last executing test programs: 12.995870224s ago: executing program 1 (id=201): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x4, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x0, 0x7, 0x6361, 0x5, 0x1}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xe941, 0xfffffff9, 0x7fffffff, 0x6}}]}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 12.717589108s ago: executing program 1 (id=204): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, 0x0) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1}) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000040)={0x7, 0x2, 0x7, 0x4d942c23, 0x4, 0x3}) 12.59065569s ago: executing program 1 (id=205): r0 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef0100"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r3 = syz_open_procfs(0x0, 0x0) unshare(0x26020480) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) pread64(r3, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05"], 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0xfffffffc}, 0x10}, 0x94) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000440)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$rtc(0xffffffffffffff9c, 0x0, 0x400, 0x0) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10) 10.001969369s ago: executing program 4 (id=210): creat(0x0, 0x80166a87e08db6a7) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)={0x2c, r5, 0x301, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040005}, 0x40040) 9.062251393s ago: executing program 4 (id=211): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000c40)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000002018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000007b110000000000008500000005000000bf0900000000000045090100000003709500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0xd, 0x100b, &(0x7f0000001e40)=""/4107}, 0x94) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000080)={0x2ffc, 0x4000006, 0xfffffefc, 0x6}, 0x10) prlimit64(0x0, 0x0, &(0x7f0000000180)={0x0, 0x8}, &(0x7f0000000580)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000440), 0x43201, 0x0) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) write$P9_RSTATu(r4, &(0x7f0000000580)={0x239, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {0x0, 0x0, 0x6}, 0x0, 0x0, 0xfffffffd, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x78, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x2) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYRES32, @ANYRESHEX, @ANYRESOCT=r1, @ANYRES16=r1, @ANYBLOB="dec9f982118e74ded3294ce04e49160fd06d2af685cb84941594a647a4eeb9ed0b448d5db8e0769cce135eacef2e5b4729e2afca63d1c910b6bf916169faa72550e40ebfcd737a7c0638013c235078bd4088e320a84d4bb412a1f5ff09461b21f0dae0e243139c2f4efae50ef8a2f3644f6bd7dde602793c086fb8c597416d381f340e3ed50134868fde4f3a65a93ab17d9a56772d8a75f2fab41ae85f4023a9a2629aa69034d64683d7e57e8900c3d2e284b5af19333eb1d68512c06d9d6f831c6f191035aa22cd586f177860e676205a131c8a169cf776d405f299423cc3dba61f2a7d0af4e61f1855c4e696506fb99b", @ANYRESOCT], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x804) 7.850945502s ago: executing program 4 (id=216): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x2000081, &(0x7f0000000080)=ANY=[@ANYRES8=0x0, @ANYRES8, @ANYRES64, @ANYRES64=0x0], 0x0, 0x23e, &(0x7f0000000bc0)="$eJzs3ctqE3EUB+AzSXrTRbJwJYIDunBV2j5BilQQu1KyUBdabBVJQkEh0AoGVz6B7yH4HG58D6E7XRRGJpM2raTaYC6lft8mh5n5zTmTTMhq/nl+o93c3v38KnqSKNWjnhxE1KLU27IQAMBl8zPL4iArjJaslCY1EwAwWef8/V+a4kgAwIQ9evzkwfrm5sbDNF2MaH/sNJIoXov96y/jdbRiJ1aiGocR2bGivnd/cyMqaa4Wt9vdTiNPtp997Z9//XtEL78a1agNz6+mhRP5bqcxF1f6/et5fi2qcW14fm1IPhrzcefWifmXoxrfXsRutGI78uwg/341Te9mn368e5pPnOeTbqex0DtuICtP/cMBAAAAAAAAAAAAAAAAAAAAAODSWk7TNM2yL1mWZd1T6++UD3v7l9MjtdPr8xT5s9YH6p5YX2clb5EUxw/ylbheicosrx0AAAAAAAAAAAAAAAAAAAAuird7+82tVmvnzXGxFL9vGb04eqz/X88z/iLK/dFaScQFmKdXLOXzTKfXzRixV33EFlHa228e3V3NrST+klqc0E2SDbn9ymem5sfUff7qeK8iiYi54zfzTweXYm7M3xQAAAAAAAAAAAAAAAAAAGDKBg/9Dtn5YQYDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAMDP7/f4Si2w+fMzXjSwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA/8CsAAP//Kkx4mw==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, 0x0, 0x0) pipe2$9p(0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) ioperm(0x0, 0xab4d, 0x8) 7.667285024s ago: executing program 0 (id=217): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x339) close_range(r0, 0xffffffffffffffff, 0x0) 7.347846139s ago: executing program 0 (id=219): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000019080)={[{@nodioread_nolock}, {@min_batch_time}, {@barrier_val={'barrier', 0x3d, 0x3ff}}, {@noblock_validity}]}, 0x5, 0x795, &(0x7f0000000cc0)="$eJzs3c9rXNUeAPDvnSRNk/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTsmgRwY2g4kLQTdf+qDu3/tjqf+FCWqqmxYoLidyZO+20mUmTNjOj5vOBmznn3js553vP/XHunMtMAHvWRPonF3EoIt5NIsay+UlEDNVTgxEnGuvdXl8rplMSGxuv/pzU17m1vlaMlvekDmSZ/0fEN29FHM415g+3lFtdWZ0vlMulpSw/VVs4P1VdWT1ybqEwV5orLR6bnpk5evyZ48d2L9Zfv189eP29l578/MTvb/7v6jvfJnEiDmbLWuPYLRMxkW2ToXQT3uPF3S6sz5J+V4CHkh6aA42jPA7FWAzUUx2M9LJmAEC3bAAAe1CiDwAAe0zzc4Bb62vF5tTfTyR668YLEbG/EX9zfLOxZDAbs9tfHwcdvZXcMzKSRMT4LpQ/EREff/n6p+kUWTu0G0szvgbstkuXI+LM+MTm83+y6ZmFnXpqq4UbjadBJu6bvdeuP9BPX6X9n2fb9f9yd/o/0ab/M9zm2H0YDz7+c9d2oZiO0v7f8y3Ptt1uiT8zPpDl/lXv8w0lZ8+VS+m57d8RMRlDw2l+ur5q+17a5M0/bnYqv7X/98v7b3ySlp++3l0jd21w+N73zA7XCo8ad9ONyxGPDbaLP7nT/kmH/u+pbZbx8nNvf9RpWRp/Gm9z2hx/d21ciXiibfvfbctky+cTp+q7w1Rzp2jjix8+HO1Ufmv7p1NafvNeoBfS9h/dOv7xpPV5zerOy/juytjXnZY9OP42+3+hVtiXvFZP78vmXSzUakvTEfuSVzbPP3r3vc18c/00/snH2x//jWLb7//pPeGZbcY/eP2nzx4+/u5K45/dUfvvPHH19vxAp/K31/4z9dRkNidt/wfFtd0KPsq2AwAAAAAAAAAAAAAAAAAAAAAAAIDtykXEwUhy+TvpXC6fb/yG939jNFeuVGuHz1aWF2ej/lvZ4zGUa37V5VjL96FOZ9+H38wfvS//dET8JyI+GB6p5/PFSnm238EDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOZAh9//T/043O/aAQBds7/fFQAAes71HwD2np1d/0e6Vg8AoHfc/wPA3rPt6/+Z7tYDAOgd9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02amTJ9Np47f1tWKan72wsjxfuXBktlSdzy8sF/PFytL5/FylMlcu5YuVhY7/6FLjpVypnJ+JxeWLU7VStTZVXVk9vVBZXqydPrdQmCudLg31LDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L7qyup8oVwuLUlsmRhJE4PZRvsL1KffiUEb4R+eaD1LjPTn5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwN/BnAAAA//+9uipa") prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) sendmmsg$inet(r6, &(0x7f00000039c0)=[{{&(0x7f0000000800)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r6, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) 7.197235272s ago: executing program 3 (id=220): timer_create(0x3, 0x0, &(0x7f0000044000)) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x10000, 0x2, 0x802ce}, &(0x7f0000000000), &(0x7f0000000280)) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) timer_create(0x7, 0x0, &(0x7f0000000080)) timer_settime(0x0, 0x1, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)) timer_settime(0x0, 0x1, 0x0, &(0x7f0000000180)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48) r3 = socket$kcm(0x29, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000003600)={0x0, 0x0, &(0x7f0000002140)=[{&(0x7f0000002400)="9c50c150c04ca567ded1cc2b0b060d34e705bd4e7ed0b3f36d75ff08ca312f6a270d9e78104411bfef75a7ca8f4471a850ca93f9692f9266e914706013edca1189cda2cd", 0x44}], 0x1}, 0x800) r4 = socket$inet6(0xa, 0x803, 0x6) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e21, 0x3, @empty, 0x6}, 0x1c) socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r4, r2}) r5 = syz_open_procfs(0x0, &(0x7f0000001300)='net/kcm\x00') read$char_usb(r5, &(0x7f0000000040)=""/4109, 0x100d) 6.324683295s ago: executing program 3 (id=221): syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) r2 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) r3 = dup(r2) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r3, 0x0, 0xffffffdb) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r4, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000}, 0x5}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="10d9ffffffffffff0500000000010000"], 0x10}}], 0x2, 0x0) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r5, 0x29, 0x8, &(0x7f0000000000)=0xb2, 0x24) sendmmsg$inet6(r5, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0) recvmmsg(r5, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x12141, 0x0) ioctl$RNDZAPENTCNT(r3, 0x5204, &(0x7f0000000280)=0x8) r6 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r6, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=@newtclass={0x38, 0x28, 0x200, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xfff7, 0xffe0}, {0xb, 0x8}, {0x9, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x8}}, @tclass_kind_options=@c_cake={0x9}]}, 0x38}}, 0x4) sendmmsg$inet(r6, &(0x7f0000005240), 0x4000095, 0x0) 5.97838645s ago: executing program 0 (id=222): unshare(0x26020480) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x80000) recvmsg$can_raw(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)=""/243, 0xf3}], 0x1}, 0x0) r4 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2de, 0x0, 0xffffffff}, &(0x7f00000003c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r1, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r4, 0x47f5, 0x0, 0x0, 0x0, 0x0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x1, 0x4, 0x5, 0x0, 0x0, {0x2, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) 5.867914632s ago: executing program 2 (id=223): creat(0x0, 0x80166a87e08db6a7) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)={0x2c, r5, 0x301, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040005}, 0x40040) 5.867513712s ago: executing program 4 (id=224): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05000000810000000200000009"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x402, r0}, 0x38) bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000740), &(0x7f00000004c0), 0x5, r0}, 0x38) r1 = socket$inet6(0xa, 0x5, 0x0) unshare(0x26020480) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) fadvise64(r2, 0x800001b, 0x0, 0x5) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x4}, 0x1c) listen(r1, 0x50) socket$inet6(0xa, 0x5, 0x0) r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$printer(r3, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc) 4.986800535s ago: executing program 2 (id=225): syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r0, 0x0) 4.886902187s ago: executing program 2 (id=226): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r4, 0x0, 0x4000000) setsockopt$sock_attach_bpf(r4, 0x84, 0x1e, &(0x7f0000000000), 0x4) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, 0x0) sendmsg$nl_route(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={0x0}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) write$evdev(0xffffffffffffffff, &(0x7f0000000100)=[{{}, 0x1f, 0x101, 0xf05}, {{0x77359400}, 0x14, 0x0, 0x9}, {{0x77359400}, 0x5, 0x4, 0x6}, {{0x77359400}, 0x3, 0x5, 0x2f}, {{}, 0x14, 0x5, 0x6}], 0x78) bind$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x41, 0x4}, 0x4}}, 0x10) ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f0000000280)={0x3, 0x980900, 0x2eae0342ca72d7e8}) ioctl$VIDIOC_QUERYMENU(r2, 0xc008561c, &(0x7f0000000000)={0x980900, 0x3, @name="f0f0f3efa1f7ab58f37cf538d29c1dc1fcbc7aea8ce72fda471ae80e211ff618"}) 4.65711193s ago: executing program 0 (id=227): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) inotify_add_watch(0xffffffffffffffff, 0x0, 0x42000773) syz_pidfd_open(r0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000300)={{0x1, 0x3}}) 4.506525212s ago: executing program 2 (id=228): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, 0x0) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000040)={0x7, 0x2, 0x7, 0x4d942c23, 0x4, 0x3}) 4.416375514s ago: executing program 2 (id=229): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000004000900041122000b00000001"], 0x48) r1 = socket(0x10, 0x803, 0x0) write(0xffffffffffffffff, &(0x7f0000000080), 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0xfc, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0xd0, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x15}}, @CTA_NAT_PROTO={0x4}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @CTA_NAT_PROTO={0x34, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @local}, @CTA_NAT_PROTO={0x3c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}]}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}}]}]}, 0xfc}}, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50) mmap(&(0x7f00005e8000/0x4000)=nil, 0x4000, 0x2000003, 0x28011, r5, 0xffff8000) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r6, &(0x7f0000000100)={0xa, 0xfffc, 0x0, @mcast2, 0x7}, 0x1c) sendmsg$nl_route(r1, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@ipv6_getnetconf={0x54, 0x52, 0x8, 0x70bd25, 0x25dfdbfe, {}, [@NETCONFA_FORWARDING={0x8}, @NETCONFA_FORWARDING={0x8, 0x2, 0x82a}, @NETCONFA_RP_FILTER={0x8, 0x3, 0x557c627d}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0xaa}, @NETCONFA_RP_FILTER={0x8, 0x3, 0x401}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x33}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x6}, @NETCONFA_IFINDEX={0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x4000815) sendmmsg$inet6(r6, 0x0, 0x0, 0x4400c800) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000001c0)=@updpolicy={0xc8, 0x19, 0x100, 0x70bd2b, 0x4, {{@in6=@loopback, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x200000, 0x20000000, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x820000000000002}, 0x0, 0x0, 0x1}, [@replay_val={0x10, 0xa, {0x70bd2a, 0x70bd2e, 0x8}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendto$inet6(r6, 0x0, 0x0, 0x3b40, 0x0, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) r8 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0x8000, '\x00', @p_u16=&(0x7f00000000c0)=0xfffe}}) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), &(0x7f00000000c0), 0x2, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, &(0x7f0000000000)=""/56, &(0x7f00000001c0), &(0x7f00000000c0), 0x1, r0}, 0x38) 3.658871705s ago: executing program 0 (id=230): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) inotify_add_watch(0xffffffffffffffff, 0x0, 0x42000773) syz_pidfd_open(r0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) 3.407984569s ago: executing program 3 (id=231): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) timer_create(0x2, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r2, &(0x7f0000001240)=""/102400, 0x200000, 0x0) 3.35588098s ago: executing program 1 (id=232): timer_create(0x3, 0x0, &(0x7f0000044000)) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x10000, 0x2, 0x802ce}, &(0x7f0000000000), &(0x7f0000000280)) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) timer_create(0x7, 0x0, &(0x7f0000000080)) timer_settime(0x0, 0x1, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)) timer_settime(0x0, 0x1, 0x0, &(0x7f0000000180)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48) r3 = socket$kcm(0x29, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000003600)={0x0, 0x0, &(0x7f0000002140)=[{&(0x7f0000002400)="9c50c150c04ca567ded1cc2b0b060d34e705bd4e7ed0b3f36d75ff08ca312f6a270d9e78104411bfef75a7ca8f4471a850ca93f9692f9266e914706013edca1189cda2cd", 0x44}], 0x1}, 0x800) r4 = socket$inet6(0xa, 0x803, 0x6) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e21, 0x3, @empty, 0x6}, 0x1c) socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r4, r2}) r5 = syz_open_procfs(0x0, &(0x7f0000001300)='net/kcm\x00') read$char_usb(r5, &(0x7f0000000040)=""/4109, 0x100d) 3.054682694s ago: executing program 1 (id=233): write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000002b40)=ANY=[], 0x24, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x4020ae46, &(0x7f0000000d00)={0x0, 0x0, @pic={0x0, 0x0, 0x2, 0x1, 0x0, 0xc0, 0xe, 0x0, 0x0, 0x0, 0xfc, 0xc, 0x0, 0x4}}) clock_settime(0x0, 0x0) setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, 0x0, 0x0) 2.559572642s ago: executing program 0 (id=234): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000000)=""/188, 0xbc) syz_usb_disconnect(r0) syz_usb_connect$cdc_ncm(0x0, 0x75, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x63, 0x2, 0x1, 0x6, 0x8, 0xd, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x4, 0x1, 0x3}, {0x6, 0x24, 0x1a, 0x6, 0x9}, [@network_terminal={0x7, 0x24, 0xa, 0x3, 0x0, 0xf8, 0x2}]}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0xa, 0xfc, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0xbd, 0x8, 0xa}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x2, 0xff, 0x3}}}}}}}]}}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) 2.175848558s ago: executing program 2 (id=235): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x499f, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6(0xa, 0x80003, 0x6) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40000) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000240)=[@mss, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp], 0x6) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newlink={0x48, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x6, 0x8, 0x3f}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x800000f0}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 1.695751825s ago: executing program 4 (id=236): creat(0x0, 0x80166a87e08db6a7) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000150000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)={0x2c, r5, 0x301, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040005}, 0x40040) 750.248889ms ago: executing program 4 (id=237): pipe2(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x60680, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffd000/0x1000)=nil) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x4e1, &(0x7f0000000100)={0x0, 0x1ffffd, 0x10100, 0xfffffffe, 0x9}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r3, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x468b, 0xfb96, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x110003) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0c00000001010000030000004401000010010000"], 0x150}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, 0x0, 0x4040000) 460.692454ms ago: executing program 3 (id=238): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r4, 0x0, 0x4000000) setsockopt$sock_attach_bpf(r4, 0x84, 0x1e, &(0x7f0000000000), 0x4) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, 0x0) sendmsg$nl_route(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={0x0}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) write$evdev(0xffffffffffffffff, &(0x7f0000000100)=[{{}, 0x1f, 0x101, 0xf05}, {{0x77359400}, 0x14, 0x0, 0x9}, {{0x77359400}, 0x5, 0x4, 0x6}, {{0x77359400}, 0x3, 0x5, 0x2f}, {{}, 0x14, 0x5, 0x6}], 0x78) bind$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x41, 0x4}, 0x4}}, 0x10) ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f0000000280)={0x3, 0x980900, 0x2eae0342ca72d7e8}) ioctl$VIDIOC_QUERYMENU(r2, 0xc008561c, &(0x7f0000000000)={0x980900, 0x3, @name="f0f0f3efa1f7ab58f37cf538d29c1dc1fcbc7aea8ce72fda471ae80e211ff618"}) 274.849386ms ago: executing program 3 (id=239): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, 0x0) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000040)={0x7, 0x2, 0x7, 0x4d942c23, 0x4, 0x3}) 208.436138ms ago: executing program 3 (id=240): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @random, @void, {@ipv6={0x86dd, @udp={0x3, 0x6, "67fdd5", 0x8, 0x11, 0xff, @mcast2, @ipv4={'\x00', '\xff\xff', @multicast1}, {[], {0x4e21, 0x4e24, 0x8}}}}}}, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) fallocate(0xffffffffffffffff, 0x3, 0x100000000, 0x80000000) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x400000000000000, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00ffffff800000000000000000000000000000000000000004000000000000080012000000020000000000020000000600000000000000090000000000000000000000000000000000000000000000ff01000000000000000000000000000105000600000000000a000002ffffffffff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0x154, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in6=@loopback}, {@in=@empty, 0x0, 0x32}, @in6=@loopback, {}, {}, {}, 0x0, 0x0, 0xa, 0x0, 0xfd}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}]}, 0x154}}, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, 0x0) r4 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) socket$inet_smc(0x2b, 0x1, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$apparmor_current(r6, &(0x7f0000000280)=@hat={'changehat ', 0x1, 0x5e, ['&!)^\x00']}, 0x22) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010400000000000000000500fffe0900010073797a30000000002c000000030a01020000000000000000050000000900010073797a30000000000900030073797a3200000000e4040000060a010400000000000000000500000008000b40000000000900010073797a300000000008000940000000020c0005800800014000000000c4000740ab487b1b512f33a8dbd67a8b35f2405127f309901ea13e31d5810f85eae8f528c938c24abb1b1abbda2e7fa6e0758629bb09ed64a8ba5b2ef3c3591fd06d7e10d93c0857ecac854ac51ad69639d98adb2c1464e444cc1a6a2e7ee244622433b51f58606b063f4938101a7e764c957eba2e913b2ac10435471fa769740a1275cb467e5264b71bc8727fc12e9aba46e4a8abf3dda91e0da608d6a0a35573d5524fb25451cc23051887de4df85c8e771260c4943e78905aa1e7493027366ed1bea0d80304804800018008000100667764003c000280080001"], 0x558}, 0x1, 0x0, 0x0, 0x4040000}, 0x40) close(r4) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000001040)={'nat\x00', 0x0, 0x0, 0x0, [0x9, 0x18, 0xb, 0xb, 0x6, 0x8000000000000001]}, &(0x7f00000010c0)=0x78) r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000040)={0xf0f017, 0x1}) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) 0s ago: executing program 1 (id=241): socket$inet6(0xa, 0x3, 0x6) listen(0xffffffffffffffff, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.153' (ED25519) to the list of known hosts. [ 43.778711][ T4171] cgroup: Unknown subsys name 'net' [ 43.905180][ T4171] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 45.122055][ T4171] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 46.336810][ T4191] chnl_net:caif_netlink_parms(): no params data found [ 46.461526][ T4191] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.468589][ T4191] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.476804][ T4191] device bridge_slave_0 entered promiscuous mode [ 46.491087][ T4191] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.498130][ T4191] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.506197][ T4191] device bridge_slave_1 entered promiscuous mode [ 46.530395][ T4182] chnl_net:caif_netlink_parms(): no params data found [ 46.552524][ T4191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.592247][ T4191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.618471][ T4187] chnl_net:caif_netlink_parms(): no params data found [ 46.652395][ T4183] chnl_net:caif_netlink_parms(): no params data found [ 46.664504][ T4191] team0: Port device team_slave_0 added [ 46.673894][ T4191] team0: Port device team_slave_1 added [ 46.692134][ T4192] chnl_net:caif_netlink_parms(): no params data found [ 46.759952][ T4191] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.767073][ T4191] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.793264][ T4191] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.816673][ T4182] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.823843][ T4182] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.831607][ T4182] device bridge_slave_0 entered promiscuous mode [ 46.839014][ T4191] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.846075][ T4191] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.872278][ T4191] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.899426][ T4182] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.906621][ T4182] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.914492][ T4182] device bridge_slave_1 entered promiscuous mode [ 46.933348][ T4187] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.940571][ T4187] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.948160][ T4187] device bridge_slave_0 entered promiscuous mode [ 46.972507][ T4182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.989033][ T4187] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.996153][ T4187] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.004282][ T4187] device bridge_slave_1 entered promiscuous mode [ 47.015443][ T4182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.030710][ T4183] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.037754][ T4183] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.045473][ T4183] device bridge_slave_0 entered promiscuous mode [ 47.077195][ T4183] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.084370][ T4183] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.092403][ T4183] device bridge_slave_1 entered promiscuous mode [ 47.120969][ T4182] team0: Port device team_slave_0 added [ 47.133892][ T4187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.143213][ T4192] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.150928][ T4192] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.158465][ T4192] device bridge_slave_0 entered promiscuous mode [ 47.169707][ T4191] device hsr_slave_0 entered promiscuous mode [ 47.176463][ T4191] device hsr_slave_1 entered promiscuous mode [ 47.185202][ T4182] team0: Port device team_slave_1 added [ 47.198024][ T4187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.207594][ T4192] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.214766][ T4192] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.222524][ T4192] device bridge_slave_1 entered promiscuous mode [ 47.244669][ T4183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.280378][ T4183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.289749][ T4182] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.296766][ T4182] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.322940][ T4182] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.351823][ T4187] team0: Port device team_slave_0 added [ 47.359888][ T4192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.375827][ T4182] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.383043][ T4182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.409717][ T4182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.427963][ T4187] team0: Port device team_slave_1 added [ 47.435008][ T4192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.478056][ T4183] team0: Port device team_slave_0 added [ 47.485786][ T4183] team0: Port device team_slave_1 added [ 47.510408][ T4192] team0: Port device team_slave_0 added [ 47.516639][ T4187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.524132][ T4187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.550280][ T4187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.578910][ T4192] team0: Port device team_slave_1 added [ 47.586025][ T4187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.593026][ T4187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.619023][ T4187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.642042][ T4182] device hsr_slave_0 entered promiscuous mode [ 47.648643][ T4182] device hsr_slave_1 entered promiscuous mode [ 47.655126][ T4182] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.662914][ T4182] Cannot create hsr debugfs directory [ 47.668725][ T4183] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.676297][ T4183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.702512][ T4183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.714898][ T4183] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.722016][ T4183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.748000][ T4183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.791361][ T4192] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.798300][ T4192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.824353][ T4192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.857853][ T4192] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.864850][ T4192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.890829][ T4192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.913947][ T4183] device hsr_slave_0 entered promiscuous mode [ 47.921373][ T4183] device hsr_slave_1 entered promiscuous mode [ 47.927815][ T4183] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.935387][ T4183] Cannot create hsr debugfs directory [ 47.971330][ T4187] device hsr_slave_0 entered promiscuous mode [ 47.978081][ T4187] device hsr_slave_1 entered promiscuous mode [ 47.985258][ T4187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.992882][ T4187] Cannot create hsr debugfs directory [ 48.046417][ T4192] device hsr_slave_0 entered promiscuous mode [ 48.053254][ T4192] device hsr_slave_1 entered promiscuous mode [ 48.059627][ T4192] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 48.067216][ T4192] Cannot create hsr debugfs directory [ 48.130951][ T21] Bluetooth: hci2: command 0x0409 tx timeout [ 48.137534][ T21] Bluetooth: hci0: command 0x0409 tx timeout [ 48.144067][ T21] Bluetooth: hci1: command 0x0409 tx timeout [ 48.155488][ T21] Bluetooth: hci3: command 0x0409 tx timeout [ 48.200237][ T7] Bluetooth: hci4: command 0x0409 tx timeout [ 48.273487][ T4191] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 48.292607][ T4191] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 48.302002][ T4191] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 48.315277][ T4191] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 48.346913][ T4182] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 48.355940][ T4182] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 48.376504][ T4182] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 48.386080][ T4182] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 48.449974][ T4183] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 48.467610][ T4183] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 48.477159][ T4183] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 48.493731][ T4183] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 48.558428][ T4192] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 48.573024][ T4191] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.597689][ T4192] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 48.607255][ T4192] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 48.628907][ T4182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.641359][ T4192] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 48.668930][ T4182] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.684769][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.694495][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.703296][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.711469][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.719001][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.727996][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.737133][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.744348][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.756272][ T4191] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.786164][ T4183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.794697][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.807544][ T4187] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 48.823954][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.834186][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.843112][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.850186][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.857700][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.867692][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.877913][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.884989][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.897403][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.905690][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.915247][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.924201][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.931278][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.939387][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.948187][ T4187] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 48.960926][ T4187] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 48.969232][ T4187] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.995905][ T4183] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.009255][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.019397][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.028339][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.037256][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.045745][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.054400][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.062745][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.071479][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.079575][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.087282][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.094899][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.103604][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.112160][ T3048] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.119201][ T3048] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.127595][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.136201][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.144594][ T3048] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.151645][ T3048] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.159597][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.167901][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.198245][ T4191] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.209918][ T4191] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.225733][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.236720][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.245239][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.255392][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.264658][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.295468][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.305404][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.315348][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.326741][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.353092][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.362137][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.371767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.379974][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.389233][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.398024][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.413113][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.421854][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.435972][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.446195][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.463405][ T4192] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.480647][ T4183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.489442][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.500073][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.509337][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.517809][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.539453][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.547700][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.561954][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.583605][ T4187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.593825][ T4192] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.615748][ T4191] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.627429][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.636223][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.679102][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.689901][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.705800][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.712909][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.746732][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.755494][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.764029][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.771106][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.779637][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.788460][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.797678][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.805631][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.816198][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.825466][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.837610][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.862823][ T4187] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.876634][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.886236][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.893998][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.902632][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.910025][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.919088][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.927481][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.936275][ T4183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.978488][ T4182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.987830][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.002931][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.012696][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.021443][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.029546][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.038130][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.048181][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.056852][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.065185][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.072263][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.079823][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.088391][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.096715][ T1168] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.103794][ T1168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.111998][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.126875][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.135016][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 50.143815][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.153080][ T4192] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.168341][ T4191] device veth0_vlan entered promiscuous mode [ 50.175606][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.190026][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.210584][ T4247] Bluetooth: hci3: command 0x041b tx timeout [ 50.216997][ T4247] Bluetooth: hci1: command 0x041b tx timeout [ 50.230597][ T4247] Bluetooth: hci0: command 0x041b tx timeout [ 50.236727][ T4247] Bluetooth: hci2: command 0x041b tx timeout [ 50.240686][ T4191] device veth1_vlan entered promiscuous mode [ 50.263398][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 50.271605][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.280879][ T4173] Bluetooth: hci4: command 0x041b tx timeout [ 50.285925][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.297854][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.307649][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.316481][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.324839][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.333465][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.341972][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.351001][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.359137][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.369800][ T4187] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.412714][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 50.449054][ T4191] device veth0_macvtap entered promiscuous mode [ 50.457501][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 50.473089][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.483445][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.494432][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.533906][ T4182] device veth0_vlan entered promiscuous mode [ 50.543974][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 50.552770][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 50.562064][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.577177][ T4191] device veth1_macvtap entered promiscuous mode [ 50.590816][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 50.600557][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.608569][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.623792][ T4182] device veth1_vlan entered promiscuous mode [ 50.642633][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 50.651245][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 50.659841][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.682260][ T4192] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.696010][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.710462][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 50.718499][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.726231][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.734295][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 50.742849][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.752198][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.762983][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.771650][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.779394][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.788034][ T4183] device veth0_vlan entered promiscuous mode [ 50.796533][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.804791][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.816905][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.829447][ T4191] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.838581][ T4191] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.847507][ T4191] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.856446][ T4191] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.878275][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.887128][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.895972][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.904508][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.916776][ T4183] device veth1_vlan entered promiscuous mode [ 50.927695][ T4187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.937528][ T4182] device veth0_macvtap entered promiscuous mode [ 50.977731][ T4182] device veth1_macvtap entered promiscuous mode [ 50.997389][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 51.017636][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 51.026843][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 51.035187][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 51.043890][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 51.052567][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.063137][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 51.071983][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.097527][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 51.108253][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.120806][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 51.134552][ T4183] device veth0_macvtap entered promiscuous mode [ 51.147013][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 51.155957][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 51.165794][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.184814][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 51.195538][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.206307][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 51.217212][ T4182] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.225951][ T4182] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.234673][ T4182] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.244349][ T4182] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.274318][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 51.283329][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.294156][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.303024][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.315737][ T4183] device veth1_macvtap entered promiscuous mode [ 51.334301][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 51.342389][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 51.351049][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.359192][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 51.367722][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.376357][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.384623][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.392385][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.399942][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.418023][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 51.429156][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.439215][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 51.450671][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.462337][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 51.473165][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.485201][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.492438][ T4192] device veth0_vlan entered promiscuous mode [ 51.505037][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 51.513928][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 51.523837][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.546066][ T4192] device veth1_vlan entered promiscuous mode [ 51.556509][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 51.567966][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.577958][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 51.589979][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.601442][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 51.611713][ T4187] device veth0_vlan entered promiscuous mode [ 51.620790][ T4183] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.629485][ T4183] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.638426][ T4183] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.647437][ T4183] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.667770][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.676784][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.695870][ T4187] device veth1_vlan entered promiscuous mode [ 51.712946][ T4260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.723045][ T4260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.748330][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.756771][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.761215][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 51.774399][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 51.783162][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.793015][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 51.815365][ T4192] device veth0_macvtap entered promiscuous mode [ 51.838107][ T4187] device veth0_macvtap entered promiscuous mode [ 51.846352][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 51.858875][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 51.869579][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.878681][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 51.913867][ T4192] device veth1_macvtap entered promiscuous mode [ 51.924483][ T4187] device veth1_macvtap entered promiscuous mode [ 51.952161][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.976802][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.996478][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.012923][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.023415][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.038079][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.050285][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.061183][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.072698][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 52.085219][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.097257][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.107437][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.118877][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.138027][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.148671][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.158761][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.169511][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.186474][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 52.195646][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 52.200428][ T1168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.205279][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 52.219201][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 52.227279][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 52.228610][ T1168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.244502][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.253579][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 52.263305][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.272421][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 52.283690][ T4224] Bluetooth: hci2: command 0x040f tx timeout [ 52.289811][ T4224] Bluetooth: hci0: command 0x040f tx timeout [ 52.295996][ T4224] Bluetooth: hci1: command 0x040f tx timeout [ 52.302199][ T4224] Bluetooth: hci3: command 0x040f tx timeout [ 52.315735][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.326697][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.336587][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.347605][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.357444][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.361033][ T4224] Bluetooth: hci4: command 0x040f tx timeout [ 52.369181][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.384890][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 52.395523][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.406727][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.417028][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.427669][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.437810][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.448883][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.459942][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.470632][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.482141][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 52.502151][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 52.510933][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.519502][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 52.529092][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.542325][ T4192] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.552088][ T4192] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.562125][ T4192] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.570907][ T4192] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.593036][ T4187] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.618704][ T4187] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.627582][ T4187] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.636512][ T4187] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.698882][ T1168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.729419][ T1168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.768026][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 52.910051][ T4260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.928263][ T3048] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.952486][ T4260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.970856][ T3048] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.007024][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 53.017397][ T3048] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 53.057202][ T3048] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.066276][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.093773][ T3048] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.112793][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.128854][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 53.145432][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 53.365454][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 53.467624][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 53.477031][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 53.570711][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #242!!! [ 53.598655][ T4319] tipc: Started in network mode [ 53.616976][ T4319] tipc: Node identity , cluster identity 4711 [ 53.627974][ T4319] tipc: Failed to obtain node identity [ 53.646780][ T4319] tipc: Enabling of bearer rejected, failed to enable media [ 53.750532][ T4173] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 54.000494][ T4173] usb 3-1: Using ep0 maxpacket: 32 [ 54.130445][ T4173] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 54.150555][ T4173] usb 3-1: config 0 has no interfaces? [ 54.163418][ T4173] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 54.190197][ T4173] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.229499][ T4173] usb 3-1: config 0 descriptor?? [ 54.250334][ T4247] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 54.360829][ T4173] Bluetooth: hci3: command 0x0419 tx timeout [ 54.367274][ T4173] Bluetooth: hci1: command 0x0419 tx timeout [ 54.387907][ T4173] Bluetooth: hci0: command 0x0419 tx timeout [ 54.389639][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 54.445418][ T4173] Bluetooth: hci2: command 0x0419 tx timeout [ 54.467924][ T4173] Bluetooth: hci4: command 0x0419 tx timeout [ 54.500335][ T4247] usb 1-1: Using ep0 maxpacket: 16 [ 54.860381][ T4247] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 54.877777][ T4247] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 54.909014][ T4247] usb 1-1: Product: syz [ 54.931606][ T4247] usb 1-1: Manufacturer: syz [ 54.950883][ T4247] usb 1-1: SerialNumber: syz [ 54.974550][ T4247] usb 1-1: config 0 descriptor?? [ 55.880565][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 56.952827][ T4314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 56.999810][ T4173] usb 3-1: USB disconnect, device number 2 [ 57.091020][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #240!!! [ 57.190977][ T4233] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 57.500245][ T4173] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 57.625432][ T4233] usb 2-1: config 0 has no interfaces? [ 57.656190][ T4354] ipt_CLUSTERIP: Please specify destination IP [ 57.750183][ T4173] usb 3-1: Using ep0 maxpacket: 8 [ 57.855947][ T4233] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 57.871879][ T4247] usb 1-1: USB disconnect, device number 2 [ 57.877783][ T4233] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 57.960214][ T4233] usb 2-1: Product: syz [ 57.964404][ T4233] usb 2-1: Manufacturer: syz [ 57.968992][ T4233] usb 2-1: SerialNumber: syz [ 58.030331][ T4173] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 58.049604][ T4173] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.073795][ T4173] usb 3-1: Product: syz [ 58.078199][ T4173] usb 3-1: Manufacturer: syz [ 58.102303][ T4233] usb 2-1: config 0 descriptor?? [ 58.335368][ T4173] usb 3-1: SerialNumber: syz [ 58.421019][ T4173] usb 3-1: config 0 descriptor?? [ 58.512173][ T4173] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 58.548962][ T4173] usb 3-1: setting power ON [ 58.580632][ T4173] dvb-usb: bulk message failed: -22 (2/0) [ 58.619794][ T4173] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 58.691232][ T4173] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 58.705073][ T4173] usb 3-1: media controller created [ 58.719024][ T4350] dvb-usb: bulk message failed: -22 (3/0) [ 58.737506][ T4173] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 58.760391][ T4350] dvb-usb: bulk message failed: -22 (3/0) [ 58.786431][ T4173] usb 3-1: selecting invalid altsetting 6 [ 58.799060][ T4173] usb 3-1: digital interface selection failed (-22) [ 58.832646][ T4173] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 58.832663][ T4350] dvb-usb: bulk message failed: -22 (3/0) [ 58.900790][ T4173] usb 3-1: setting power OFF [ 58.912338][ T4173] dvb-usb: bulk message failed: -22 (2/0) [ 58.957191][ T4173] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 58.975334][ T4368] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 58.994814][ T4173] (NULL device *): no alternate interface [ 59.053139][ T4173] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 59.113344][ T4173] usb 3-1: USB disconnect, device number 3 [ 59.310012][ T4371] Zero length message leads to an empty skb [ 59.744920][ T4383] loop8: detected capacity change from 0 to 7 [ 59.836486][ T4174] Dev loop8: unable to read RDB block 7 [ 59.856416][ T4174] loop8: AHDI p1 p3 p4 [ 59.872566][ T4174] loop8: partition table partially beyond EOD, truncated [ 59.909146][ T4174] loop8: p1 start 975770946 is beyond EOD, truncated [ 59.975878][ T4174] loop8: p3 start 6514546 is beyond EOD, truncated [ 60.066988][ T4383] Dev loop8: unable to read RDB block 7 [ 60.101842][ T4383] loop8: AHDI p1 p3 p4 [ 60.153683][ T4383] loop8: partition table partially beyond EOD, truncated [ 60.177530][ T4396] process 'syz.2.27' launched './file0' with NULL argv: empty string added [ 60.237876][ T4383] loop8: p1 start 975770946 is beyond EOD, truncated [ 60.260255][ T4383] loop8: p3 start 6514546 is beyond EOD, truncated [ 60.574379][ T4405] syz.0.29: vmalloc error: size 8590360064, exceeds total pages, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 60.633588][ T4405] CPU: 0 PID: 4405 Comm: syz.0.29 Not tainted 5.15.188-syzkaller #0 [ 60.641600][ T4405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 60.651671][ T4405] Call Trace: [ 60.654954][ T4405] [ 60.657884][ T4405] dump_stack_lvl+0x168/0x230 [ 60.662568][ T4405] ? rcu_lock_release+0x5/0x20 [ 60.667328][ T4405] ? show_regs_print_info+0x20/0x20 [ 60.672534][ T4405] ? load_image+0x3b0/0x3b0 [ 60.677053][ T4405] warn_alloc+0x20e/0x2f0 [ 60.681388][ T4405] ? mark_lock+0x94/0x320 [ 60.685854][ T4405] ? zone_watermark_ok_safe+0x240/0x240 [ 60.691413][ T4405] ? qlink_free+0x80/0x80 [ 60.695750][ T4405] __vmalloc_node_range+0x2b1/0x8b0 [ 60.700953][ T4405] ? qlist_free_all+0x35/0x90 [ 60.705635][ T4405] ? memslot_rmap_alloc+0x65/0x2c0 [ 60.710746][ T4405] __vmalloc+0x76/0x80 [ 60.714813][ T4405] ? memslot_rmap_alloc+0x65/0x2c0 [ 60.719190][ T23] usb 2-1: USB disconnect, device number 2 [ 60.719919][ T4405] memslot_rmap_alloc+0x65/0x2c0 [ 60.730638][ T4405] kvm_arch_prepare_memory_region+0xb0/0xb70 [ 60.736636][ T4405] kvm_set_memslot+0x646/0x19c0 [ 60.741530][ T4405] ? __kvm_memslots+0x1a0/0x1a0 [ 60.746400][ T4405] __kvm_set_memory_region+0xaf6/0xd40 [ 60.751875][ T4405] ? kvm_put_kvm_no_destroy+0x80/0x80 [ 60.757275][ T4405] ? __might_fault+0xb7/0x110 [ 60.761959][ T4405] ? mutex_lock_io_nested+0x60/0x60 [ 60.767174][ T4405] ? __might_fault+0xb3/0x110 [ 60.771861][ T4405] kvm_vm_ioctl_set_memory_region+0x6f/0xa0 [ 60.777762][ T4405] kvm_vm_ioctl+0x8c4/0xa80 [ 60.782272][ T4405] ? kvm_device_release+0x1f0/0x1f0 [ 60.787474][ T4405] ? tomoyo_path_number_perm+0x4d4/0x5d0 [ 60.793108][ T4405] ? verify_lock_unused+0x140/0x140 [ 60.798371][ T4405] ? bpf_lsm_file_ioctl+0x5/0x10 [ 60.803310][ T4405] ? security_file_ioctl+0x7c/0xa0 [ 60.808425][ T4405] ? kvm_device_release+0x1f0/0x1f0 [ 60.813622][ T4405] __se_sys_ioctl+0xfa/0x170 [ 60.818214][ T4405] do_syscall_64+0x4c/0xa0 [ 60.822634][ T4405] ? clear_bhb_loop+0x30/0x80 [ 60.827313][ T4405] ? clear_bhb_loop+0x30/0x80 [ 60.831990][ T4405] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 60.837892][ T4405] RIP: 0033:0x7f7fb0fbf929 [ 60.842303][ T4405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.861906][ T4405] RSP: 002b:00007f7faee27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.870330][ T4405] RAX: ffffffffffffffda RBX: 00007f7fb11e6fa0 RCX: 00007f7fb0fbf929 [ 60.878306][ T4405] RDX: 0000200000000d00 RSI: 000000004020ae46 RDI: 0000000000000004 [ 60.886283][ T4405] RBP: 00007f7fb1041b39 R08: 0000000000000000 R09: 0000000000000000 [ 60.894260][ T4405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.902240][ T4405] R13: 0000000000000000 R14: 00007f7fb11e6fa0 R15: 00007ffc262a6658 [ 60.910227][ T4405] [ 60.915787][ T4405] Mem-Info: [ 60.919049][ T4405] active_anon:276 inactive_anon:7943 isolated_anon:0 [ 60.919049][ T4405] active_file:4610 inactive_file:36465 isolated_file:0 [ 60.919049][ T4405] unevictable:768 dirty:1659 writeback:0 [ 60.919049][ T4405] slab_reclaimable:20215 slab_unreclaimable:93464 [ 60.919049][ T4405] mapped:32582 shmem:4488 pagetables:615 bounce:0 [ 60.919049][ T4405] kernel_misc_reclaimable:0 [ 60.919049][ T4405] free:1385178 free_pcp:10248 free_cma:0 [ 61.055584][ T4405] Node 0 active_anon:1080kB inactive_anon:39032kB active_file:18244kB inactive_file:145984kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:137892kB dirty:6680kB writeback:0kB shmem:23484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:11296kB pagetables:2528kB all_unreclaimable? no [ 61.150341][ T4405] Node 1 active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no [ 61.306206][ T4405] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 61.504849][ T4405] lowmem_reserve[]: 0 2541 2542 2542 2542 [ 61.511398][ T4405] Node 0 DMA32 free:1614420kB min:34800kB low:43500kB high:52200kB reserved_highatomic:0KB active_anon:1080kB inactive_anon:43032kB active_file:18244kB inactive_file:146184kB unevictable:1536kB writepending:6680kB present:3129332kB managed:2608992kB mlocked:0kB bounce:0kB free_pcp:16004kB local_pcp:7496kB free_cma:0kB [ 61.549261][ T4405] lowmem_reserve[]: 0 0 0 0 0 [ 61.556298][ T4405] Node 0 Normal free:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:916kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 61.636864][ T4405] lowmem_reserve[]: 0 0 0 0 0 [ 61.654423][ T4405] Node 1 Normal free:3907468kB min:55088kB low:68860kB high:82632kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:14684kB local_pcp:6468kB free_cma:0kB [ 61.689444][ T4405] lowmem_reserve[]: 0 0 0 0 0 [ 61.695042][ T4405] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 61.727932][ T4405] Node 0 DMA32: 1*4kB (E) 2*8kB (UM) 2*16kB (ME) 2*32kB (ME) 2*64kB (UM) 1*128kB (M) 1*256kB (U) 2*512kB (UE) 3*1024kB (UME) 4*2048kB (UME) 391*4096kB (M) = 1614452kB [ 61.753112][ T4405] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 61.777595][ T26] audit: type=1326 audit(1752541951.488:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb522e25b19 code=0x7ffc0000 [ 61.799612][ T4405] Node 1 Normal: 71*4kB (UME) 24*8kB (UME) 19*16kB (UME) 42*32kB (UME) 27*64kB (UME) 17*128kB (UME) 6*256kB (U) 1*512kB (U) 2*1024kB (UE) 3*2048kB (UME) 950*4096kB (M) = 3907468kB [ 61.873401][ T26] audit: type=1326 audit(1752541951.528:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb522e25b19 code=0x7ffc0000 [ 62.009124][ T4405] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 62.074455][ T4405] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 62.096578][ T26] audit: type=1326 audit(1752541951.538:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb522e89929 code=0x7ffc0000 [ 62.173925][ T4405] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 62.223322][ T4405] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 62.268675][ T26] audit: type=1326 audit(1752541951.538:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb522e25b19 code=0x7ffc0000 [ 62.325493][ T4405] 45632 total pagecache pages [ 62.347819][ T4405] 0 pages in swap cache [ 62.367875][ T4405] Swap cache stats: add 0, delete 0, find 0/0 [ 62.400246][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 62.424164][ T26] audit: type=1326 audit(1752541951.538:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb522e25b19 code=0x7ffc0000 [ 62.430240][ T4405] Free swap = 124996kB [ 62.522038][ T4405] Total swap = 124996kB [ 62.526208][ T4405] 2097051 pages RAM [ 62.546410][ T26] audit: type=1326 audit(1752541951.538:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb522e25b19 code=0x7ffc0000 [ 62.570208][ T4405] 0 pages HighMem/MovableOnly [ 62.585043][ T4405] 410816 pages reserved [ 62.589198][ T4405] 0 pages cma reserved [ 62.715143][ T26] audit: type=1326 audit(1752541951.538:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb522e89929 code=0x7ffc0000 [ 62.821041][ T23] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 62.842150][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 62.851099][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #28a!!! [ 62.860169][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #28a!!! [ 62.872725][ T23] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 62.904512][ T23] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 62.919755][ T26] audit: type=1326 audit(1752541951.538:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb522e89929 code=0x7ffc0000 [ 62.959925][ T23] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 62.990210][ T23] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 63.025252][ T26] audit: type=1326 audit(1752541951.538:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb522e89929 code=0x7ffc0000 [ 63.125450][ T26] audit: type=1326 audit(1752541951.538:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb522e25b19 code=0x7ffc0000 [ 63.181075][ T23] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 63.202651][ T23] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 63.234052][ T23] usb 2-1: Product: syz [ 63.247192][ T23] usb 2-1: Manufacturer: syz [ 63.321266][ T23] cdc_wdm 2-1:1.0: skipping garbage [ 63.326625][ T23] cdc_wdm 2-1:1.0: skipping garbage [ 63.444672][ T23] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 63.496517][ T23] cdc_wdm 2-1:1.0: Unknown control protocol [ 63.618326][ T23] usb 2-1: USB disconnect, device number 3 [ 67.098058][ T4552] tipc: Started in network mode [ 67.120214][ T4552] tipc: Node identity 12602b997b02, cluster identity 4711 [ 67.127868][ T4552] tipc: Enabled bearer , priority 0 [ 67.186520][ T4555] device syzkaller0 entered promiscuous mode [ 67.298866][ T4552] tipc: Resetting bearer [ 67.341688][ T4551] tipc: Resetting bearer [ 67.388060][ T4551] tipc: Disabling bearer [ 67.602487][ T4247] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 67.861762][ T4571] bridge0: port 3(vlan2) entered blocking state [ 67.870355][ T4247] usb 5-1: Using ep0 maxpacket: 32 [ 67.882134][ T4571] bridge0: port 3(vlan2) entered disabled state [ 67.920188][ T4571] device vlan2 entered promiscuous mode [ 67.938401][ T4571] device bond0 entered promiscuous mode [ 67.947469][ T4571] device bond_slave_0 entered promiscuous mode [ 67.972125][ T4571] device bond_slave_1 entered promiscuous mode [ 68.000632][ T4247] usb 5-1: config 0 has no interfaces? [ 68.008446][ T4247] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 68.032677][ T4247] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.092866][ T4247] usb 5-1: config 0 descriptor?? [ 68.820285][ T4184] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 69.034046][ T4247] usb 5-1: USB disconnect, device number 2 [ 69.100266][ T4184] usb 4-1: Using ep0 maxpacket: 16 [ 69.230393][ T4184] usb 4-1: config 0 has an invalid interface number: 64 but max is 0 [ 69.247889][ T4184] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 69.262789][ T4233] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 69.280316][ T4184] usb 4-1: config 0 has no interface number 0 [ 69.286430][ T4184] usb 4-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.5b [ 69.299354][ T4184] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.312023][ T4184] usb 4-1: config 0 descriptor?? [ 69.412166][ T4184] usb 4-1: Found UVC 0.00 device (0bd3:0555) [ 69.419103][ T4184] usb 4-1: No valid video chain found. [ 69.590204][ T4233] usb 2-1: Using ep0 maxpacket: 32 [ 69.664233][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 69.714936][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 69.723809][ T4233] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 69.732043][ T4233] usb 2-1: config 0 has no interface number 0 [ 69.739005][ T4233] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 69.750455][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 69.759269][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 69.769166][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 69.778204][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 69.787217][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 69.797264][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 69.806107][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 69.815032][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 69.910389][ T4233] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 69.930481][ T4233] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.940300][ T4233] usb 2-1: Product: syz [ 69.944521][ T4233] usb 2-1: Manufacturer: syz [ 69.949228][ T4233] usb 2-1: SerialNumber: syz [ 69.957131][ T4233] usb 2-1: config 0 descriptor?? [ 70.013667][ T4233] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 70.033810][ T4233] em28xx 2-1:0.132: Video interface 132 found: [ 70.120219][ T4184] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 70.353551][ T4233] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 70.470332][ T4233] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 70.485617][ T4233] em28xx 2-1:0.132: board has no eeprom [ 70.530344][ T4184] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 70.543390][ T4184] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.580700][ T4233] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 70.593458][ T4233] em28xx 2-1:0.132: analog set to bulk mode. [ 70.606900][ T23] em28xx 2-1:0.132: Registering V4L2 extension [ 70.624486][ T4233] usb 2-1: USB disconnect, device number 4 [ 70.648490][ T4233] em28xx 2-1:0.132: Disconnecting em28xx [ 70.660677][ T4184] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 70.681589][ T4184] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 70.709954][ T4184] usb 5-1: Manufacturer: syz [ 70.756683][ T4184] usb 5-1: config 0 descriptor?? [ 70.835011][ T23] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 70.861383][ T23] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 70.888491][ T23] em28xx 2-1:0.132: No AC97 audio processor [ 70.923079][ T23] usb 2-1: Decoder not found [ 70.928779][ T23] em28xx 2-1:0.132: failed to create media graph [ 70.935550][ T23] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 70.961027][ T4184] rc_core: IR keymap rc-hauppauge not found [ 70.968123][ T4184] Registered IR keymap rc-empty [ 70.979899][ T23] em28xx 2-1:0.132: Remote control support is not available for this card. [ 70.996866][ T4184] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 71.053182][ T4233] em28xx 2-1:0.132: Closing input extension [ 71.076692][ T4233] em28xx 2-1:0.132: Freeing device [ 71.096712][ T4184] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input5 [ 71.164318][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.170890][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.250245][ C1] igorplugusb 5-1:0.0: Error: urb status = -32 [ 71.278795][ T7] usb 5-1: USB disconnect, device number 3 [ 71.290369][ T4247] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 71.601821][ T7] usb 4-1: USB disconnect, device number 2 [ 71.670332][ T4247] usb 3-1: config 0 has no interfaces? [ 71.830340][ T4247] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 71.856393][ T4247] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.900381][ T4640] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 71.914557][ T4247] usb 3-1: Product: syz [ 71.918731][ T4247] usb 3-1: Manufacturer: syz [ 71.923538][ T4247] usb 3-1: SerialNumber: syz [ 71.938638][ T4247] usb 3-1: config 0 descriptor?? [ 72.240349][ T7] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 72.610353][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 72.655539][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 72.664990][ T4233] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 72.731556][ T7] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 72.832054][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.952259][ T23] usb 3-1: USB disconnect, device number 4 [ 72.952614][ T7] usb 5-1: config 0 descriptor?? [ 73.030291][ T4233] usb 2-1: config 0 has no interfaces? [ 73.190322][ T4233] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 73.207059][ T4233] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.234966][ T4233] usb 2-1: Product: syz [ 73.247573][ T4233] usb 2-1: Manufacturer: syz [ 73.264977][ T4233] usb 2-1: SerialNumber: syz [ 73.286884][ T4233] usb 2-1: config 0 descriptor?? [ 73.339293][ T4665] loop0: detected capacity change from 0 to 2048 [ 73.380225][ T23] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 73.444287][ T4665] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,min_batch_time=0x0000000000000000,barrier=0x00000000000003ff,noblock_validity,,errors=continue. Quota mode: none. [ 73.550326][ T4173] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 73.891197][ T23] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 74.260302][ T7] usbhid 5-1:0.0: can't add hid device: -71 [ 74.266298][ T7] usbhid: probe of 5-1:0.0 failed with error -71 [ 74.274392][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.342817][ T23] usb 3-1: config 0 descriptor?? [ 74.363262][ T4173] usb 4-1: Using ep0 maxpacket: 32 [ 74.376354][ T4672] tipc: Started in network mode [ 74.400478][ T23] cp210x 3-1:0.0: cp210x converter detected [ 74.406581][ T7] usb 5-1: USB disconnect, device number 4 [ 74.416625][ T4672] tipc: Node identity a60b97bb743e, cluster identity 4711 [ 74.494277][ T4173] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 74.505703][ T4672] tipc: Enabled bearer , priority 0 [ 74.523613][ T4173] usb 4-1: config 0 has no interface number 0 [ 74.535090][ T4677] device syzkaller0 entered promiscuous mode [ 74.541561][ T4173] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 74.652834][ T4672] tipc: Resetting bearer [ 74.691137][ T4671] tipc: Resetting bearer [ 74.730373][ T4173] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 74.741428][ T4671] tipc: Disabling bearer [ 74.750839][ T4173] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.770212][ T4173] usb 4-1: Product: syz [ 74.780341][ T4173] usb 4-1: Manufacturer: syz [ 74.790235][ T4173] usb 4-1: SerialNumber: syz [ 74.800847][ T4173] usb 4-1: config 0 descriptor?? [ 74.842694][ T4173] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 74.898202][ T4173] em28xx 4-1:0.132: Video interface 132 found: [ 74.970242][ T7] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 74.991397][ T4247] usb 2-1: USB disconnect, device number 5 [ 75.052375][ T4692] __nla_validate_parse: 44 callbacks suppressed [ 75.052391][ T4692] netlink: 128 bytes leftover after parsing attributes in process `syz.1.91'. [ 75.170329][ T23] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 75.283183][ T4173] em28xx 4-1:0.132: unknown em28xx chip ID (0) [ 75.370372][ T7] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.384153][ T7] usb 1-1: config 0 has no interfaces? [ 75.400402][ T4173] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 75.409234][ T4173] em28xx 4-1:0.132: board has no eeprom [ 75.500458][ T4247] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 75.507964][ T4173] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 75.525180][ T4173] em28xx 4-1:0.132: analog set to bulk mode. [ 75.540560][ T7] usb 1-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 75.556738][ T4173] usb 4-1: USB disconnect, device number 3 [ 75.570206][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.579002][ T4173] em28xx 4-1:0.132: Disconnecting em28xx [ 75.588542][ T7] usb 1-1: Product: syz [ 75.597738][ T7] usb 1-1: Manufacturer: syz [ 75.631015][ T7] usb 1-1: SerialNumber: syz [ 75.659685][ T7] usb 1-1: config 0 descriptor?? [ 75.667894][ T4224] em28xx 4-1:0.132: Registering V4L2 extension [ 75.845479][ T4224] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 75.858338][ T4224] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 75.872975][ T4224] em28xx 4-1:0.132: No AC97 audio processor [ 75.891510][ T4224] usb 4-1: Decoder not found [ 75.896125][ T4224] em28xx 4-1:0.132: failed to create media graph [ 75.923516][ T4224] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 75.933230][ T4247] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 75.947226][ T4247] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.986400][ T4224] em28xx 4-1:0.132: Remote control support is not available for this card. [ 76.002033][ T4173] em28xx 4-1:0.132: Closing input extension [ 76.025072][ T4173] em28xx 4-1:0.132: Freeing device [ 76.069208][ T4224] usb 1-1: USB disconnect, device number 3 [ 76.080389][ T4247] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 76.120027][ T4247] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 76.136391][ T4247] usb 2-1: Manufacturer: syz [ 76.156629][ T4247] usb 2-1: config 0 descriptor?? [ 76.283299][ T1324] cfg80211: failed to load regulatory.db [ 76.300297][ T4247] rc_core: IR keymap rc-hauppauge not found [ 76.306221][ T4247] Registered IR keymap rc-empty [ 76.313821][ T4247] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 76.341719][ T4247] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input6 [ 76.434616][ T4694] udc-core: couldn't find an available UDC or it's busy [ 76.450188][ C0] igorplugusb 2-1:0.0: Error: urb status = -32 [ 76.467308][ T4694] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 76.503657][ T4247] usb 2-1: USB disconnect, device number 6 [ 76.560447][ T23] cp210x 3-1:0.0: failed to get vendor val 0x370c size 15: -71 [ 76.577292][ T23] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 76.640604][ T23] usb 3-1: cp210x converter now attached to ttyUSB0 [ 76.688845][ T23] usb 3-1: USB disconnect, device number 5 [ 76.753398][ T23] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 76.798307][ T23] cp210x 3-1:0.0: device disconnected [ 77.143425][ T4722] netlink: 24 bytes leftover after parsing attributes in process `syz.1.97'. [ 77.188954][ T4722] netlink: 196 bytes leftover after parsing attributes in process `syz.1.97'. [ 77.379647][ T4726] tipc: Started in network mode [ 77.384658][ T23] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 77.409968][ T4726] tipc: Node identity e25c71e70cf1, cluster identity 4711 [ 77.435399][ T4726] tipc: Enabled bearer , priority 0 [ 77.457764][ T4728] device syzkaller0 entered promiscuous mode [ 77.516717][ T4726] tipc: Resetting bearer [ 77.547864][ T4725] tipc: Resetting bearer [ 77.589567][ T4725] tipc: Disabling bearer [ 77.750951][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.796954][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 77.837528][ T23] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 77.900797][ T23] usb 5-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00 [ 77.943749][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.986603][ T23] usb 5-1: config 0 descriptor?? [ 78.617279][ T23] dragonrise 0003:0079:0011.0001: unknown main item tag 0x5 [ 78.630432][ T23] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0 [ 78.832997][ T4721] udc-core: couldn't find an available UDC or it's busy [ 78.863321][ T4721] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 78.979727][ T23] dragonrise 0003:0079:0011.0001: hidraw0: USB HID v0.00 Device [HID 0079:0011] on usb-dummy_hcd.4-1/input0 [ 79.533613][ T4224] usb 5-1: USB disconnect, device number 5 [ 82.989620][ T4825] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 83.025370][ T4825] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.049012][ T4825] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.099341][ T4825] device bridge_slave_0 left promiscuous mode [ 83.110201][ T4825] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.148512][ T4825] device bridge_slave_1 left promiscuous mode [ 83.179702][ T4825] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.200194][ T21] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 83.265569][ T4825] bond0: (slave bond_slave_0): Releasing backup interface [ 83.365485][ T4825] bond0: (slave bond_slave_1): Releasing backup interface [ 83.552689][ T4825] team0: Port device team_slave_0 removed [ 83.625367][ T4825] team0: Port device team_slave_1 removed [ 83.650085][ T4825] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 83.657907][ T4825] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 83.671027][ T4825] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 83.678535][ T4825] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 83.829953][ T21] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 83.840960][ T21] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 83.849856][ T21] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 83.859148][ T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.323821][ T21] usb 4-1: config 0 descriptor?? [ 84.436860][ T4825] syz.1.129 (4825) used greatest stack depth: 19712 bytes left [ 84.449140][ T21] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 84.461571][ T21] dvb-usb: bulk message failed: -22 (3/0) [ 84.475022][ T21] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 84.568142][ T21] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 84.590176][ T21] usb 4-1: media controller created [ 84.596376][ T21] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 84.621214][ T21] dvb-usb: bulk message failed: -22 (6/0) [ 84.636727][ T21] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 84.649517][ T4821] udc-core: couldn't find an available UDC or it's busy [ 84.664695][ T4821] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 84.675478][ T4821] netlink: 36 bytes leftover after parsing attributes in process `syz.3.128'. [ 84.751084][ T21] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input7 [ 84.771281][ T21] dvb-usb: schedule remote query interval to 150 msecs. [ 84.782652][ T21] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 84.844364][ T21] usb 4-1: USB disconnect, device number 4 [ 84.890305][ T21] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 86.028724][ T4894] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 86.152916][ T4897] tipc: Enabled bearer , priority 0 [ 86.177595][ T4897] device syzkaller0 entered promiscuous mode [ 86.215346][ T4897] tipc: Resetting bearer [ 86.229147][ T4896] tipc: Resetting bearer [ 86.240239][ T1107] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 86.307860][ T4896] tipc: Disabling bearer [ 86.810260][ T1107] usb 3-1: Using ep0 maxpacket: 8 [ 87.356007][ T1107] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 87.365663][ T1107] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 87.377972][ T1107] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 87.388374][ T1107] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 87.398571][ T1107] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 87.418613][ T1107] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 87.471103][ T1107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.750291][ T1107] usb 3-1: usb_control_msg returned -32 [ 87.756184][ T1107] usbtmc 3-1:16.0: can't read capabilities [ 89.126161][ T1324] usb 3-1: USB disconnect, device number 6 [ 89.923558][ T4942] tipc: Started in network mode [ 89.928458][ T4942] tipc: Node identity 861dddef597f, cluster identity 4711 [ 89.971381][ T4942] tipc: Enabled bearer , priority 0 [ 89.995337][ T4942] device syzkaller0 entered promiscuous mode [ 90.015412][ T4942] tipc: Resetting bearer [ 90.034037][ T4941] tipc: Resetting bearer [ 90.102838][ T4941] tipc: Disabling bearer [ 90.182326][ T4952] loop4: detected capacity change from 0 to 256 [ 90.258353][ T4952] FAT-fs (loop4): bogus logical sector size 0 [ 90.279729][ T4952] FAT-fs (loop4): Can't find a valid FAT filesystem [ 91.159439][ T4958] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 91.166270][ T4958] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 91.175104][ T4958] vhci_hcd vhci_hcd.0: Device attached [ 91.182142][ T4961] vhci_hcd: connection closed [ 91.193640][ T1168] vhci_hcd: stop threads [ 91.243727][ T1168] vhci_hcd: release socket [ 91.300888][ T1168] vhci_hcd: disconnect device [ 91.359370][ T4968] syz.1.175[4968] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.359434][ T4968] syz.1.175[4968] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.406898][ T26] kauditd_printk_skb: 59 callbacks suppressed [ 91.406909][ T26] audit: type=1326 audit(1752541981.118:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4967 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19c8222929 code=0x7ffc0000 [ 91.575311][ T26] audit: type=1326 audit(1752541981.118:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4967 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f19c8222929 code=0x7ffc0000 [ 91.671151][ T26] audit: type=1326 audit(1752541981.118:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4967 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19c8222929 code=0x7ffc0000 [ 91.700780][ T26] audit: type=1326 audit(1752541981.118:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4967 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f19c8222929 code=0x7ffc0000 [ 91.729701][ T26] audit: type=1326 audit(1752541981.118:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4967 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19c8222929 code=0x7ffc0000 [ 91.774935][ T26] audit: type=1326 audit(1752541981.118:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4967 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f19c8222929 code=0x7ffc0000 [ 91.895222][ T26] audit: type=1326 audit(1752541981.118:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4967 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19c8222929 code=0x7ffc0000 [ 91.923174][ T26] audit: type=1326 audit(1752541981.118:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4967 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f19c8222929 code=0x7ffc0000 [ 92.052008][ T26] audit: type=1326 audit(1752541981.118:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4967 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19c8222929 code=0x7ffc0000 [ 92.340756][ T26] audit: type=1326 audit(1752541981.118:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4967 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f19c8222929 code=0x7ffc0000 [ 95.060257][ T4247] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 95.100887][ T5011] loop1: detected capacity change from 0 to 256 [ 95.133916][ T5011] FAT-fs (loop1): bogus logical sector size 0 [ 95.170347][ T5011] FAT-fs (loop1): Can't find a valid FAT filesystem [ 95.310240][ T4247] usb 3-1: Using ep0 maxpacket: 16 [ 95.431568][ T4247] usb 3-1: config 0 has an invalid interface number: 64 but max is 0 [ 95.451328][ T4247] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 95.530409][ T4247] usb 3-1: config 0 has no interface number 0 [ 95.556970][ T4247] usb 3-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.5b [ 95.582764][ T4247] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.632847][ T4247] usb 3-1: config 0 descriptor?? [ 95.674384][ T4247] usb 3-1: Found UVC 0.00 device (0bd3:0555) [ 95.750945][ T4247] usb 3-1: No valid video chain found. [ 95.813435][ T5017] netlink: 16 bytes leftover after parsing attributes in process `syz.1.189'. [ 95.850347][ T5017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.189'. [ 95.927167][ T5019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'. [ 95.951583][ T5019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'. [ 95.998362][ T5019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'. [ 96.016843][ T5019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'. [ 96.028945][ T5019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'. [ 96.039639][ T5019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'. [ 96.052124][ T5019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'. [ 96.064234][ T5019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'. [ 96.415762][ T5037] netlink: 'syz.1.194': attribute type 1 has an invalid length. [ 96.454873][ T5037] 8021q: adding VLAN 0 to HW filter on device bond1 [ 96.510186][ T5037] bond1: (slave gretap1): making interface the new active one [ 96.589946][ T5037] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 96.644231][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 97.190751][ T4224] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 97.261535][ T23] usb 3-1: USB disconnect, device number 7 [ 97.520205][ T4224] usb 2-1: Using ep0 maxpacket: 16 [ 97.650357][ T4224] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 97.670287][ T4224] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 97.850280][ T4224] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 97.868581][ T4224] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.885537][ T4224] usb 2-1: Product: syz [ 97.907620][ T4224] usb 2-1: Manufacturer: syz [ 97.912398][ T4224] usb 2-1: SerialNumber: syz [ 98.047198][ T5057] loop3: detected capacity change from 0 to 256 [ 98.139671][ T5057] FAT-fs (loop3): bogus logical sector size 0 [ 98.160344][ T5057] FAT-fs (loop3): Can't find a valid FAT filesystem [ 98.250613][ T4224] usb 2-1: 0:2 : does not exist [ 98.309659][ T4224] usb 2-1: USB disconnect, device number 7 [ 99.387810][ T5063] device syzkaller0 entered promiscuous mode [ 100.078143][ T5078] loop2: detected capacity change from 0 to 2048 [ 100.166801][ T5078] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,min_batch_time=0x0000000000000000,barrier=0x00000000000003ff,noblock_validity,,errors=continue. Quota mode: none. [ 101.096152][ T4173] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 101.375369][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 101.375381][ T26] audit: type=1326 audit(1752541991.088:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2806f80929 code=0x7ffc0000 [ 101.471173][ T5093] __nla_validate_parse: 47 callbacks suppressed [ 101.471182][ T5093] netlink: 36 bytes leftover after parsing attributes in process `syz.2.209'. [ 101.496624][ T26] audit: type=1326 audit(1752541991.118:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=196 compat=0 ip=0x7f2806f80929 code=0x7ffc0000 [ 101.569627][ T26] audit: type=1326 audit(1752541991.118:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2806f80929 code=0x7ffc0000 [ 101.592157][ T4173] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 101.618794][ T4173] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 101.668812][ T4173] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 101.693687][ T26] audit: type=1326 audit(1752541991.128:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2806f7f290 code=0x7ffc0000 [ 101.720924][ T4173] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.760922][ T4173] usb 4-1: config 0 descriptor?? [ 101.800594][ T26] audit: type=1326 audit(1752541991.128:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2806f80929 code=0x7ffc0000 [ 101.924535][ T26] audit: type=1326 audit(1752541991.138:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f2806f80929 code=0x7ffc0000 [ 102.079542][ T26] audit: type=1326 audit(1752541991.138:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2806f80929 code=0x7ffc0000 [ 102.183540][ T26] audit: type=1326 audit(1752541991.138:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2806f80929 code=0x7ffc0000 [ 102.303138][ T26] audit: type=1326 audit(1752541991.138:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2806f80929 code=0x7ffc0000 [ 102.468364][ T5075] ODEBUG: Out of memory. ODEBUG disabled [ 102.499633][ T26] audit: type=1326 audit(1752541991.138:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2806f80929 code=0x7ffc0000 [ 103.175532][ T1324] usb 4-1: USB disconnect, device number 5 [ 104.601877][ T5118] loop4: detected capacity change from 0 to 256 [ 104.751132][ T5118] FAT-fs (loop4): bogus logical sector size 0 [ 104.787693][ T5118] FAT-fs (loop4): Can't find a valid FAT filesystem [ 104.966360][ T5122] kvm: MONITOR instruction emulated as NOP! [ 105.038502][ T5125] loop0: detected capacity change from 0 to 2048 [ 105.284312][ T5125] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,min_batch_time=0x0000000000000000,barrier=0x00000000000003ff,noblock_validity,,errors=continue. Quota mode: none. [ 107.270529][ T21] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 107.510212][ T21] usb 5-1: Using ep0 maxpacket: 32 [ 107.630413][ T21] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 107.656149][ T21] usb 5-1: config 0 has no interface number 0 [ 107.690573][ T21] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 108.030308][ T21] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 108.120747][ T21] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.300829][ T21] usb 5-1: Product: syz [ 108.393132][ T21] usb 5-1: Manufacturer: syz [ 108.501739][ T21] usb 5-1: SerialNumber: syz [ 108.544199][ T21] usb 5-1: config 0 descriptor?? [ 108.612677][ T21] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 108.772913][ T21] em28xx 5-1:0.132: Video interface 132 found: [ 108.855450][ T5075] Set syz1 is full, maxelem 65536 reached [ 109.140296][ T21] em28xx 5-1:0.132: unknown em28xx chip ID (0) [ 109.328706][ T5181] syz.1.233: vmalloc error: size 8590360064, exceeds total pages, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 109.414395][ T5181] CPU: 1 PID: 5181 Comm: syz.1.233 Not tainted 5.15.188-syzkaller #0 [ 109.422494][ T5181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.432551][ T5181] Call Trace: [ 109.435833][ T5181] [ 109.438762][ T5181] dump_stack_lvl+0x168/0x230 [ 109.443444][ T5181] ? rcu_lock_release+0x5/0x20 [ 109.448209][ T5181] ? show_regs_print_info+0x20/0x20 [ 109.453405][ T5181] ? load_image+0x3b0/0x3b0 [ 109.457921][ T5181] warn_alloc+0x20e/0x2f0 [ 109.462254][ T5181] ? __lock_acquire+0x7c60/0x7c60 [ 109.467284][ T5181] ? zone_watermark_ok_safe+0x240/0x240 [ 109.472839][ T5181] ? mark_lock+0x94/0x320 [ 109.477179][ T5181] __vmalloc_node_range+0x2b1/0x8b0 [ 109.482392][ T5181] ? memslot_rmap_alloc+0x65/0x2c0 [ 109.487504][ T5181] __vmalloc+0x76/0x80 [ 109.491575][ T5181] ? memslot_rmap_alloc+0x65/0x2c0 [ 109.496691][ T5181] memslot_rmap_alloc+0x65/0x2c0 [ 109.501628][ T5181] kvm_arch_prepare_memory_region+0xb0/0xb70 [ 109.507613][ T5181] kvm_set_memslot+0x646/0x19c0 [ 109.512474][ T5181] ? __kvm_memslots+0x1a0/0x1a0 [ 109.517341][ T5181] __kvm_set_memory_region+0xaf6/0xd40 [ 109.522810][ T5181] ? kvm_put_kvm_no_destroy+0x80/0x80 [ 109.528182][ T5181] ? __might_fault+0xb7/0x110 [ 109.532856][ T5181] ? mutex_lock_io_nested+0x60/0x60 [ 109.538062][ T5181] ? __might_fault+0xb3/0x110 [ 109.542744][ T5181] kvm_vm_ioctl_set_memory_region+0x6f/0xa0 [ 109.548640][ T5181] kvm_vm_ioctl+0x8c4/0xa80 [ 109.553142][ T5181] ? kvm_device_release+0x1f0/0x1f0 [ 109.558340][ T5181] ? tomoyo_path_number_perm+0x4d4/0x5d0 [ 109.563973][ T5181] ? verify_lock_unused+0x140/0x140 [ 109.569185][ T5181] ? bpf_lsm_file_ioctl+0x5/0x10 [ 109.574101][ T5181] ? security_file_ioctl+0x7c/0xa0 [ 109.579191][ T5181] ? kvm_device_release+0x1f0/0x1f0 [ 109.584369][ T5181] __se_sys_ioctl+0xfa/0x170 [ 109.588939][ T5181] do_syscall_64+0x4c/0xa0 [ 109.593331][ T5181] ? clear_bhb_loop+0x30/0x80 [ 109.597983][ T5181] ? clear_bhb_loop+0x30/0x80 [ 109.602636][ T5181] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 109.608506][ T5181] RIP: 0033:0x7f19c8222929 [ 109.612900][ T5181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.632483][ T5181] RSP: 002b:00007f19c608a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 109.640877][ T5181] RAX: ffffffffffffffda RBX: 00007f19c8449fa0 RCX: 00007f19c8222929 [ 109.648829][ T5181] RDX: 0000200000000d00 RSI: 000000004020ae46 RDI: 0000000000000004 [ 109.656779][ T5181] RBP: 00007f19c82a4b39 R08: 0000000000000000 R09: 0000000000000000 [ 109.664730][ T5181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.672679][ T5181] R13: 0000000000000000 R14: 00007f19c8449fa0 R15: 00007ffd6f6f9828 [ 109.680641][ T5181] [ 109.738295][ T5181] Mem-Info: [ 109.758094][ T5181] active_anon:276 inactive_anon:8717 isolated_anon:0 [ 109.758094][ T5181] active_file:7610 inactive_file:40671 isolated_file:0 [ 109.758094][ T5181] unevictable:768 dirty:3035 writeback:0 [ 109.758094][ T5181] slab_reclaimable:20185 slab_unreclaimable:96369 [ 109.758094][ T5181] mapped:32972 shmem:4500 pagetables:716 bounce:0 [ 109.758094][ T5181] kernel_misc_reclaimable:0 [ 109.758094][ T5181] free:1367291 free_pcp:12153 free_cma:0 [ 110.090210][ T1324] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 110.240247][ T5181] Node 0 active_anon:1072kB inactive_anon:33584kB active_file:30244kB inactive_file:162684kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:133324kB dirty:9468kB writeback:244kB shmem:17432kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:11352kB pagetables:2792kB all_unreclaimable? no [ 110.280423][ T21] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 110.305246][ T21] em28xx 5-1:0.132: board has no eeprom [ 110.322206][ T5181] Node 1 active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no [ 110.357043][ T1324] usb 1-1: Using ep0 maxpacket: 32 [ 110.450260][ T21] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 110.465347][ T21] em28xx 5-1:0.132: analog set to bulk mode. [ 110.496079][ T1324] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 110.523139][ T21] usb 5-1: USB disconnect, device number 6 [ 110.617236][ T5181] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 110.645178][ T5181] lowmem_reserve[]: 0 2541 2542 2542 2542 [ 110.664750][ T5181] Node 0 DMA32 free:1557580kB min:34800kB low:43500kB high:52200kB reserved_highatomic:0KB active_anon:1072kB inactive_anon:45012kB active_file:18844kB inactive_file:162584kB unevictable:1536kB writepending:248kB present:3129332kB managed:2608992kB mlocked:0kB bounce:0kB free_pcp:23144kB local_pcp:17320kB free_cma:0kB [ 110.750502][ T1324] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 110.770968][ T21] em28xx 5-1:0.132: Disconnecting em28xx [ 110.776580][ T1324] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 110.778237][ T1107] em28xx 5-1:0.132: Registering V4L2 extension [ 110.810419][ T1324] usb 1-1: Product: syz [ 110.830264][ T5181] lowmem_reserve[]: 0 0 0 0 0 [ 110.835015][ T5181] Node 0 Normal free:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:916kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 111.460064][ T1324] usb 1-1: Manufacturer: syz [ 111.469566][ T1324] usb 1-1: SerialNumber: syz [ 111.540092][ T1324] usb 1-1: config 0 descriptor?? [ 111.560408][ T5185] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 111.590305][ T5181] lowmem_reserve[]: 0 0 0 0 0 [ 111.595551][ T5181] Node 1 Normal free:3912064kB min:55088kB low:68860kB high:82632kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:10216kB local_pcp:4832kB free_cma:0kB [ 111.601606][ T1324] hub 1-1:0.0: bad descriptor, ignoring hub [ 111.624692][ T5181] lowmem_reserve[]: 0 0 0 0 0 [ 111.637351][ T5181] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 111.650217][ T5181] Node 0 DMA32: 130*4kB (UE) 177*8kB (UM) 49*16kB (UME) 142*32kB (UE) 28*64kB (UME) 15*128kB (UE) 11*256kB (UM) 5*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 373*4096kB (M) = 1548256kB [ 111.668285][ T5181] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 111.679875][ T5181] Node 1 Normal: 127*4kB (UE) 38*8kB (UME) 27*16kB (UME) 129*32kB (UME) 46*64kB (UE) 22*128kB (UME) 9*256kB (UM) 3*512kB (U) 2*1024kB (UE) 2*2048kB (UE) 950*4096kB (M) = 3912316kB [ 111.704589][ T5181] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 111.735364][ T5181] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 111.765789][ T5181] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 111.805649][ T1324] hub: probe of 1-1:0.0 failed with error -5 [ 111.858583][ T5181] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 111.907369][ T1107] em28xx 5-1:0.132: Config register raw data: 0xffffffed [ 111.922059][ T1324] usb 1-1: USB disconnect, device number 4 [ 111.934288][ T1107] em28xx 5-1:0.132: AC97 chip type couldn't be determined [ 112.050093][ T1107] em28xx 5-1:0.132: No AC97 audio processor [ 112.057639][ T5181] 49872 total pagecache pages [ 112.113071][ T5181] 0 pages in swap cache [ 112.117232][ T5181] Swap cache stats: add 3074, delete 3074, find 63/65 [ 112.143341][ T1107] usb 5-1: Decoder not found [ 112.147959][ T1107] em28xx 5-1:0.132: failed to create media graph [ 112.154688][ T5181] Free swap = 124560kB [ 112.173592][ T5181] Total swap = 124996kB [ 112.188108][ T5181] 2097051 pages RAM [ 112.197742][ T5181] 0 pages HighMem/MovableOnly [ 112.213280][ T5181] 410816 pages reserved [ 112.234523][ T5181] 0 pages cma reserved [ 112.241221][ T1107] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 112.331642][ T5208] ================================================================== [ 112.339853][ T5208] BUG: KASAN: use-after-free in v4l2_fh_open+0xc6/0x430 [ 112.346775][ T5208] Read of size 8 at addr ffff88805b9e8900 by task v4l_id/5208 [ 112.354206][ T5208] [ 112.356506][ T5208] CPU: 0 PID: 5208 Comm: v4l_id Not tainted 5.15.188-syzkaller #0 [ 112.364278][ T5208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.374311][ T5208] Call Trace: [ 112.377566][ T5208] [ 112.380477][ T5208] dump_stack_lvl+0x168/0x230 [ 112.385141][ T5208] ? show_regs_print_info+0x20/0x20 [ 112.390310][ T5208] ? _printk+0xcc/0x110 [ 112.394441][ T5208] ? v4l2_fh_open+0xc6/0x430 [ 112.399009][ T5208] ? load_image+0x3b0/0x3b0 [ 112.403489][ T5208] print_address_description+0x60/0x2d0 [ 112.409009][ T5208] ? v4l2_fh_open+0xc6/0x430 [ 112.413571][ T5208] kasan_report+0xdf/0x130 [ 112.417964][ T5208] ? v4l2_fh_open+0xc6/0x430 [ 112.422527][ T5208] v4l2_fh_open+0xc6/0x430 [ 112.426919][ T5208] em28xx_v4l2_open+0x152/0x990 [ 112.431743][ T5208] ? __lock_acquire+0x7c60/0x7c60 [ 112.436747][ T5208] v4l2_open+0x20b/0x360 [ 112.440963][ T5208] chrdev_open+0x597/0x670 [ 112.445354][ T5208] ? cd_forget+0x160/0x160 [ 112.449744][ T5208] ? tomoyo_file_open+0xe9/0x170 [ 112.454656][ T5208] ? fsnotify_perm+0x3a7/0x560 [ 112.459397][ T5208] ? cd_forget+0x160/0x160 [ 112.463788][ T5208] do_dentry_open+0x7ff/0xf80 [ 112.468444][ T5208] path_openat+0x2682/0x2f30 [ 112.473015][ T5208] ? __kasan_slab_alloc+0xb3/0xd0 [ 112.478014][ T5208] ? __kasan_slab_alloc+0x9c/0xd0 [ 112.483013][ T5208] ? slab_post_alloc_hook+0x4c/0x380 [ 112.488273][ T5208] ? verify_lock_unused+0x140/0x140 [ 112.493453][ T5208] ? __x64_sys_openat+0x135/0x160 [ 112.498455][ T5208] ? do_filp_open+0x3e0/0x3e0 [ 112.503116][ T5208] do_filp_open+0x1b3/0x3e0 [ 112.507595][ T5208] ? vfs_tmpfile+0x300/0x300 [ 112.512165][ T5208] ? _raw_spin_unlock+0x24/0x40 [ 112.516990][ T5208] ? alloc_fd+0x598/0x630 [ 112.521299][ T5208] do_sys_openat2+0x142/0x4a0 [ 112.525950][ T5208] ? __lock_acquire+0x7c60/0x7c60 [ 112.530955][ T5208] ? do_sys_open+0xe0/0xe0 [ 112.535367][ T5208] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 112.541330][ T5208] ? lock_chain_count+0x20/0x20 [ 112.546158][ T5208] ? vtime_user_exit+0x2dc/0x400 [ 112.551071][ T5208] __x64_sys_openat+0x135/0x160 [ 112.555901][ T5208] do_syscall_64+0x4c/0xa0 [ 112.560292][ T5208] ? clear_bhb_loop+0x30/0x80 [ 112.564941][ T5208] ? clear_bhb_loop+0x30/0x80 [ 112.569594][ T5208] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 112.575460][ T5208] RIP: 0033:0x7f24680d9407 [ 112.579848][ T5208] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 112.599426][ T5208] RSP: 002b:00007ffebb877730 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 112.607814][ T5208] RAX: ffffffffffffffda RBX: 00007f2467feb880 RCX: 00007f24680d9407 [ 112.615762][ T5208] RDX: 0000000000000000 RSI: 00007ffebb877f1b RDI: ffffffffffffff9c [ 112.623708][ T5208] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 112.631656][ T5208] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 112.639608][ T5208] R13: 00007ffebb877980 R14: 00007f2468867000 R15: 000055989d2544d8 [ 112.647564][ T5208] [ 112.650561][ T5208] [ 112.652859][ T5208] The buggy address belongs to the page: [ 112.658466][ T5208] page:ffffea00016e7a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b9e8 [ 112.668587][ T5208] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 112.675678][ T5208] raw: 00fff00000000000 ffff8880b91409b0 ffff8880b91409b0 0000000000000000 [ 112.684235][ T5208] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 112.692786][ T5208] page dumped because: kasan: bad access detected [ 112.699179][ T5208] page_owner tracks the page as freed [ 112.704521][ T5208] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x140dc0(GFP_USER|__GFP_COMP|__GFP_ZERO), pid 1107, ts 110810386214, free_ts 112330029112 [ 112.720206][ T5208] get_page_from_freelist+0x1b77/0x1c60 [ 112.725743][ T5208] __alloc_pages+0x1e1/0x470 [ 112.730321][ T5208] kmalloc_order+0x40/0x150 [ 112.734799][ T5208] kmalloc_order_trace+0x14/0xf0 [ 112.739708][ T5208] em28xx_v4l2_init+0xe2/0x2e50 [ 112.744535][ T5208] em28xx_init_extension+0x118/0x1b0 [ 112.749790][ T5208] process_one_work+0x863/0x1000 [ 112.754702][ T5208] worker_thread+0xd76/0x12a0 [ 112.759353][ T5208] kthread+0x436/0x520 [ 112.763392][ T5208] ret_from_fork+0x1f/0x30 [ 112.767781][ T5208] page last free stack trace: [ 112.772422][ T5208] free_unref_page_prepare+0x637/0x6c0 [ 112.777854][ T5208] free_unref_page+0x94/0x280 [ 112.782516][ T5208] free_nonslab_page+0xe2/0x150 [ 112.787364][ T5208] em28xx_v4l2_init+0x1649/0x2e50 [ 112.792370][ T5208] em28xx_init_extension+0x118/0x1b0 [ 112.797631][ T5208] process_one_work+0x863/0x1000 [ 112.802544][ T5208] worker_thread+0xd76/0x12a0 [ 112.807197][ T5208] kthread+0x436/0x520 [ 112.811239][ T5208] ret_from_fork+0x1f/0x30 [ 112.815673][ T5208] [ 112.817971][ T5208] Memory state around the buggy address: [ 112.823571][ T5208] ffff88805b9e8800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 112.831604][ T5208] ffff88805b9e8880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 112.839636][ T5208] >ffff88805b9e8900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 112.847666][ T5208] ^ [ 112.851703][ T5208] ffff88805b9e8980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 112.859734][ T5208] ffff88805b9e8a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 112.867763][ T5208] ================================================================== [ 112.875793][ T5208] Disabling lock debugging due to kernel taint [ 112.889424][ T1107] em28xx 5-1:0.132: Remote control support is not available for this card. [ 112.940179][ T21] em28xx 5-1:0.132: Closing input extension [ 112.950444][ T1324] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 113.240203][ T4184] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 113.325486][ T5208] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 113.332785][ T5208] CPU: 1 PID: 5208 Comm: v4l_id Tainted: G B 5.15.188-syzkaller #0 [ 113.341959][ T5208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.351992][ T5208] Call Trace: [ 113.355249][ T5208] [ 113.358156][ T5208] dump_stack_lvl+0x168/0x230 [ 113.362817][ T5208] ? show_regs_print_info+0x20/0x20 [ 113.367987][ T5208] ? load_image+0x3b0/0x3b0 [ 113.372469][ T5208] panic+0x2c9/0x7f0 [ 113.376347][ T5208] ? bpf_jit_dump+0xd0/0xd0 [ 113.380827][ T5208] ? _raw_spin_unlock_irqrestore+0xf6/0x100 [ 113.386695][ T5208] ? _raw_spin_unlock+0x40/0x40 [ 113.391512][ T5208] ? print_memory_metadata+0x314/0x400 [ 113.396941][ T5208] ? v4l2_fh_open+0xc6/0x430 [ 113.401501][ T5208] check_panic_on_warn+0x80/0xa0 [ 113.406409][ T5208] ? v4l2_fh_open+0xc6/0x430 [ 113.410967][ T5208] end_report+0x6d/0xf0 [ 113.415093][ T5208] kasan_report+0x102/0x130 [ 113.419566][ T5208] ? v4l2_fh_open+0xc6/0x430 [ 113.424128][ T5208] v4l2_fh_open+0xc6/0x430 [ 113.428522][ T5208] em28xx_v4l2_open+0x152/0x990 [ 113.433343][ T5208] ? __lock_acquire+0x7c60/0x7c60 [ 113.438341][ T5208] v4l2_open+0x20b/0x360 [ 113.442554][ T5208] chrdev_open+0x597/0x670 [ 113.447068][ T5208] ? cd_forget+0x160/0x160 [ 113.451465][ T5208] ? tomoyo_file_open+0xe9/0x170 [ 113.456378][ T5208] ? fsnotify_perm+0x3a7/0x560 [ 113.461118][ T5208] ? cd_forget+0x160/0x160 [ 113.465507][ T5208] do_dentry_open+0x7ff/0xf80 [ 113.470160][ T5208] path_openat+0x2682/0x2f30 [ 113.474743][ T5208] ? __kasan_slab_alloc+0xb3/0xd0 [ 113.479741][ T5208] ? __kasan_slab_alloc+0x9c/0xd0 [ 113.484733][ T5208] ? slab_post_alloc_hook+0x4c/0x380 [ 113.489987][ T5208] ? verify_lock_unused+0x140/0x140 [ 113.495154][ T5208] ? __x64_sys_openat+0x135/0x160 [ 113.500152][ T5208] ? do_filp_open+0x3e0/0x3e0 [ 113.504804][ T5208] do_filp_open+0x1b3/0x3e0 [ 113.509276][ T5208] ? vfs_tmpfile+0x300/0x300 [ 113.513839][ T5208] ? _raw_spin_unlock+0x24/0x40 [ 113.518659][ T5208] ? alloc_fd+0x598/0x630 [ 113.522961][ T5208] do_sys_openat2+0x142/0x4a0 [ 113.527745][ T5208] ? __lock_acquire+0x7c60/0x7c60 [ 113.532761][ T5208] ? do_sys_open+0xe0/0xe0 [ 113.537160][ T5208] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 113.543115][ T5208] ? lock_chain_count+0x20/0x20 [ 113.547938][ T5208] ? vtime_user_exit+0x2dc/0x400 [ 113.552845][ T5208] __x64_sys_openat+0x135/0x160 [ 113.557668][ T5208] do_syscall_64+0x4c/0xa0 [ 113.562056][ T5208] ? clear_bhb_loop+0x30/0x80 [ 113.566700][ T5208] ? clear_bhb_loop+0x30/0x80 [ 113.571344][ T5208] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 113.577211][ T5208] RIP: 0033:0x7f24680d9407 [ 113.581600][ T5208] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 113.601173][ T5208] RSP: 002b:00007ffebb877730 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 113.609561][ T5208] RAX: ffffffffffffffda RBX: 00007f2467feb880 RCX: 00007f24680d9407 [ 113.617504][ T5208] RDX: 0000000000000000 RSI: 00007ffebb877f1b RDI: ffffffffffffff9c [ 113.625445][ T5208] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 113.633384][ T5208] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 113.641324][ T5208] R13: 00007ffebb877980 R14: 00007f2468867000 R15: 000055989d2544d8 [ 113.649269][ T5208] [ 113.652463][ T5208] Kernel Offset: disabled [ 113.656778][ T5208] Rebooting in 86400 seconds..