180 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1166.623207][ T30] audit: type=1326 audit(1748460179.094:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17180 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1166.655572][ T30] audit: type=1326 audit(1748460179.104:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17180 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1166.743614][ T30] audit: type=1326 audit(1748460179.354:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17180 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1166.796826][ T5947] usb 2-1: USB disconnect, device number 47 [ 1166.824112][ T30] audit: type=1326 audit(1748460179.354:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17180 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f238058e969 code=0x7ffc0000 [ 1168.023521][T15967] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 1168.306749][T15967] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1168.320020][T15967] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1168.345057][T15967] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1168.371807][T15967] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1168.390163][T15967] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1168.421657][T15967] usb 7-1: config 0 descriptor?? [ 1170.003422][T17205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3302'. [ 1170.144425][T15967] usbhid 7-1:0.0: can't add hid device: -71 [ 1170.155298][T15967] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1170.196087][T15967] usb 7-1: USB disconnect, device number 10 [ 1170.729587][T17218] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3303'. [ 1170.875099][ T978] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 1171.580954][T17217] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3304'. [ 1171.679004][ T978] usb 4-1: Using ep0 maxpacket: 16 [ 1171.703861][ T978] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1171.715006][T15967] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 1171.715410][ T978] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1171.742619][ T978] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1171.789431][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1171.814836][ T978] usb 4-1: Product: syz [ 1171.825479][ T978] usb 4-1: Manufacturer: syz [ 1171.838868][ T978] usb 4-1: SerialNumber: syz [ 1171.853236][ T978] usb 4-1: config 0 descriptor?? [ 1171.872961][ T978] hub 4-1:0.0: bad descriptor, ignoring hub [ 1171.879115][ T978] hub 4-1:0.0: probe with driver hub failed with error -5 [ 1171.891822][T15967] usb 6-1: config index 0 descriptor too short (expected 47546, got 50) [ 1171.906577][T15967] usb 6-1: config 0 has an invalid interface number: 129 but max is 1 [ 1171.952256][T15967] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1171.964308][T15967] usb 6-1: config 0 has no interface number 1 [ 1172.053139][T15967] usb 6-1: config 0 interface 129 has no altsetting 0 [ 1176.120492][T15967] usb 6-1: string descriptor 0 read error: -71 [ 1176.126979][T15967] usb 6-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1176.136966][T15967] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1176.156002][T15967] usb 6-1: config 0 descriptor?? [ 1176.218452][T15967] usb 6-1: can't set config #0, error -71 [ 1176.232862][T15967] usb 6-1: USB disconnect, device number 29 [ 1176.276780][ T978] usb 4-1: USB disconnect, device number 45 [ 1177.369165][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.375584][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.537805][ T30] audit: type=1326 audit(1748460190.144:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17244 comm="syz.1.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1177.604291][ T30] audit: type=1326 audit(1748460190.144:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17244 comm="syz.1.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1177.691478][ T30] audit: type=1326 audit(1748460190.154:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17244 comm="syz.1.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1177.775285][ T5947] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 1177.788690][ T30] audit: type=1326 audit(1748460190.154:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17244 comm="syz.1.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1177.930497][ T30] audit: type=1326 audit(1748460190.154:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17244 comm="syz.1.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1177.967754][ T30] audit: type=1326 audit(1748460190.174:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17244 comm="syz.1.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1178.006264][ T5947] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1178.033540][ T5947] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1178.064095][ T30] audit: type=1326 audit(1748460190.174:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17244 comm="syz.1.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1178.094708][ T30] audit: type=1326 audit(1748460190.174:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17244 comm="syz.1.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1178.137642][ T30] audit: type=1326 audit(1748460190.174:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17244 comm="syz.1.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1179.088434][ T5947] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1179.102478][ T5947] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1179.111760][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1179.122823][ T5947] usb 6-1: config 0 descriptor?? [ 1179.153087][ T30] audit: type=1326 audit(1748460190.184:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17244 comm="syz.1.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1180.671753][T17265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3322'. [ 1180.729710][ T5947] usbhid 6-1:0.0: can't add hid device: -71 [ 1180.763733][ T5947] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1180.815366][ T5947] usb 6-1: USB disconnect, device number 30 [ 1181.162360][ T5876] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 1182.405023][ T5876] usb 7-1: Using ep0 maxpacket: 16 [ 1182.414481][ T5876] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1182.431524][ T5876] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1182.466583][ T5876] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1182.484345][ T5876] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1182.713431][ T5876] usb 7-1: Product: syz [ 1182.743972][ T5876] usb 7-1: Manufacturer: syz [ 1182.754123][ T5876] usb 7-1: SerialNumber: syz [ 1182.772201][ T5876] usb 7-1: config 0 descriptor?? [ 1182.781097][ T5876] hub 7-1:0.0: bad descriptor, ignoring hub [ 1182.791078][ T5876] hub 7-1:0.0: probe with driver hub failed with error -5 [ 1183.213688][T17286] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1187.476055][ T5833] usb 7-1: USB disconnect, device number 11 [ 1188.595510][T17300] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1191.818456][T11527] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1192.077135][T11527] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1192.092256][T11527] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1192.102827][T11527] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1192.161967][T11527] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1192.203230][T11527] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1192.245117][T11527] usb 3-1: config 0 descriptor?? [ 1192.464422][T17322] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3339'. [ 1192.473559][T17322] bridge: RTM_NEWNEIGH with invalid ether address [ 1193.858866][T11527] usbhid 3-1:0.0: can't add hid device: -71 [ 1193.874214][T11527] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1193.905301][T11527] usb 3-1: USB disconnect, device number 48 [ 1195.084977][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 1195.084997][ T30] audit: type=1326 audit(1748460207.694:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17332 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 1195.198022][ T30] audit: type=1326 audit(1748460207.734:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17332 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 1195.293431][ T30] audit: type=1326 audit(1748460207.744:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17332 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 1195.378396][ T30] audit: type=1326 audit(1748460207.744:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17332 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 1195.663006][ T30] audit: type=1326 audit(1748460207.744:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17332 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 1195.714040][ T30] audit: type=1326 audit(1748460207.744:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17332 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 1195.786746][ T30] audit: type=1326 audit(1748460207.744:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17332 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 1195.951362][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1195.962596][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1195.973357][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1195.985819][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1195.994718][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1196.055752][ T30] audit: type=1326 audit(1748460207.744:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17332 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 1196.425639][ T30] audit: type=1326 audit(1748460207.744:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17332 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 1196.467743][ T30] audit: type=1326 audit(1748460207.744:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17332 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f1774d8e969 code=0x7ffc0000 [ 1198.175950][ T5825] Bluetooth: hci4: command tx timeout [ 1198.245863][T15967] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 1199.135199][T15967] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1199.162471][T15967] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1199.208340][T15967] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1199.243977][T15967] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1199.268289][T15967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1199.323938][T15967] usb 2-1: config 0 descriptor?? [ 1199.553461][T17380] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3359'. [ 1199.579139][T16539] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1199.951562][T17386] lo speed is unknown, defaulting to 1000 [ 1199.982476][T16539] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1200.049430][T15967] usbhid 2-1:0.0: can't add hid device: -71 [ 1200.073233][T15967] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1200.235112][T17386] lo speed is unknown, defaulting to 1000 [ 1200.245164][ T5825] Bluetooth: hci4: command tx timeout [ 1200.252058][T15967] usb 2-1: USB disconnect, device number 48 [ 1200.309053][T17386] lo speed is unknown, defaulting to 1000 [ 1200.520143][T16539] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1200.549901][T17386] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1200.609768][T17350] chnl_net:caif_netlink_parms(): no params data found [ 1200.699724][T16539] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1200.783040][T17386] lo speed is unknown, defaulting to 1000 [ 1202.045043][T17386] lo speed is unknown, defaulting to 1000 [ 1202.409233][T17399] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 1202.425344][ T5825] Bluetooth: hci4: command tx timeout [ 1202.503110][T17386] lo speed is unknown, defaulting to 1000 [ 1202.679405][T17386] lo speed is unknown, defaulting to 1000 [ 1202.906901][T17350] bridge0: port 1(bridge_slave_0) entered blocking state [ 1202.914099][T17350] bridge0: port 1(bridge_slave_0) entered disabled state [ 1203.003839][T17350] bridge_slave_0: entered allmulticast mode [ 1203.029308][T17350] bridge_slave_0: entered promiscuous mode [ 1203.053982][T17386] lo speed is unknown, defaulting to 1000 [ 1203.081573][T17350] bridge0: port 2(bridge_slave_1) entered blocking state [ 1203.096884][T17350] bridge0: port 2(bridge_slave_1) entered disabled state [ 1203.109729][T17350] bridge_slave_1: entered allmulticast mode [ 1203.132900][T17350] bridge_slave_1: entered promiscuous mode [ 1203.185902][T17386] lo speed is unknown, defaulting to 1000 [ 1203.312723][T17350] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1203.360743][T16539] bridge_slave_1: left allmulticast mode [ 1203.374344][T16539] bridge_slave_1: left promiscuous mode [ 1203.390839][T16539] bridge0: port 2(bridge_slave_1) entered disabled state [ 1203.436857][T16539] bridge_slave_0: left allmulticast mode [ 1203.443375][T16539] bridge_slave_0: left promiscuous mode [ 1203.452673][T16539] bridge0: port 1(bridge_slave_0) entered disabled state [ 1203.635041][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1203.635058][ T30] audit: type=1804 audit(1748460216.234:1323): pid=17416 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.3366" name="/newroot/45/file0/bus/bus" dev="ramfs" ino=68910 res=1 errno=0 [ 1203.708439][ T30] audit: type=1804 audit(1748460216.234:1324): pid=17416 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.3366" name="/newroot/45/file0/bus/bus" dev="ramfs" ino=68910 res=1 errno=0 [ 1203.882373][T15749] usb 3-1: new full-speed USB device number 49 using dummy_hcd [ 1204.123912][T15749] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1204.603168][ T5825] Bluetooth: hci4: command tx timeout [ 1204.635119][T15749] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1204.657616][T15749] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1204.667020][T15749] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1204.686359][T15749] usb 3-1: Product: syz [ 1204.694967][T15749] usb 3-1: Manufacturer: syz [ 1204.699841][T15749] usb 3-1: SerialNumber: syz [ 1205.754479][T15749] usb 3-1: 0:2 : does not exist [ 1205.788947][T15749] usb 3-1: USB disconnect, device number 49 [ 1206.399301][T16539] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1206.432475][T16539] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1206.462118][T16539] bond0 (unregistering): Released all slaves [ 1206.519021][T17350] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1207.241085][T17350] team0: Port device team_slave_0 added [ 1208.058198][T17436] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3372'. [ 1208.231016][T17350] team0: Port device team_slave_1 added [ 1208.483625][T17441] vlan1: entered promiscuous mode [ 1208.661424][T17441] vlan1: entered allmulticast mode [ 1208.694499][T17441] veth0_vlan: entered allmulticast mode [ 1208.721775][T17350] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1208.744927][T17350] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1208.778874][T17350] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1208.801296][T17350] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1208.828773][T17350] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1208.920213][T17350] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1209.158887][T17350] hsr_slave_0: entered promiscuous mode [ 1209.166037][T17350] hsr_slave_1: entered promiscuous mode [ 1209.172768][T17350] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1209.180512][T17350] Cannot create hsr debugfs directory [ 1209.219267][T16539] hsr_slave_0: left promiscuous mode [ 1209.232130][T16539] hsr_slave_1: left promiscuous mode [ 1209.242654][T16539] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1209.260774][T16539] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1209.679829][T16539] veth1_macvtap: left promiscuous mode [ 1210.351248][T16539] veth0_macvtap: left promiscuous mode [ 1210.357479][T16539] veth1_vlan: left promiscuous mode [ 1210.362833][T16539] veth0_vlan: left promiscuous mode [ 1213.328606][T16539] team0 (unregistering): Port device team_slave_1 removed [ 1213.386036][T16539] team0 (unregistering): Port device team_slave_0 removed [ 1215.859767][T17481] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1216.491695][ T5931] lo speed is unknown, defaulting to 1000 [ 1216.774258][T17350] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1216.863760][T17350] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1217.831984][T17350] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1218.000682][T17350] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1219.066161][T17350] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1219.127819][ T30] audit: type=1326 audit(1748460231.744:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17509 comm="syz.1.3395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1219.193513][T17350] 8021q: adding VLAN 0 to HW filter on device team0 [ 1219.239028][ T30] audit: type=1326 audit(1748460231.774:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17509 comm="syz.1.3395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1219.260785][ T30] audit: type=1326 audit(1748460231.774:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17509 comm="syz.1.3395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1219.307562][T16539] bridge0: port 1(bridge_slave_0) entered blocking state [ 1219.314807][T16539] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1219.392506][T16539] bridge0: port 2(bridge_slave_1) entered blocking state [ 1219.399773][T16539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1219.473621][T17350] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1219.488955][T17350] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1219.667700][T17512] tipc: Started in network mode [ 1219.673453][T17512] tipc: Node identity 26ced123dd37, cluster identity 4711 [ 1219.684180][T17512] tipc: Enabled bearer , priority 0 [ 1219.979069][T17511] tipc: Resetting bearer [ 1220.898452][T11527] tipc: Node number set to 4227453219 [ 1223.259491][T17511] tipc: Disabling bearer [ 1223.762152][T17350] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1226.063709][T17531] lo speed is unknown, defaulting to 1000 [ 1226.095147][ T5876] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 1226.279809][ T5876] usb 2-1: config index 0 descriptor too short (expected 47546, got 50) [ 1226.304406][ T5876] usb 2-1: config 0 has an invalid interface number: 129 but max is 1 [ 1226.329088][ T5876] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1226.352215][ T5876] usb 2-1: config 0 has no interface number 1 [ 1226.365860][ T5876] usb 2-1: config 0 interface 129 has no altsetting 0 [ 1226.378463][ T5876] usb 2-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e [ 1226.388125][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1226.405285][ T5876] usb 2-1: Product: syz [ 1226.414113][ T5876] usb 2-1: Manufacturer: syz [ 1226.425037][ T5876] usb 2-1: SerialNumber: syz [ 1226.442213][ T5876] usb 2-1: config 0 descriptor?? [ 1226.682209][T17350] veth0_vlan: entered promiscuous mode [ 1226.696316][T17350] veth1_vlan: entered promiscuous mode [ 1226.727437][T17350] veth0_macvtap: entered promiscuous mode [ 1226.737925][T17350] veth1_macvtap: entered promiscuous mode [ 1226.977726][T17559] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1227.859622][T17350] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1227.925115][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 1228.104130][T17350] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1228.118490][T17350] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1228.131336][T17350] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1228.635423][T17350] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1228.956437][T17350] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.448246][T17569] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 1229.448246][T17569] program syz.5.3410 not setting count and/or reply_len properly [ 1229.615218][ T5876] msi2500 2-1:0.129: Registered as swradio24 [ 1229.628412][ T5876] msi2500 2-1:0.129: SDR API is still slightly experimental and functionality changes may follow [ 1229.855477][ T5876] videodev: could not get a free minor [ 1229.861003][ T5876] msi2500 2-1:0.0: Failed to register as video device (-23) [ 1229.868934][T17596] ptrace attach of "./syz-executor exec"[17598] was attempted by "./syz-executor exec"[17596] [ 1229.883646][T17597] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3417'. [ 1229.883677][ T5876] msi2500 2-1:0.0: probe with driver msi2500 failed with error -23 [ 1229.936367][ T5876] usb 2-1: USB disconnect, device number 49 [ 1230.027895][ T5947] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 1230.044706][T17600] netlink: 'syz.1.3417': attribute type 303 has an invalid length. [ 1230.065140][T17600] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3417'. [ 1230.116298][T17597] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3417'. [ 1230.206635][ T5947] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1230.217570][ T5947] usb 6-1: config 0 has no interfaces? [ 1230.223948][ T5947] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1230.233459][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1230.253981][ T5947] usb 6-1: config 0 descriptor?? [ 1231.509547][ T5947] usb 6-1: USB disconnect, device number 31 [ 1233.062231][T17609] xt_CT: No such helper "snmp_trap" [ 1233.504963][ T5947] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 1233.615607][ T1318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1233.618488][T17600] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 1233.627415][ T1318] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1233.640543][T17600] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 1233.651945][T17600] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1233.687980][ T5947] usb 6-1: Using ep0 maxpacket: 16 [ 1233.719643][ T5947] usb 6-1: config 1 has an invalid descriptor of length 235, skipping remainder of the config [ 1233.746040][ T5947] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 1233.764095][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1233.780207][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1233.795308][ T5947] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 1233.831199][ T5947] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1233.845091][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1233.860099][ T5947] usb 6-1: SerialNumber: syz [ 1234.351417][T17622] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3422'. [ 1235.600955][ T5947] usb 6-1: USB disconnect, device number 32 [ 1235.842569][T17633] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3426'. [ 1235.852014][T17633] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3426'. [ 1238.070110][T17643] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 1238.070110][T17643] program syz.1.3425 not setting count and/or reply_len properly [ 1239.320113][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.326685][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1240.773237][T17659] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3433'. [ 1240.894800][T17664] netlink: 'syz.7.3433': attribute type 303 has an invalid length. [ 1240.909792][T17664] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3433'. [ 1241.259623][T17671] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3434'. [ 1242.849549][T17677] syz.1.3438: attempt to access beyond end of device [ 1242.849549][T17677] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1242.865298][ T30] audit: type=1326 audit(1748460255.454:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17670 comm="syz.1.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1242.905067][ T30] audit: type=1326 audit(1748460255.454:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17670 comm="syz.1.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1242.939946][T17677] FAT-fs (loop3): unable to read boot sector [ 1243.441760][ T30] audit: type=1326 audit(1748460255.454:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17670 comm="syz.1.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1243.473836][ T30] audit: type=1326 audit(1748460255.454:1331): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=17670 comm="syz.1.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1243.500316][ T30] audit: type=1326 audit(1748460255.454:1332): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=17670 comm="syz.1.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1243.538892][ T30] audit: type=1326 audit(1748460255.454:1333): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=17670 comm="syz.1.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1243.568532][ T30] audit: type=1326 audit(1748460255.454:1334): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=17670 comm="syz.1.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1243.596649][ T30] audit: type=1326 audit(1748460255.454:1335): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=17670 comm="syz.1.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1243.639824][ T30] audit: type=1326 audit(1748460255.454:1336): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=17670 comm="syz.1.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1243.708251][ T30] audit: type=1326 audit(1748460255.454:1337): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=17670 comm="syz.1.3438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8bd8e969 code=0x7ffc0000 [ 1243.778667][T17686] fuse: Unknown parameter 'use00000000000000000000' [ 1246.069190][T17702] 9pnet: Unknown protocol version 9p20\++} [ 1247.246476][T17705] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 1247.246476][T17705] program syz.5.3447 not setting count and/or reply_len properly [ 1251.238119][T17755] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3460'. [ 1251.247371][T17755] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3460'. [ 1252.224623][T17760] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3461'. [ 1254.223612][T17762] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3465'. [ 1257.296492][T17770] tipc: New replicast peer: 10.1.1.2 [ 1257.304031][T17770] tipc: Enabled bearer , priority 10 [ 1258.223948][T17774] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3469'. [ 1258.422918][T17775] netlink: 'syz.2.3469': attribute type 303 has an invalid length. [ 1258.463448][T17775] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3469'. [ 1259.032974][T17784] pim6reg1: entered promiscuous mode [ 1259.065771][T17784] pim6reg1: entered allmulticast mode [ 1259.406461][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 1259.406484][ T30] audit: type=1800 audit(1748460272.004:1351): pid=17793 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.7.3476" name="bus" dev="overlay" ino=81 res=0 errno=0 [ 1259.679080][T17799] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3475'. [ 1259.688454][T17799] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3475'. [ 1261.050377][T17812] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1262.265108][ T978] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 1263.352830][T17809] syz.6.3479: attempt to access beyond end of device [ 1263.352830][T17809] loop6: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 1263.366206][T17809] gfs2: error -5 reading superblock [ 1263.543563][T17822] dummy0: entered promiscuous mode [ 1263.560498][T17822] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3485'. [ 1263.580061][T17824] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3486'. [ 1263.674484][T17822] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 [ 1263.805460][T17822] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 17822, name: syz.7.3485 [ 1263.883598][T17822] preempt_count: 0, expected: 0 [ 1264.793117][T17826] netlink: 'syz.1.3486': attribute type 303 has an invalid length. [ 1264.904960][T17822] RCU nest depth: 1, expected: 0 [ 1265.336676][T17826] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3486'. [ 1265.345672][T17822] 2 locks held by syz.7.3485/17822: [ 1265.345730][T17822] #0: ffffffff8f2f3708 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x331/0x710 [ 1265.345824][T17822] #1: ffffffff8df3ccc0 (rcu_read_lock){....}-{1:3}, at: packet_notifier+0x78/0xa60 [ 1265.345921][T17822] CPU: 1 UID: 0 PID: 17822 Comm: syz.7.3485 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 1265.345950][T17822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1265.345977][T17822] Call Trace: [ 1265.345986][T17822] [ 1265.345999][T17822] dump_stack_lvl+0x189/0x250 [ 1265.346038][T17822] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1265.346080][T17822] ? print_lock_name+0xde/0x100 [ 1265.346123][T17822] __might_resched+0x495/0x610 [ 1265.346158][T17822] ? __virt_addr_valid+0x1c1/0x5c0 [ 1265.346192][T17822] ? __pfx___might_resched+0x10/0x10 [ 1265.346226][T17822] ? call_rcu+0x6dd/0x990 [ 1265.346255][T17822] ? lockdep_hardirqs_on+0x9c/0x150 [ 1265.346300][T17822] __mutex_lock+0x106/0xe80 [ 1265.346341][T17822] ? __pfx_call_rcu+0x10/0x10 [ 1265.346378][T17822] ? dev_set_promiscuity+0x10e/0x260 [ 1265.346418][T17822] ? __pfx___mutex_lock+0x10/0x10 [ 1265.346469][T17822] ? packet_notifier+0x78/0xa60 [ 1265.346501][T17822] ? __pfx_addrconf_ifdown+0x10/0x10 [ 1265.346534][T17822] dev_set_promiscuity+0x10e/0x260 [ 1265.346587][T17822] packet_notifier+0x292/0xa60 [ 1265.346624][T17822] ? packet_notifier+0x78/0xa60 [ 1265.346656][T17822] notifier_call_chain+0x1b6/0x3e0 [ 1265.346703][T17822] unregister_netdevice_many_notify+0x15d8/0x2330 [ 1265.346749][T17822] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1265.346784][T17822] ? stack_depot_save_flags+0x40/0x900 [ 1265.346817][T17822] ? rtnl_dellink+0x331/0x710 [ 1265.346855][T17822] ? unregister_netdevice_queue+0x1b3/0x380 [ 1265.346891][T17822] ? __nla_parse+0x40/0x60 [ 1265.346930][T17822] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1265.346954][T17822] rtnl_dellink+0x488/0x710 [ 1265.346992][T17822] ? __pfx_rtnl_dellink+0x10/0x10 [ 1265.347163][T17822] ? __pfx_rtnl_dellink+0x10/0x10 [ 1265.347195][T17822] rtnetlink_rcv_msg+0x7cf/0xb70 [ 1265.347234][T17822] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1265.347264][T17822] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1265.347301][T17822] ? ref_tracker_free+0x63a/0x7d0 [ 1265.347333][T17822] ? __copy_skb_header+0xa7/0x550 [ 1265.347370][T17822] netlink_rcv_skb+0x21c/0x490 [ 1265.347405][T17822] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1265.347441][T17822] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1265.347498][T17822] ? netlink_deliver_tap+0x2e/0x1b0 [ 1265.347531][T17822] ? netlink_deliver_tap+0x2e/0x1b0 [ 1265.347571][T17822] netlink_unicast+0x758/0x8d0 [ 1265.347616][T17822] netlink_sendmsg+0x805/0xb30 [ 1265.347661][T17822] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1265.347707][T17822] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1265.347730][T17822] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1265.347787][T17822] __sock_sendmsg+0x219/0x270 [ 1265.347821][T17822] ____sys_sendmsg+0x505/0x830 [ 1265.347868][T17822] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1265.347920][T17822] ? import_iovec+0x74/0xa0 [ 1265.347950][T17822] ___sys_sendmsg+0x21f/0x2a0 [ 1265.347991][T17822] ? __pfx____sys_sendmsg+0x10/0x10 [ 1265.348075][T17822] ? __fget_files+0x2a/0x420 [ 1265.348112][T17822] ? __fget_files+0x3a0/0x420 [ 1265.348161][T17822] __x64_sys_sendmsg+0x19b/0x260 [ 1265.348188][T17822] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1265.348225][T17822] ? rcu_is_watching+0x15/0xb0 [ 1265.348262][T17822] ? do_syscall_64+0xbe/0x3b0 [ 1265.348303][T17822] do_syscall_64+0xfa/0x3b0 [ 1265.348337][T17822] ? lockdep_hardirqs_on+0x9c/0x150 [ 1265.348370][T17822] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1265.348395][T17822] ? clear_bhb_loop+0x60/0xb0 [ 1265.348425][T17822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1265.348448][T17822] RIP: 0033:0x7fc463b8e969 [ 1265.348478][T17822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1265.348500][T17822] RSP: 002b:00007fc4649a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1265.348524][T17822] RAX: ffffffffffffffda RBX: 00007fc463db5fa0 RCX: 00007fc463b8e969 [ 1265.348544][T17822] RDX: 0000000020040000 RSI: 00002000000003c0 RDI: 0000000000000005 [ 1265.348560][T17822] RBP: 00007fc463c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1265.348575][T17822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1265.348588][T17822] R13: 0000000000000000 R14: 00007fc463db5fa0 R15: 00007ffeabafeb08 [ 1265.348626][T17822] [ 1265.795344][T17822] [ 1265.797722][T17822] ============================= [ 1265.802700][T17822] [ BUG: Invalid wait context ] [ 1265.807592][T17822] 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 Tainted: G W [ 1265.815963][T17822] ----------------------------- [ 1265.820827][T17822] syz.7.3485/17822 is trying to lock: [ 1265.826199][T17822] ffff88805e72cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: dev_set_promiscuity+0x10e/0x260 [ 1265.836596][T17822] other info that might help us debug this: [ 1265.842491][T17822] context-{5:5} [ 1265.845964][T17822] 2 locks held by syz.7.3485/17822: [ 1265.851167][T17822] #0: ffffffff8f2f3708 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x331/0x710 [ 1265.860171][T17822] #1: ffffffff8df3ccc0 (rcu_read_lock){....}-{1:3}, at: packet_notifier+0x78/0xa60 [ 1265.869632][T17822] stack backtrace: [ 1265.873360][T17822] CPU: 0 UID: 0 PID: 17822 Comm: syz.7.3485 Tainted: G W 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 1265.873388][T17822] Tainted: [W]=WARN [ 1265.873394][T17822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1265.873406][T17822] Call Trace: [ 1265.873413][T17822] [ 1265.873423][T17822] dump_stack_lvl+0x189/0x250 [ 1265.873452][T17822] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1265.873476][T17822] ? __pfx__printk+0x10/0x10 [ 1265.873507][T17822] ? print_lock_name+0xde/0x100 [ 1265.873534][T17822] __lock_acquire+0xbcb/0xd20 [ 1265.873557][T17822] ? dev_set_promiscuity+0x10e/0x260 [ 1265.873583][T17822] lock_acquire+0x120/0x360 [ 1265.873601][T17822] ? dev_set_promiscuity+0x10e/0x260 [ 1265.873627][T17822] ? call_rcu+0x6dd/0x990 [ 1265.873654][T17822] __mutex_lock+0x182/0xe80 [ 1265.873680][T17822] ? dev_set_promiscuity+0x10e/0x260 [ 1265.873706][T17822] ? __pfx_call_rcu+0x10/0x10 [ 1265.873730][T17822] ? dev_set_promiscuity+0x10e/0x260 [ 1265.873757][T17822] ? __pfx___mutex_lock+0x10/0x10 [ 1265.873793][T17822] ? packet_notifier+0x78/0xa60 [ 1265.873816][T17822] ? __pfx_addrconf_ifdown+0x10/0x10 [ 1265.873838][T17822] dev_set_promiscuity+0x10e/0x260 [ 1265.873866][T17822] packet_notifier+0x292/0xa60 [ 1265.873890][T17822] ? packet_notifier+0x78/0xa60 [ 1265.873913][T17822] notifier_call_chain+0x1b6/0x3e0 [ 1265.873940][T17822] unregister_netdevice_many_notify+0x15d8/0x2330 [ 1265.873966][T17822] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1265.873987][T17822] ? stack_depot_save_flags+0x40/0x900 [ 1265.874009][T17822] ? rtnl_dellink+0x331/0x710 [ 1265.874036][T17822] ? unregister_netdevice_queue+0x1b3/0x380 [ 1265.874059][T17822] ? __nla_parse+0x40/0x60 [ 1265.874086][T17822] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1265.874104][T17822] rtnl_dellink+0x488/0x710 [ 1265.874129][T17822] ? __pfx_rtnl_dellink+0x10/0x10 [ 1265.874190][T17822] ? __pfx_rtnl_dellink+0x10/0x10 [ 1265.874212][T17822] rtnetlink_rcv_msg+0x7cf/0xb70 [ 1265.874236][T17822] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1265.874257][T17822] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1265.874281][T17822] ? ref_tracker_free+0x63a/0x7d0 [ 1265.874304][T17822] ? __copy_skb_header+0xa7/0x550 [ 1265.874324][T17822] netlink_rcv_skb+0x21c/0x490 [ 1265.874348][T17822] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1265.874371][T17822] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1265.874402][T17822] ? netlink_deliver_tap+0x2e/0x1b0 [ 1265.874425][T17822] ? netlink_deliver_tap+0x2e/0x1b0 [ 1265.874450][T17822] netlink_unicast+0x758/0x8d0 [ 1265.874475][T17822] netlink_sendmsg+0x805/0xb30 [ 1265.874502][T17822] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1265.874530][T17822] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1265.874545][T17822] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1265.874569][T17822] __sock_sendmsg+0x219/0x270 [ 1265.874590][T17822] ____sys_sendmsg+0x505/0x830 [ 1265.874620][T17822] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1265.874651][T17822] ? import_iovec+0x74/0xa0 [ 1265.874668][T17822] ___sys_sendmsg+0x21f/0x2a0 [ 1265.874696][T17822] ? __pfx____sys_sendmsg+0x10/0x10 [ 1265.874739][T17822] ? __fget_files+0x2a/0x420 [ 1265.874765][T17822] ? __fget_files+0x3a0/0x420 [ 1265.874801][T17822] __x64_sys_sendmsg+0x19b/0x260 [ 1265.874817][T17822] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1265.874837][T17822] ? rcu_is_watching+0x15/0xb0 [ 1265.874864][T17822] ? do_syscall_64+0xbe/0x3b0 [ 1265.874894][T17822] do_syscall_64+0xfa/0x3b0 [ 1265.874919][T17822] ? lockdep_hardirqs_on+0x9c/0x150 [ 1265.874942][T17822] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1265.874960][T17822] ? clear_bhb_loop+0x60/0xb0 [ 1265.874979][T17822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1265.874996][T17822] RIP: 0033:0x7fc463b8e969 [ 1265.875014][T17822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1265.875031][T17822] RSP: 002b:00007fc4649a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1265.875051][T17822] RAX: ffffffffffffffda RBX: 00007fc463db5fa0 RCX: 00007fc463b8e969 [ 1265.875064][T17822] RDX: 0000000020040000 RSI: 00002000000003c0 RDI: 0000000000000005 [ 1265.875076][T17822] RBP: 00007fc463c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1265.875087][T17822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1265.875097][T17822] R13: 0000000000000000 R14: 00007fc463db5fa0 R15: 00007ffeabafeb08 [ 1265.875117][T17822] [ 1266.329457][T17822] dummy0 (unregistering): left promiscuous mode