last executing test programs: 13m39.973784896s ago: executing program 2 (id=46): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000040)={0x274e, 0x1, 0x7, 0xf, 0x3, "0982aa2494a49e680d061bb20776a4e7af8bc6", 0x1, 0x6}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpeername$l2tp(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @loopback}, &(0x7f0000000340)=0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x18}, 0x48) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000280), 0xffff, r4}, 0x38) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000800000095"], &(0x7f00000003c0)='GPL\x00', 0x1, 0x0, 0x0, 0x100}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='contention_end\x00', r6}, 0x18) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0xa800, 0x0) ioctl$RTC_WKALM_RD(r7, 0x80287010, 0x0) 13m37.791617821s ago: executing program 2 (id=52): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, 0x0, 0x0) sendmsg$netlink(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) 13m37.534766491s ago: executing program 2 (id=53): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, 0x0, 0x4c050) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) fsopen(&(0x7f0000000040)='cifs\x00', 0x1) 13m34.093395216s ago: executing program 2 (id=60): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x40, 0xfffffffc, {0xa, 0x3f, 0x0, 0x0, r0}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_ADDRESS={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x3f}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) 13m32.146630205s ago: executing program 2 (id=62): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0186405, 0x0) quotactl_fd$Q_QUOTAON(0xffffffffffffffff, 0xffffffff80000200, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) 13m27.221375219s ago: executing program 2 (id=74): bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000000000008500000018000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x14, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x5c, 0x2c, 0xd27, 0x30bd29, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0xc}, {}, {0xb, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x4, 0x81, 0x1}, {0x2, 0xa5, 0x2}}}]}}]}]}]}}]}, 0x5c}}, 0x0) socket$inet(0x2, 0x2, 0x6a113fc2) r5 = socket$inet(0x2, 0x2, 0x1) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$PNPIPE_INITSTATE(r8, 0x113, 0x4, &(0x7f0000000340), &(0x7f0000000380)=0x4) sendmsg$IPSET_CMD_LIST(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) r9 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r10 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) unshare(0x26000400) r11 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r11, r12, 0x26, 0x0, @void}, 0x10) syz_usb_control_io$printer(r10, 0x0, &(0x7f0000000c80)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r10, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 13m11.794819537s ago: executing program 32 (id=74): bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000000000008500000018000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x14, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x5c, 0x2c, 0xd27, 0x30bd29, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0xc}, {}, {0xb, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x4, 0x81, 0x1}, {0x2, 0xa5, 0x2}}}]}}]}]}]}}]}, 0x5c}}, 0x0) socket$inet(0x2, 0x2, 0x6a113fc2) r5 = socket$inet(0x2, 0x2, 0x1) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$PNPIPE_INITSTATE(r8, 0x113, 0x4, &(0x7f0000000340), &(0x7f0000000380)=0x4) sendmsg$IPSET_CMD_LIST(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) r9 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r10 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) unshare(0x26000400) r11 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r11, r12, 0x26, 0x0, @void}, 0x10) syz_usb_control_io$printer(r10, 0x0, &(0x7f0000000c80)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r10, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 12m59.11607417s ago: executing program 4 (id=119): fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000900)=ANY=[], 0x0, 0x26, 0x0, 0x0, 0x2000000}, 0x28) 12m57.664239936s ago: executing program 4 (id=121): rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) creat(&(0x7f0000001080)='./file0\x00', 0x105) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xa}, {&(0x7f0000000080)='{', 0x1}], 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0x9) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000004400000000b0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d10300002c0000000e0a010200000000000000000a0000000900010073797a31000000000900020073797a31"], 0xd8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x10}}, 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x8000000) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303000022657a6e8b48b9000000000800010001"], 0x1c}, 0x1, 0x0, 0x0, 0x4044084}, 0x0) splice(r0, 0x0, r2, 0x0, 0x10d00, 0xf) mknodat$loop(0xffffffffffffff9c, 0x0, 0x1000, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x2141, 0x0, 0x4}, 0x1c) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) 12m57.363830794s ago: executing program 4 (id=123): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x202) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r3 = inotify_init1(0x0) lsetxattr$security_capability(0x0, 0x0, &(0x7f0000000c80)=@v2={0x2000000, [{0x67, 0x3}, {0x7, 0x6}]}, 0x14, 0x1) r4 = inotify_add_watch(r3, 0x0, 0x10000a0) fcntl$getownex(r0, 0x10, &(0x7f0000000d80)={0x0, 0x0}) r6 = getuid() sendmsg$unix(r1, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000b40), 0x0, &(0x7f0000000dc0)=[@rights={{0x10, 0x1, 0x1, [r2]}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18, 0x1, 0x2, {r5, r6, 0xee01}}}], 0x50, 0x20000040}, 0x4000880) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) inotify_rm_watch(r3, r4) r7 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r8 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xfffffffd, 0xb6, 0x0, r7}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r7) execve(0x0, 0x0, &(0x7f0000000780)) r11 = shmget$private(0x0, 0x3000, 0x800, &(0x7f0000f9a000/0x3000)=nil) shmctl$IPC_RMID(r11, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r8, 0x47f6, 0x0, 0x4, 0x0, 0x0) 12m50.088667965s ago: executing program 4 (id=132): rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) creat(&(0x7f0000001080)='./file0\x00', 0x105) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xa}, {&(0x7f0000000080)='{', 0x1}], 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0x9) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a000007080002"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000004400000000b0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d10300002c0000000e0a010200000000000000000a0000000900010073797a31000000000900020073797a31"], 0xd8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x10}}, 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x8000000) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303000022657a6e8b48b9000000000800010001"], 0x1c}, 0x1, 0x0, 0x0, 0x4044084}, 0x0) splice(r0, 0x0, r2, 0x0, 0x10d00, 0xf) mknodat$loop(0xffffffffffffff9c, 0x0, 0x1000, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x2141, 0x0, 0x4}, 0x1c) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) 12m49.555460572s ago: executing program 4 (id=133): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x20) mkdir(&(0x7f0000000000)='./bus\x00', 0x1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000)) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0) 12m49.077149702s ago: executing program 4 (id=134): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400244}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0xc}) io_uring_enter(r3, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0) io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0) 12m33.751702677s ago: executing program 33 (id=134): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400244}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0xc}) io_uring_enter(r3, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0) io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0) 2m53.559092511s ago: executing program 1 (id=922): ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) syz_usbip_server_init(0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) syz_clone(0xb60e5500, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff00001fbfa300000000000007030000f0ffffff6a0af0fff8ffffff61a4f0ff0000000066040200000000001d400200000000004704000001ed00006203000000ffffffcf440000000000007a0a00ff00ffffffc30300fff1000000b4000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebaa0f040000c72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204ab3949006c3172171652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d156ae8383117c039862198899b212c55318294270a1ad10c80fef7c247afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15f279b513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aa0000000000000000832371fe5bc621426d1ed0a4a99702cc1b692c3f0b15629eaf4c12a1e717d29135753208165b9cdbae2ed9dc7358f0e3adde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594807031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac42738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca9be8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998802008f0232b39578052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91ed92cac7c2ccd17d338bbda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922928e000000ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abb8a9982ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139566fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe6290421338ef8f6d27117cd1471bf3c0b64416fbbe955da0281e7ef7f7d5176150e86cda98d07f7de2088cb2ffd1d4c71097635c2bb3d9a0b01e757256ee427f0a244d48682bf89e2279b383b616b40f116172bc1b995eb2c1220597af8df52646f1f0cb65cfa7e038e8bb5d4d52b86a61d82dc14a4f5cc7e6061c65ccdbc2afc3f363ecf34ad0b227687c3ea8d63683ddd5914116edd9e075da9e3638647188bc8f95107c9250995eb6cadcd0f65b8504ff10304f2ceba275f9d485ed5554d64005db877f0fbb3beba59666ff66f132d5077835823592d6d392f5ff62f6f876eb10d8cbf0a73f8421b74c8916e4077b8866c95ad88bc7130244183ed216210f10f69b3e0ee13d06e4eb240cce5ec1c3b1defe4c0f8b83a34ef4f5f8f9ceefb678ad29d3683e3c44a01549e55ffca41c0b06e013f054257646c58b667ec0701004c239589b3e64ef5e1d5ed22b5fd5a90fe3453327c3652d5c9762428f0bd0178d1b80a60f64343ab77d8baa0a388711c8d2d6d3e9049814b15b6ea21387040989d69c3aa27256c55780f33d20823d8e2eb6e56850162969bf4c6c9632a55cf5be00"/2941], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) setreuid(0xee00, 0xee00) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24}, 0x94) r3 = syz_io_uring_setup(0x38, &(0x7f00000000c0)={0x0, 0xbbda, 0x13500}, &(0x7f0000000240), &(0x7f0000000480)) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r3, 0x21, &(0x7f0000000440), 0x1) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 2m51.060022931s ago: executing program 1 (id=924): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f00000001c0)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x2004000, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mkdir(0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x458002, 0x55) r4 = open(0x0, 0x8000, 0x112) getdents(r4, 0x0, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x34, 0x0, 0x701, 0x70bd2c, 0x0, {0x45}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000021}, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) 2m49.366469407s ago: executing program 1 (id=925): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)=0x80000003) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0xffe, 0x3, 0x1000, 0x3a, 0x0, 0x0, 0x7}, 0x75) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) r2 = dup2(r1, r1) read$FUSE(r2, &(0x7f00000063c0)={0x2020}, 0x2020) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) openat$tun(0xffffff9c, &(0x7f0000000380), 0x800, 0x0) socket(0x10, 0x3, 0x0) 2m39.554522202s ago: executing program 1 (id=932): ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) syz_usbip_server_init(0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) syz_clone(0xb60e5500, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff00001fbfa300000000000007030000f0ffffff6a0af0fff8ffffff61a4f0ff0000000066040200000000001d400200000000004704000001ed00006203000000ffffffcf440000000000007a0a00ff00ffffffc30300fff1000000b4000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebaa0f040000c72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204ab3949006c3172171652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d156ae8383117c039862198899b212c55318294270a1ad10c80fef7c247afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15f279b513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aa0000000000000000832371fe5bc621426d1ed0a4a99702cc1b692c3f0b15629eaf4c12a1e717d29135753208165b9cdbae2ed9dc7358f0e3adde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594807031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac42738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca9be8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998802008f0232b39578052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91ed92cac7c2ccd17d338bbda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922928e000000ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abb8a9982ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139566fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe6290421338ef8f6d27117cd1471bf3c0b64416fbbe955da0281e7ef7f7d5176150e86cda98d07f7de2088cb2ffd1d4c71097635c2bb3d9a0b01e757256ee427f0a244d48682bf89e2279b383b616b40f116172bc1b995eb2c1220597af8df52646f1f0cb65cfa7e038e8bb5d4d52b86a61d82dc14a4f5cc7e6061c65ccdbc2afc3f363ecf34ad0b227687c3ea8d63683ddd5914116edd9e075da9e3638647188bc8f95107c9250995eb6cadcd0f65b8504ff10304f2ceba275f9d485ed5554d64005db877f0fbb3beba59666ff66f132d5077835823592d6d392f5ff62f6f876eb10d8cbf0a73f8421b74c8916e4077b8866c95ad88bc7130244183ed216210f10f69b3e0ee13d06e4eb240cce5ec1c3b1defe4c0f8b83a34ef4f5f8f9ceefb678ad29d3683e3c44a01549e55ffca41c0b06e013f054257646c58b667ec0701004c239589b3e64ef5e1d5ed22b5fd5a90fe3453327c3652d5c9762428f0bd0178d1b80a60f64343ab77d8baa0a388711c8d2d6d3e9049814b15b6ea21387040989d69c3aa27256c55780f33d20823d8e2eb6e56850162969bf4c6c9632a55cf5be00"/2941], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) setreuid(0xee00, 0xee00) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24}, 0x94) r3 = syz_io_uring_setup(0x38, &(0x7f00000000c0)={0x0, 0xbbda, 0x13500}, &(0x7f0000000240), &(0x7f0000000480)) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r3, 0x21, &(0x7f0000000440), 0x1) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 2m37.374248131s ago: executing program 1 (id=935): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="a075d117632367da1fbb5d2f82eb3d70c1e6ee948fce25d505f6277ae1600de90a6df5aa606168ff29399ad39768c4e5696eeb2dc73d31a6cf7ffc2eab0946ed9d59535da765", @ANYBLOB="eaa2ced7a73c6cc93feab0d5e4c7f0a0718570e30518d12cfd095a1844fe7be98d8b199c354b79ce1d75d942eee5dd6ef2f664c5c74b8243976cc9018af3bb24ace9cd7c1c60de797f3f85450a25221c052d", @ANYBLOB], 0x48) close(0x3) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000040), 0x5, r4}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000), &(0x7f0000000280)) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000c08d) 2m33.852879735s ago: executing program 1 (id=941): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000600)={0x0, 0xb}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x8000000000001de, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000ffff00000000000000040000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d18c55932c62572030000008500000006000000554a0800"], &(0x7f0000000480)='syzkaller\x00', 0x6, 0x6e, &(0x7f0000000580)=""/110, 0x41000, 0x9, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000000a40)={0x4, 0x2, 0xffffff80, 0x6}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000c80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff], &(0x7f0000000cc0)=[{0x3, 0x1, 0xc, 0x8}, {0x3, 0x1, 0x2, 0xb}, {0x5, 0x4, 0x1, 0x1}], 0x10, 0x1}, 0x94) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000380)='hpfs\x00', 0x2208004, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x42060200) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000300)={0x0, 0x457}, &(0x7f0000000340)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000500)=ANY=[@ANYRES32=0x0], 0xe) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 2m18.395816827s ago: executing program 34 (id=941): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000600)={0x0, 0xb}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x8000000000001de, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000ffff00000000000000040000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d18c55932c62572030000008500000006000000554a0800"], &(0x7f0000000480)='syzkaller\x00', 0x6, 0x6e, &(0x7f0000000580)=""/110, 0x41000, 0x9, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000000a40)={0x4, 0x2, 0xffffff80, 0x6}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000c80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff], &(0x7f0000000cc0)=[{0x3, 0x1, 0xc, 0x8}, {0x3, 0x1, 0x2, 0xb}, {0x5, 0x4, 0x1, 0x1}], 0x10, 0x1}, 0x94) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000380)='hpfs\x00', 0x2208004, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x42060200) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000300)={0x0, 0x457}, &(0x7f0000000340)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000500)=ANY=[@ANYRES32=0x0], 0xe) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 50.016766603s ago: executing program 3 (id=1072): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket(0x1e, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000f00000008000300", @ANYRES32=r3], 0x2c}}, 0x0) 49.911661503s ago: executing program 3 (id=1073): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x100, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ptrace$ARCH_SHSTK_UNLOCK(0x1e, 0x0, 0x0, 0x5004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) syz_clone3(&(0x7f000000c340)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f000000c2c0)=[0x0], 0x1}, 0x58) 49.572176065s ago: executing program 3 (id=1074): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpeername$l2tp(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @loopback}, &(0x7f0000000340)=0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000280), 0xffff, r4}, 0x38) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r6}, 0x18) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0xa800, 0x0) ioctl$RTC_WKALM_RD(r7, 0x80287010, 0x0) 46.433369025s ago: executing program 3 (id=1077): syz_emit_ethernet(0x4b, &(0x7f00000003c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff88a81400810028008847e57e03e7b44fcb38de3a9f1817d47e9dbc04461877b5a2a6f9c507af70d4aa73e1e3bee837a1daea1464f57cd3a49ca6cd90bf4df80d62"], &(0x7f0000000040)={0x1, 0x3, [0xe7a, 0x36e, 0xf23, 0xd4c]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000080}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d80)=ANY=[@ANYBLOB="38000000030101045e0000000000000002000000a40001801400018071c1c0e00000010c000280050000000000001e000000000000000000c08c6fe004db53584f0ad67bfc6b7c93a8e895039c74586656abadc2be74be7bb8c87e714a1a2ebb54a590fc52921518dda82bfe8962e362448f99f67907e79d3e152f84a2d827be96ab043e61776a8669a7c20e2fb793790add95e1e733c7a8a698710537642944310db915b748db05a398104e4afb1309a7c85835a54c7496bb63db97736b1923a001d9254d63b72546ae3a9e925e1a45f057df10ec87a26da0e77102d36f08463245b24e25edf56661766fe85414d03300136672802367baf86e1987cc98da50c54e96bae625dbebf3ba8b3baf069ad5d54a68000000d4f704de13da8c9f2c2d7bb097ec3ad7465f6531e3976e164d9b8c4bbfc8606ba9e5bc6f77c7d3b9b0eae46095385b4021ab361c3c66c3169ae2b1d1698a6857cf51950be623597603ecd3ca9da188fe2594fdbb653c220d5aff2f91e2"], 0x38}}, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) dup(r2) mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000c40)=ANY=[@ANYBLOB="8caa9ce6aaaa0180c20000000800450000b00000000000119078000000000000000000004e20009c5157907801000000000000007b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af584cbf2649ff7f0000000000008dfa871c51852e4451b57d037ac045942824251d7d17b5191584cdd4fbe40a27424dbcfd56f1173669ca"], 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x402c5828, &(0x7f0000000440)={0x0, 0x2, 0x8001, 0x3d7}) r6 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r6, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r7}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r7, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x2480, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000080)=0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@gettaction={0x6c, 0x32, 0x400, 0x200, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x3c, 0x1, [{0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4fb}}, {0x10, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}]}, 0x6c}}, 0x0) 41.97424919s ago: executing program 3 (id=1080): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket(0x1e, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000f00000008000300", @ANYRES32=r3], 0x2c}}, 0x0) 41.760266815s ago: executing program 3 (id=1081): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180)='iocharset', 0x0) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'wlan0\x00', 0x1000}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$IPVS_CMD_DEL_DAEMON(r5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000540)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) r6 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) writev(r6, &(0x7f0000001f00)=[{&(0x7f0000001ac0)="4df069d64970996b9472d4", 0xb}], 0x1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4040081, &(0x7f0000000340)={0xa, 0x4e23, 0x1, @mcast1, 0x80}, 0x1c) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800"], 0x48) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xc, 0x4, 0x4, 0x8, 0x0, r7, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x180}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r8}, 0x50) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 26.530118121s ago: executing program 35 (id=1081): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180)='iocharset', 0x0) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'wlan0\x00', 0x1000}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$IPVS_CMD_DEL_DAEMON(r5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000540)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) r6 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) writev(r6, &(0x7f0000001f00)=[{&(0x7f0000001ac0)="4df069d64970996b9472d4", 0xb}], 0x1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4040081, &(0x7f0000000340)={0xa, 0x4e23, 0x1, @mcast1, 0x80}, 0x1c) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800"], 0x48) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xc, 0x4, 0x4, 0x8, 0x0, r7, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x180}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r8}, 0x50) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 2.878839302s ago: executing program 0 (id=1119): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005880)=[{{0x0, 0x0, &(0x7f0000003bc0)=[{&(0x7f0000003940)="3afc2ecff6f266", 0x7}, {0x0}], 0x2}}], 0x1, 0x4000000) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) sendmmsg(r0, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) 2.572076521s ago: executing program 0 (id=1120): socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x13, r2, 0x2000) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\v\x00'], 0x50) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) r5 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r5, 0x29, 0x39, 0x0, 0x0) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) 1.68269252s ago: executing program 0 (id=1121): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) faccessat2(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 1.586511536s ago: executing program 0 (id=1122): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0xfffc, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc10c5541, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_AUDOUT(r1, 0x40345632, &(0x7f00000002c0)={0x0, "fbd78df8363b88d9c3a4cae9b29b529de5e20000000000001400", 0x3}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) r3 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$sock_int(r3, 0x1, 0x26, &(0x7f0000000080)=0x7, 0x4) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x1) socket(0x18, 0x0, 0x1) socket$nl_route(0x10, 0x3, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r4 = socket(0x2b, 0xa, 0x1) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0xffff, 0x2, @empty}, 0x1c) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x90, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_SRC={0x4}]}, 0x90}}, 0x0) 988.068002ms ago: executing program 0 (id=1123): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="a075d117632367da1fbb5d2f82eb3d70c1e6ee948fce25d505f6277ae1600de90a6df5aa606168ff29399ad39768c4e5696eeb2dc73d31a6cf7ffc2eab0946ed9d59535da765", @ANYBLOB="eaa2ced7a73c6cc93feab0d5e4c7f0a0718570e30518d12cfd095a1844fe7be98d8b199c354b79ce1d75d942eee5dd6ef2f664c5c74b8243976cc9018af3bb24ace9cd7c1c60de797f3f85450a25221c052d", @ANYBLOB], 0x48) close(0x3) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000040), 0x5, r3}, 0x38) r4 = socket$kcm(0x2b, 0x1, 0x0) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000), &(0x7f0000000280)) sendmsg$inet(r4, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000c08d) 0s ago: executing program 0 (id=1124): socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x48001) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="180000000000000000000095000000000010009c07b346cb5e13f8772644f4971e732de04fedad572bac3404f614c6921cc6566233111a04388a1dd9abd53082a556d3870cc36484b7afd31929aee457d4af6b6ec2d0aec2be5822d676d4d9c11f086b9ee55435fa635bf655e9a79e6ef3c3e8ad04cf1da9c1a928f766b975a31f0c49d8b56581c9304a570a7c27812e5da8d9143ea1ecc8e0f700befc1d70bf4fa9b153672e1e6924fddc5f747e8013"], &(0x7f0000000140)='syzkaller\x00'}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb0100", 0x25}, {&(0x7f0000000040)="aa1d484ea0a00000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfb", 0x26}], 0x2) r0 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="611570000000000061136c0000000000bfa000000000000014000000ee0016055e03010000000000160500000001000069163e0000000000bf07000000000000260507000fff07206706000020000000140600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0) recvmsg(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x2062) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r4, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, &(0x7f0000fcb000), 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): audit(1762353148.508:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8394 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 529.632885][ T37] audit: type=1326 audit(1762353148.508:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8394 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 529.632939][ T37] audit: type=1326 audit(1762353148.508:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8394 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 529.632989][ T37] audit: type=1326 audit(1762353148.508:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8394 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 531.205741][ T8246] bridge0: port 1(bridge_slave_0) entered blocking state [ 531.205919][ T8246] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.206174][ T8246] bridge_slave_0: entered allmulticast mode [ 531.209539][ T8246] bridge_slave_0: entered promiscuous mode [ 531.250427][ T8246] bridge0: port 2(bridge_slave_1) entered blocking state [ 531.250661][ T8246] bridge0: port 2(bridge_slave_1) entered disabled state [ 531.252373][ T8246] bridge_slave_1: entered allmulticast mode [ 531.278348][ T8246] bridge_slave_1: entered promiscuous mode [ 531.333861][ T8417] 9pnet_virtio: no channels available for device syz [ 531.368228][ T8412] netlink: 16 bytes leftover after parsing attributes in process `syz.3.589'. [ 531.428691][ T8038] kthread_run failed with err -4 [ 531.580751][ T8246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 531.590810][ T8246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 531.607227][ T5805] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 531.755337][ T5805] usb 1-1: Using ep0 maxpacket: 32 [ 531.757416][ T5805] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 531.757446][ T5805] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 531.757474][ T5805] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 56, changing to 9 [ 531.757490][ T5805] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 9275, setting to 1024 [ 531.757507][ T5805] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 531.757524][ T5805] usb 1-1: config 0 interface 0 has no altsetting 0 [ 531.760501][ T5805] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 531.760522][ T5805] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 531.760536][ T5805] usb 1-1: Product: syz [ 531.760544][ T5805] usb 1-1: Manufacturer: syz [ 531.760553][ T5805] usb 1-1: SerialNumber: syz [ 531.764750][ T5805] usb 1-1: config 0 descriptor?? [ 531.775472][ T8417] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 531.884314][ T5805] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 531.902661][ T5805] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 532.206842][ T8246] team0: Port device team_slave_0 added [ 532.363522][ T8246] team0: Port device team_slave_1 added [ 532.527662][ T8414] ldusb 1-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 532.528572][ T992] usb 1-1: USB disconnect, device number 8 [ 532.529820][ C1] ldusb 1-1:0.0: usb_submit_urb failed (-19) [ 532.556577][ T992] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 532.786538][ T8431] netlink: 20 bytes leftover after parsing attributes in process `syz.1.593'. [ 532.786569][ T8431] openvswitch: netlink: Flow key attr not present in new flow. [ 533.154262][ T8433] Invalid logical block size (8192) [ 535.178374][ T5811] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 535.207143][ T5811] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 535.230554][ T5811] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 535.250279][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 535.259849][ T5811] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 535.309962][ T5814] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 535.325829][ T5814] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 535.326251][ T5814] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 535.327427][ T5814] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 535.328245][ T5814] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 535.888607][ T8445] devpts: Bad value for 'max' [ 535.980497][ T37] kauditd_printk_skb: 13 callbacks suppressed [ 535.980548][ T37] audit: type=1326 audit(1762353154.808:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 535.980811][ T37] audit: type=1326 audit(1762353154.808:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 535.981033][ T37] audit: type=1326 audit(1762353154.818:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 535.981289][ T37] audit: type=1326 audit(1762353154.818:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 535.981547][ T37] audit: type=1326 audit(1762353154.818:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 535.981768][ T37] audit: type=1326 audit(1762353154.828:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 535.981989][ T37] audit: type=1326 audit(1762353154.828:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 535.982207][ T37] audit: type=1326 audit(1762353154.828:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 535.982424][ T37] audit: type=1326 audit(1762353154.828:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 535.982642][ T37] audit: type=1326 audit(1762353154.828:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 536.312233][ T8445] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 537.368110][ T5814] Bluetooth: hci5: command 0x1003 tx timeout [ 537.411103][ T5814] Bluetooth: hci1: command tx timeout [ 537.426608][ T5802] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 537.642410][ T8448] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 537.664886][ T8246] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 537.664904][ T8246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 537.664934][ T8246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 537.722465][ T8246] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 537.722486][ T8246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 537.722516][ T8246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 537.867571][ T8454] netlink: 76 bytes leftover after parsing attributes in process `syz.1.599'. [ 539.485429][ T5802] Bluetooth: hci1: command tx timeout [ 541.565396][ T5802] Bluetooth: hci1: command tx timeout [ 543.645306][ T5802] Bluetooth: hci1: command tx timeout [ 546.295044][ T8476] devpts: Bad value for 'max' [ 546.303749][ T37] kauditd_printk_skb: 8 callbacks suppressed [ 546.303764][ T37] audit: type=1326 audit(1762353165.188:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8474 comm="syz.1.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 546.303806][ T37] audit: type=1326 audit(1762353165.188:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8474 comm="syz.1.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 546.303834][ T37] audit: type=1326 audit(1762353165.188:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8474 comm="syz.1.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 546.303861][ T37] audit: type=1326 audit(1762353165.188:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8474 comm="syz.1.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 546.303889][ T37] audit: type=1326 audit(1762353165.188:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8474 comm="syz.1.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 546.303921][ T37] audit: type=1326 audit(1762353165.188:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8474 comm="syz.1.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 546.303949][ T37] audit: type=1326 audit(1762353165.188:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8474 comm="syz.1.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 546.303977][ T37] audit: type=1326 audit(1762353165.188:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8474 comm="syz.1.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 546.304004][ T37] audit: type=1326 audit(1762353165.188:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8474 comm="syz.1.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 546.304032][ T37] audit: type=1326 audit(1762353165.188:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8474 comm="syz.1.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 546.589406][ T8246] hsr_slave_0: entered promiscuous mode [ 546.632185][ T8246] hsr_slave_1: entered promiscuous mode [ 546.636709][ T8246] debugfs: 'hsr0' already exists in 'hsr' [ 546.636739][ T8246] Cannot create hsr debugfs directory [ 547.064056][ T8476] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 548.631323][ T8490] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 549.651184][ T8506] netlink: 76 bytes leftover after parsing attributes in process `syz.3.610'. [ 552.915172][ T8521] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 556.191487][ T8529] fuse: Bad value for 'rootmode' [ 556.312311][ T8532] devpts: Bad value for 'max' [ 556.320384][ T12] bridge_slave_1: left allmulticast mode [ 556.320418][ T12] bridge_slave_1: left promiscuous mode [ 556.320964][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 556.321605][ T37] kauditd_printk_skb: 5 callbacks suppressed [ 556.321620][ T37] audit: type=1326 audit(1762353175.208:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8531 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 556.321681][ T37] audit: type=1326 audit(1762353175.208:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8531 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 556.321732][ T37] audit: type=1326 audit(1762353175.208:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8531 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 556.321782][ T37] audit: type=1326 audit(1762353175.208:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8531 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 556.321842][ T37] audit: type=1326 audit(1762353175.208:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8531 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 556.321891][ T37] audit: type=1326 audit(1762353175.208:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8531 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 556.321942][ T37] audit: type=1326 audit(1762353175.208:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8531 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 556.321992][ T37] audit: type=1326 audit(1762353175.208:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8531 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 556.322048][ T37] audit: type=1326 audit(1762353175.208:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8531 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 556.322097][ T37] audit: type=1326 audit(1762353175.208:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8531 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 556.482925][ T8535] netlink: 'syz.1.616': attribute type 21 has an invalid length. [ 556.626387][ T12] bridge_slave_0: left allmulticast mode [ 556.626411][ T12] bridge_slave_0: left promiscuous mode [ 556.626635][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.946011][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 557.035967][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 557.098777][ T12] bond0 (unregistering): Released all slaves [ 557.140942][ T8532] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 557.467221][ T8246] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 557.552959][ T8246] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 557.591069][ T8246] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 557.797200][ T8246] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 557.850847][ T8544] netlink: 76 bytes leftover after parsing attributes in process `syz.3.619'. [ 558.192300][ T8437] chnl_net:caif_netlink_parms(): no params data found [ 559.286899][ T12] hsr_slave_0: left promiscuous mode [ 559.318125][ T12] hsr_slave_1: left promiscuous mode [ 559.321568][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 559.366430][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 559.950203][ T8584] netlink: 'syz.1.626': attribute type 21 has an invalid length. [ 560.648163][ T12] team0 (unregistering): Port device team_slave_1 removed [ 560.826722][ T12] team0 (unregistering): Port device team_slave_0 removed [ 561.287608][ T8586] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 561.287630][ T8586] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 561.287723][ T8586] vhci_hcd vhci_hcd.0: Device attached [ 561.456657][ T8587] vhci_hcd: connection closed [ 561.457055][ T1179] vhci_hcd: stop threads [ 561.457076][ T1179] vhci_hcd: release socket [ 561.457160][ T1179] vhci_hcd: disconnect device [ 561.465417][ T5917] vhci_hcd: vhci_device speed not set [ 561.888927][ T8437] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.889085][ T8437] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.889299][ T8437] bridge_slave_0: entered allmulticast mode [ 561.892964][ T8437] bridge_slave_0: entered promiscuous mode [ 561.912709][ T8437] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.912932][ T8437] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.913155][ T8437] bridge_slave_1: entered allmulticast mode [ 561.917896][ T8437] bridge_slave_1: entered promiscuous mode [ 561.992285][ T8598] netlink: 48 bytes leftover after parsing attributes in process `syz.3.629'. [ 562.481947][ T8437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 562.491274][ T8437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 562.863689][ T8437] team0: Port device team_slave_0 added [ 562.893190][ T8437] team0: Port device team_slave_1 added [ 563.304387][ T8437] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 563.304408][ T8437] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 563.304439][ T8437] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 563.333032][ T8437] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 563.333051][ T8437] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 563.333078][ T8437] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 564.176807][ T8620] devpts: Bad value for 'max' [ 564.182358][ T37] kauditd_printk_skb: 5 callbacks suppressed [ 564.182380][ T37] audit: type=1326 audit(1762353183.068:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8612 comm="syz.0.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 564.182435][ T37] audit: type=1326 audit(1762353183.068:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8612 comm="syz.0.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 564.182485][ T37] audit: type=1326 audit(1762353183.068:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8612 comm="syz.0.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 564.182535][ T37] audit: type=1326 audit(1762353183.068:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8612 comm="syz.0.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 564.182597][ T37] audit: type=1326 audit(1762353183.068:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8612 comm="syz.0.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 564.183487][ T37] audit: type=1326 audit(1762353183.068:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8612 comm="syz.0.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 564.183550][ T37] audit: type=1326 audit(1762353183.068:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8612 comm="syz.0.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 564.183645][ T37] audit: type=1326 audit(1762353183.068:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8612 comm="syz.0.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 564.184032][ T37] audit: type=1326 audit(1762353183.068:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8612 comm="syz.0.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 564.184864][ T37] audit: type=1326 audit(1762353183.068:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8612 comm="syz.0.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 564.192145][ T8437] hsr_slave_0: entered promiscuous mode [ 564.194384][ T8437] hsr_slave_1: entered promiscuous mode [ 564.476788][ T8620] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 564.891003][ T8246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 565.623421][ T8637] netlink: 'syz.1.636': attribute type 21 has an invalid length. [ 565.707116][ T8246] 8021q: adding VLAN 0 to HW filter on device team0 [ 565.798150][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 565.802975][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 565.902138][ T1162] bridge0: port 2(bridge_slave_1) entered blocking state [ 565.902313][ T1162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 567.217827][ T8658] tmpfs: Unknown parameter 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿtmpfs' [ 567.715046][ T8634] Process accounting resumed [ 568.373872][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.373959][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.594965][ T5814] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 568.617132][ T5814] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 568.618590][ T5814] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 568.621073][ T5814] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 568.622798][ T5814] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 569.177680][ T8673] netlink: 48 bytes leftover after parsing attributes in process `syz.0.643'. [ 569.349114][ T8437] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 569.475373][ T8679] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 569.475403][ T8679] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 569.475472][ T8679] vhci_hcd vhci_hcd.0: Device attached [ 569.534147][ T8681] vhci_hcd: connection closed [ 569.534704][ T68] vhci_hcd: stop threads [ 569.534726][ T68] vhci_hcd: release socket [ 569.534764][ T68] vhci_hcd: disconnect device [ 569.622148][ T8685] netlink: 'syz.1.647': attribute type 3 has an invalid length. [ 569.736264][ T8437] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 569.811363][ T8437] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 569.863292][ T8437] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 570.778825][ T5802] Bluetooth: hci2: command tx timeout [ 571.345248][ T5917] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 571.517195][ T5917] usb 4-1: Using ep0 maxpacket: 32 [ 571.520299][ T5917] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 571.520349][ T5917] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 571.520541][ T5917] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 56, changing to 9 [ 571.520574][ T5917] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 9275, setting to 1024 [ 571.520603][ T5917] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 571.520643][ T5917] usb 4-1: config 0 interface 0 has no altsetting 0 [ 571.595753][ T5917] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 571.595786][ T5917] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 571.595808][ T5917] usb 4-1: Product: syz [ 571.595823][ T5917] usb 4-1: Manufacturer: syz [ 571.595838][ T5917] usb 4-1: SerialNumber: syz [ 571.643840][ T5917] usb 4-1: config 0 descriptor?? [ 571.644876][ T8696] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 571.662978][ T5917] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 571.697350][ T5917] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 572.091040][ T8695] ldusb 4-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 572.105756][ T10] usb 4-1: USB disconnect, device number 8 [ 572.105831][ C1] ldusb 4-1:0.0: usb_submit_urb failed (-19) [ 572.164998][ T10] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 572.329597][ T8691] Process accounting resumed [ 572.805521][ T1162] bridge_slave_1: left allmulticast mode [ 572.805558][ T1162] bridge_slave_1: left promiscuous mode [ 572.805891][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.845459][ T5802] Bluetooth: hci2: command tx timeout [ 572.937447][ T1162] bridge_slave_0: left allmulticast mode [ 572.937471][ T1162] bridge_slave_0: left promiscuous mode [ 572.937651][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.997432][ T8718] tmpfs: Unknown parameter 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿtmpfs' [ 574.926188][ T5802] Bluetooth: hci2: command tx timeout [ 578.576002][ T5802] Bluetooth: hci2: command tx timeout [ 579.233931][ T8740] netlink: 20 bytes leftover after parsing attributes in process `syz.3.659'. [ 579.233961][ T8740] openvswitch: netlink: Flow key attr not present in new flow. [ 579.797743][ T8743] Invalid logical block size (8192) [ 579.805422][ T8743] syz2: rxe_newlink: already configured on ipvlan0 [ 582.336110][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 582.379981][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 582.401586][ T1162] bond0 (unregistering): Released all slaves [ 582.517419][ T8729] Process accounting resumed [ 582.829862][ T8755] netlink: 'syz.0.664': attribute type 3 has an invalid length. [ 582.923981][ T8666] chnl_net:caif_netlink_parms(): no params data found [ 584.526911][ T8746] Process accounting resumed [ 585.426609][ T1162] hsr_slave_0: left promiscuous mode [ 585.465682][ T1162] hsr_slave_1: left promiscuous mode [ 585.466825][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 585.501230][ T8773] netlink: 8 bytes leftover after parsing attributes in process `syz.1.667'. [ 585.524808][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 587.620460][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 587.810217][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 588.306239][ T8791] netlink: 'syz.0.673': attribute type 3 has an invalid length. [ 590.349729][ T8437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 592.825477][ T8808] process 'syz.1.677' launched '/dev/fd/5' with NULL argv: empty string added [ 592.921063][ T8666] bridge0: port 1(bridge_slave_0) entered blocking state [ 592.921307][ T8666] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.921556][ T8666] bridge_slave_0: entered allmulticast mode [ 592.997870][ T8666] bridge_slave_0: entered promiscuous mode [ 593.035375][ T8666] bridge0: port 2(bridge_slave_1) entered blocking state [ 593.035536][ T8666] bridge0: port 2(bridge_slave_1) entered disabled state [ 593.035788][ T8666] bridge_slave_1: entered allmulticast mode [ 593.038992][ T8666] bridge_slave_1: entered promiscuous mode [ 593.429626][ T8666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 593.435022][ T8666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 595.766548][ T8824] netlink: 'syz.3.682': attribute type 3 has an invalid length. [ 595.908653][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 595.937308][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 595.939612][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 595.970773][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 595.971831][ T5802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 596.237474][ T8666] team0: Port device team_slave_0 added [ 596.241365][ T8666] team0: Port device team_slave_1 added [ 596.483623][ T8841] netlink: 8 bytes leftover after parsing attributes in process `syz.1.685'. [ 596.511900][ T8666] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 596.511920][ T8666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 596.511951][ T8666] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 596.569938][ T8666] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 596.569959][ T8666] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 596.569990][ T8666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 597.241721][ T8666] hsr_slave_0: entered promiscuous mode [ 597.246088][ T8666] hsr_slave_1: entered promiscuous mode [ 597.247083][ T8666] debugfs: 'hsr0' already exists in 'hsr' [ 597.247109][ T8666] Cannot create hsr debugfs directory [ 598.048306][ T5814] Bluetooth: hci1: command tx timeout [ 600.125223][ T5814] Bluetooth: hci1: command tx timeout [ 600.227272][ T8865] netlink: 76 bytes leftover after parsing attributes in process `syz.3.691'. [ 600.506128][ T8867] netlink: 'syz.3.692': attribute type 3 has an invalid length. [ 601.137774][ T68] Bluetooth: hci5: Frame reassembly failed (-84) [ 607.412935][ T5811] Bluetooth: hci5: command 0x1003 tx timeout [ 607.415962][ T5802] Bluetooth: hci1: command tx timeout [ 607.417847][ T5814] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 607.909521][ T8888] netlink: 8 bytes leftover after parsing attributes in process `syz.0.699'. [ 608.027438][ T8889] tmpfs: Unknown parameter 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿtmpfs' [ 608.307725][ T8896] netlink: 8 bytes leftover after parsing attributes in process `syz.1.701'. [ 608.496912][ T8898] netlink: 'syz.0.702': attribute type 3 has an invalid length. [ 609.495979][ T8440] Bluetooth: hci1: command tx timeout [ 610.203934][ T1162] bridge_slave_1: left allmulticast mode [ 610.203955][ T1162] bridge_slave_1: left promiscuous mode [ 610.204505][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.287179][ T1162] bridge_slave_0: left allmulticast mode [ 610.287212][ T1162] bridge_slave_0: left promiscuous mode [ 610.287519][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 611.862958][ T8913] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 611.863008][ T8913] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 611.863502][ T8913] vhci_hcd vhci_hcd.0: Device attached [ 617.042505][ T8914] vhci_hcd: connection closed [ 617.046817][ T13] vhci_hcd: stop threads [ 617.046839][ T13] vhci_hcd: release socket [ 617.047976][ T13] vhci_hcd: disconnect device [ 617.086451][ T8217] vhci_hcd: vhci_device speed not set [ 619.885392][ T8440] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 621.607765][ T8956] netlink: 8 bytes leftover after parsing attributes in process `syz.0.717'. [ 621.882347][ T8958] tmpfs: Cannot disable swap on remount [ 622.707571][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 622.806301][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 622.872924][ T1162] bond0 (unregistering): Released all slaves [ 622.875287][ T992] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 623.056981][ T992] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 623.057014][ T992] usb 4-1: config 0 interface 0 has no altsetting 0 [ 623.062916][ T992] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 623.062950][ T992] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 623.062972][ T992] usb 4-1: Product: syz [ 623.062986][ T992] usb 4-1: Manufacturer: syz [ 623.063002][ T992] usb 4-1: SerialNumber: syz [ 623.127795][ T992] usb 4-1: config 0 descriptor?? [ 623.154848][ T992] usb 4-1: selecting invalid altsetting 0 [ 623.194767][ T8827] chnl_net:caif_netlink_parms(): no params data found [ 623.386625][ T8964] usb 4-1: cannot submit urb 0, error -2: endpoint not enabled [ 623.414309][ T8964] usb 4-1: cannot submit urb 0, error -2: endpoint not enabled [ 623.466212][ T5977] usb 4-1: USB disconnect, device number 9 [ 625.378942][ T8981] netlink: 72 bytes leftover after parsing attributes in process `syz.3.723'. [ 625.427902][ T1162] hsr_slave_0: left promiscuous mode [ 625.456030][ T1162] hsr_slave_1: left promiscuous mode [ 625.457099][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 625.460095][ T8987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.725'. [ 625.487980][ T8989] program syz.3.723 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 626.493088][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 627.136291][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 627.295996][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 628.185521][ T8988] C: renamed from team_slave_0 [ 628.217479][ T8988] netlink: 'syz.3.723': attribute type 2 has an invalid length. [ 628.217497][ T8988] netlink: 108 bytes leftover after parsing attributes in process `syz.3.723'. [ 628.217507][ T8988] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 629.009899][ T5814] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 629.031530][ T5814] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 629.062191][ T5814] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 629.088821][ T5814] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 629.104767][ T5814] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 629.370313][ T8827] bridge0: port 1(bridge_slave_0) entered blocking state [ 629.370486][ T8827] bridge0: port 1(bridge_slave_0) entered disabled state [ 629.370759][ T8827] bridge_slave_0: entered allmulticast mode [ 629.374077][ T8827] bridge_slave_0: entered promiscuous mode [ 629.496351][ T8827] bridge0: port 2(bridge_slave_1) entered blocking state [ 629.500652][ T8827] bridge0: port 2(bridge_slave_1) entered disabled state [ 629.500935][ T8827] bridge_slave_1: entered allmulticast mode [ 629.539761][ T8827] bridge_slave_1: entered promiscuous mode [ 629.816326][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.816414][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.230827][ T9012] netlink: 'syz.0.732': attribute type 21 has an invalid length. [ 631.161837][ T8827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 631.223791][ T8827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 631.247831][ T8440] Bluetooth: hci5: command tx timeout [ 631.775025][ T9020] netlink: 8 bytes leftover after parsing attributes in process `syz.0.734'. [ 631.910333][ T8827] team0: Port device team_slave_0 added [ 632.027487][ T8827] team0: Port device team_slave_1 added [ 633.434406][ T8440] Bluetooth: hci5: command tx timeout [ 633.615757][ T9029] netlink: 'syz.3.736': attribute type 20 has an invalid length. [ 633.756417][ T9031] netlink: 'syz.3.738': attribute type 3 has an invalid length. [ 633.935412][ T9034] loop9: detected capacity change from 0 to 7 [ 634.029033][ T9006] Dev loop9: unable to read RDB block 7 [ 634.029089][ T9006] loop9: unable to read partition table [ 634.029398][ T9006] loop9: partition table beyond EOD, truncated [ 634.060184][ T9034] Dev loop9: unable to read RDB block 7 [ 634.060235][ T9034] loop9: unable to read partition table [ 634.060546][ T9034] loop9: partition table beyond EOD, truncated [ 634.060581][ T9034] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 634.266232][ T8827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 634.266253][ T8827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 634.266282][ T8827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 634.307660][ T8827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 634.307772][ T8827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 634.307802][ T8827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 634.763121][ T8827] hsr_slave_0: entered promiscuous mode [ 634.782299][ T8827] hsr_slave_1: entered promiscuous mode [ 635.536551][ T9047] netlink: 'syz.3.741': attribute type 10 has an invalid length. [ 635.566687][ T8440] Bluetooth: hci5: command tx timeout [ 636.465887][ T9052] netlink: 'syz.0.743': attribute type 21 has an invalid length. [ 637.739676][ T8440] Bluetooth: hci5: command tx timeout [ 644.087801][ T9065] netlink: 'syz.0.747': attribute type 3 has an invalid length. [ 645.224205][ T10] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 645.867812][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 645.978918][ T10] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 645.978973][ T10] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 645.979021][ T10] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 56, changing to 9 [ 645.979050][ T10] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 9275, setting to 1024 [ 645.979078][ T10] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 645.979108][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 646.190519][ T10] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 646.192451][ T10] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 646.192482][ T10] usb 1-1: Product: syz [ 646.192499][ T10] usb 1-1: Manufacturer: syz [ 646.192514][ T10] usb 1-1: SerialNumber: syz [ 646.255257][ T10] usb 1-1: config 0 descriptor?? [ 646.268690][ T9070] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 646.351905][ T10] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 646.805427][ T10] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 649.282521][ T10] usb 1-1: USB disconnect, device number 9 [ 649.301644][ T10] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 649.539093][ T9093] netlink: 'syz.3.753': attribute type 21 has an invalid length. [ 649.674770][ T9001] chnl_net:caif_netlink_parms(): no params data found [ 650.099147][ T9099] devpts: Bad value for 'max' [ 650.107772][ T37] kauditd_printk_skb: 3 callbacks suppressed [ 650.107792][ T37] audit: type=1326 audit(1762353268.988:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 650.107840][ T37] audit: type=1326 audit(1762353268.988:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 650.107883][ T37] audit: type=1326 audit(1762353268.988:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 650.107926][ T37] audit: type=1326 audit(1762353268.988:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 650.107969][ T37] audit: type=1326 audit(1762353268.988:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 650.108012][ T37] audit: type=1326 audit(1762353268.988:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 650.108054][ T37] audit: type=1326 audit(1762353268.988:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 650.108097][ T37] audit: type=1326 audit(1762353268.988:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 650.108140][ T37] audit: type=1326 audit(1762353268.988:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 650.108182][ T37] audit: type=1326 audit(1762353268.988:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 650.579336][ T9099] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 650.845323][ T1162] bridge_slave_1: left allmulticast mode [ 650.845358][ T1162] bridge_slave_1: left promiscuous mode [ 650.845662][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.887433][ T9111] binder: 9110:9111 ioctl 4018620d 0 returned -22 [ 650.976954][ T1162] bridge_slave_0: left allmulticast mode [ 650.976988][ T1162] bridge_slave_0: left promiscuous mode [ 650.977279][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.606143][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 651.793033][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 651.869253][ T1162] bond0 (unregistering): Released all slaves [ 652.821357][ T9001] bridge0: port 1(bridge_slave_0) entered blocking state [ 652.821495][ T9001] bridge0: port 1(bridge_slave_0) entered disabled state [ 652.821722][ T9001] bridge_slave_0: entered allmulticast mode [ 652.853994][ T9001] bridge_slave_0: entered promiscuous mode [ 652.870277][ T9001] bridge0: port 2(bridge_slave_1) entered blocking state [ 652.871149][ T9001] bridge0: port 2(bridge_slave_1) entered disabled state [ 652.871423][ T9001] bridge_slave_1: entered allmulticast mode [ 652.941675][ T9001] bridge_slave_1: entered promiscuous mode [ 653.715297][ T1162] hsr_slave_0: left promiscuous mode [ 653.760332][ T1162] hsr_slave_1: left promiscuous mode [ 653.768240][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 653.844401][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 655.096059][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 655.274028][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 656.210881][ T9134] 9pnet_virtio: no channels available for device syz [ 656.433092][ T5814] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 656.457705][ T5814] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 656.459995][ T5814] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 656.474353][ T5814] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 656.480750][ T5814] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 656.584679][ T9001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 656.666706][ T9001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 658.605367][ T8440] Bluetooth: hci2: command tx timeout [ 658.649082][ T37] kauditd_printk_skb: 8 callbacks suppressed [ 658.649099][ T37] audit: type=1326 audit(1762353277.528:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9147 comm="syz.1.766" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x0 [ 658.697817][ T9001] team0: Port device team_slave_0 added [ 658.747709][ T9001] team0: Port device team_slave_1 added [ 659.387833][ T9001] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 659.387853][ T9001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 659.387883][ T9001] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 659.404694][ T9001] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 659.404711][ T9001] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 659.404737][ T9001] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 660.685292][ T8440] Bluetooth: hci2: command tx timeout [ 662.765211][ T8440] Bluetooth: hci2: command tx timeout [ 664.845245][ T8440] Bluetooth: hci2: command tx timeout [ 666.032795][ T9001] hsr_slave_0: entered promiscuous mode [ 666.048223][ T9001] hsr_slave_1: entered promiscuous mode [ 666.050946][ T9001] debugfs: 'hsr0' already exists in 'hsr' [ 666.051191][ T9001] Cannot create hsr debugfs directory [ 666.347860][ T9165] netlink: 'syz.0.771': attribute type 3 has an invalid length. [ 669.230380][ T9184] 9pnet_virtio: no channels available for device syz [ 670.047590][ T9135] chnl_net:caif_netlink_parms(): no params data found [ 671.038995][ T1162] bridge_slave_1: left allmulticast mode [ 671.039028][ T1162] bridge_slave_1: left promiscuous mode [ 671.039323][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 671.094381][ T9193] netlink: 40 bytes leftover after parsing attributes in process `syz.3.778'. [ 671.143737][ T1162] bridge_slave_0: left allmulticast mode [ 671.143770][ T1162] bridge_slave_0: left promiscuous mode [ 671.144096][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.515445][ T9197] ptrace attach of "./syz-executor exec"[5810] was attempted by ""[9197] [ 671.668874][ T9200] netlink: 'syz.0.780': attribute type 3 has an invalid length. [ 672.182368][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 672.301709][ T9204] overlayfs: missing 'lowerdir' [ 673.059629][ T9211] netlink: 36 bytes leftover after parsing attributes in process `syz.1.784'. [ 673.266066][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 673.301412][ T9215] netlink: 4 bytes leftover after parsing attributes in process `syz.1.784'. [ 673.532488][ T1162] bond0 (unregistering): Released all slaves [ 674.106272][ T9212] bridge_slave_0: left allmulticast mode [ 674.106352][ T9212] bridge_slave_0: left promiscuous mode [ 674.106880][ T9212] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.252119][ T9212] bridge_slave_1: left allmulticast mode [ 674.252143][ T9212] bridge_slave_1: left promiscuous mode [ 674.252298][ T9212] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.510821][ T9212] bond0: (slave bond_slave_0): Releasing backup interface [ 674.623251][ T9212] bond0: (slave bond_slave_1): Releasing backup interface [ 674.765568][ T9212] team0: Port device team_slave_0 removed [ 674.873704][ T9212] team0: Port device team_slave_1 removed [ 674.887438][ T9212] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 674.887509][ T9212] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 674.917332][ T9212] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 674.917355][ T9212] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 674.975456][ T9212] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 675.543477][ T9135] bridge0: port 1(bridge_slave_0) entered blocking state [ 675.543646][ T9135] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.543911][ T9135] bridge_slave_0: entered allmulticast mode [ 675.822437][ T9135] bridge_slave_0: entered promiscuous mode [ 675.839220][ T9135] bridge0: port 2(bridge_slave_1) entered blocking state [ 675.844743][ T9135] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.844985][ T9135] bridge_slave_1: entered allmulticast mode [ 675.887249][ T9135] bridge_slave_1: entered promiscuous mode [ 676.347113][ T37] audit: type=1326 audit(1762353295.238:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9241 comm="syz.3.789" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0f46c4f6c9 code=0x0 [ 679.045545][ T1162] hsr_slave_0: left promiscuous mode [ 679.105578][ T1162] hsr_slave_1: left promiscuous mode [ 679.106767][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 679.163320][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 679.521540][ T9254] overlayfs: missing 'lowerdir' [ 680.205460][ T5814] Bluetooth: hci1: command 0x1003 tx timeout [ 680.205795][ T8440] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 680.852349][ T9263] input: syz1 as /devices/virtual/input/input10 [ 681.043201][ T9263] F2FS-fs (nbd0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 681.043243][ T9263] F2FS-fs (nbd0): Can't find valid F2FS filesystem in 1th superblock [ 681.048221][ T9263] F2FS-fs (nbd0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 681.048314][ T9263] F2FS-fs (nbd0): Can't find valid F2FS filesystem in 2th superblock [ 681.144751][ T9265] 9pnet_fd: Insufficient options for proto=fd [ 681.236100][ T9259] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 682.738518][ T9271] netlink: 36 bytes leftover after parsing attributes in process `syz.0.799'. [ 682.924508][ T9273] netlink: 4 bytes leftover after parsing attributes in process `syz.0.799'. [ 682.960455][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 683.056385][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 683.576118][ T9135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 683.849992][ T9272] bridge_slave_0: left allmulticast mode [ 683.850016][ T9272] bridge_slave_0: left promiscuous mode [ 683.850180][ T9272] bridge0: port 1(bridge_slave_0) entered disabled state [ 683.947034][ T9272] bridge_slave_1: left allmulticast mode [ 683.947057][ T9272] bridge_slave_1: left promiscuous mode [ 683.947209][ T9272] bridge0: port 2(bridge_slave_1) entered disabled state [ 684.038732][ T9272] bond0: (slave bond_slave_0): Releasing backup interface [ 684.075850][ T9272] bond0: (slave bond_slave_1): Releasing backup interface [ 684.119295][ T9272] team0: Port device team_slave_0 removed [ 684.138613][ T9272] team0: Port device team_slave_1 removed [ 684.139246][ T9272] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 684.139265][ T9272] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 684.179202][ T9272] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 684.179225][ T9272] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 684.214159][ T9272] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 684.552718][ T9135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 685.298809][ T9135] team0: Port device team_slave_0 added [ 685.317660][ T9135] team0: Port device team_slave_1 added [ 685.318251][ T9001] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 685.630832][ T9287] devpts: Bad value for 'max' [ 685.707012][ T37] audit: type=1326 audit(1762353304.548:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 685.707293][ T37] audit: type=1326 audit(1762353304.548:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 685.707565][ T37] audit: type=1326 audit(1762353304.548:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 685.707803][ T37] audit: type=1326 audit(1762353304.558:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 685.708070][ T37] audit: type=1326 audit(1762353304.558:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 685.708353][ T37] audit: type=1326 audit(1762353304.558:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 685.708671][ T37] audit: type=1326 audit(1762353304.558:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 685.708933][ T37] audit: type=1326 audit(1762353304.558:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 685.709218][ T37] audit: type=1326 audit(1762353304.568:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 685.709527][ T37] audit: type=1326 audit(1762353304.568:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f99dbf6c9 code=0x7ffc0000 [ 686.254214][ T9287] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 688.141123][ T9001] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 689.017500][ T9135] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 689.017521][ T9135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 689.017552][ T9135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 689.290650][ T5814] Bluetooth: hci1: command 0x1003 tx timeout [ 689.321558][ T8440] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 689.377727][ T9135] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 689.377747][ T9135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 689.377778][ T9135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 690.907137][ T5814] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 690.931631][ T5814] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 690.935648][ T5814] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 690.936707][ T5814] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 690.937819][ T5814] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 691.230173][ T9312] netlink: 8 bytes leftover after parsing attributes in process `syz.3.808'. [ 691.261554][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.261603][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.311024][ T9135] hsr_slave_0: entered promiscuous mode [ 691.316200][ T9135] hsr_slave_1: entered promiscuous mode [ 693.005213][ T8440] Bluetooth: hci1: command tx timeout [ 693.032132][ T9320] netlink: 72 bytes leftover after parsing attributes in process `syz.1.810'. [ 693.032578][ T9320] syzkaller1: entered promiscuous mode [ 693.032597][ T9320] syzkaller1: entered allmulticast mode [ 693.034290][ T9320] C: renamed from team_slave_0 [ 693.069982][ T9320] netlink: 'syz.1.810': attribute type 2 has an invalid length. [ 693.069999][ T9320] netlink: 108 bytes leftover after parsing attributes in process `syz.1.810'. [ 693.070009][ T9320] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 695.087558][ T8440] Bluetooth: hci1: command tx timeout [ 695.502622][ T9357] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 695.503085][ T9357] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 698.585484][ T5814] Bluetooth: hci1: command tx timeout [ 699.755464][ T5890] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 699.911101][ T5890] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 699.911125][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 699.911137][ T5890] usb 2-1: Product: syz [ 699.911146][ T5890] usb 2-1: Manufacturer: syz [ 699.911155][ T5890] usb 2-1: SerialNumber: syz [ 699.946849][ T5890] usb 2-1: config 0 descriptor?? [ 700.346429][ T5890] usb 2-1: USB disconnect, device number 8 [ 700.605591][ T8440] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 700.611019][ T8440] Bluetooth: hci1: command tx timeout [ 700.688862][ T9227] udevd[9227]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 702.328132][ T9308] chnl_net:caif_netlink_parms(): no params data found [ 702.460356][ T1162] bridge_slave_1: left allmulticast mode [ 702.460391][ T1162] bridge_slave_1: left promiscuous mode [ 702.460677][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.530369][ T1162] bridge_slave_0: left allmulticast mode [ 702.530402][ T1162] bridge_slave_0: left promiscuous mode [ 702.532935][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.512315][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 703.594316][ T9420] netlink: 8 bytes leftover after parsing attributes in process `syz.3.823'. [ 703.946333][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 704.071985][ T9434] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 704.075787][ T9434] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 704.993034][ T1162] bond0 (unregistering): Released all slaves [ 705.318365][ T37] kauditd_printk_skb: 8 callbacks suppressed [ 705.318387][ T37] audit: type=1326 audit(1762353324.208:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 705.318612][ T37] audit: type=1326 audit(1762353324.208:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 705.321090][ T37] audit: type=1326 audit(1762353324.208:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 705.321420][ T37] audit: type=1326 audit(1762353324.208:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 705.322173][ T37] audit: type=1326 audit(1762353324.208:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 705.322770][ T37] audit: type=1326 audit(1762353324.208:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 705.323156][ T37] audit: type=1326 audit(1762353324.208:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 705.323711][ T37] audit: type=1326 audit(1762353324.208:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 705.324140][ T37] audit: type=1326 audit(1762353324.208:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 705.324440][ T37] audit: type=1326 audit(1762353324.208:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 706.602142][ T9442] netlink: 'syz.0.827': attribute type 3 has an invalid length. [ 706.602159][ T9442] netlink: 'syz.0.827': attribute type 1 has an invalid length. [ 706.654442][ T9442] syz.0.827 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 706.792464][ T9442] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 706.792560][ T9442] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 706.792867][ T9442] vhci_hcd vhci_hcd.0: Device attached [ 707.014575][ T1162] hsr_slave_0: left promiscuous mode [ 707.052116][ T9456] vhci_hcd: connection closed [ 707.103975][ T1153] vhci_hcd: stop threads [ 707.104863][ T1153] vhci_hcd: release socket [ 707.126988][ T992] usb 33-1: new low-speed USB device number 6 using vhci_hcd [ 707.198687][ T1153] vhci_hcd: disconnect device [ 707.514199][ T1162] hsr_slave_1: left promiscuous mode [ 707.550604][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 707.572152][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 708.705742][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 708.945867][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 709.942927][ T9442] batman_adv: batadv0: Adding interface: gretap1 [ 709.942941][ T9442] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 709.943778][ T9442] batman_adv: batadv0: Interface activated: gretap1 [ 710.804360][ T9479] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 710.804874][ T9479] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 711.560507][ T9308] bridge0: port 1(bridge_slave_0) entered blocking state [ 711.560598][ T9308] bridge0: port 1(bridge_slave_0) entered disabled state [ 711.560717][ T9308] bridge_slave_0: entered allmulticast mode [ 711.576096][ T9308] bridge_slave_0: entered promiscuous mode [ 711.596649][ T9308] bridge0: port 2(bridge_slave_1) entered blocking state [ 711.596795][ T9308] bridge0: port 2(bridge_slave_1) entered disabled state [ 711.597023][ T9308] bridge_slave_1: entered allmulticast mode [ 711.603938][ T9308] bridge_slave_1: entered promiscuous mode [ 711.609449][ T9135] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 712.291922][ T992] vhci_hcd: vhci_device speed not set [ 713.196437][ T9135] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 713.468233][ T9135] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 713.628692][ T9308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 713.639560][ T9308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 713.824506][ T9500] netlink: 'syz.3.839': attribute type 10 has an invalid length. [ 713.871366][ T9135] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 714.034735][ T9500] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 714.374464][ T9308] team0: Port device team_slave_0 added [ 714.707130][ T9308] team0: Port device team_slave_1 added [ 714.725802][ T9135] kthread_run failed with err -4 [ 716.312438][ T9308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 716.312453][ T9308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 716.312470][ T9308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 716.377408][ T9308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 716.377430][ T9308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 716.377462][ T9308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 716.888766][ T9308] hsr_slave_0: entered promiscuous mode [ 716.890374][ T9308] hsr_slave_1: entered promiscuous mode [ 716.891500][ T9308] debugfs: 'hsr0' already exists in 'hsr' [ 716.891527][ T9308] Cannot create hsr debugfs directory [ 717.120628][ T5802] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 717.200842][ T5802] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 717.221044][ T5802] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 717.223073][ T5802] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 717.224448][ T5802] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 717.500344][ T9529] overlayfs: missing 'lowerdir' [ 717.890364][ T5814] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 720.785146][ T5802] Bluetooth: hci6: command tx timeout [ 722.845811][ T5802] Bluetooth: hci6: command tx timeout [ 722.896222][ T9562] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 722.896263][ T9562] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 722.896364][ T9562] vhci_hcd vhci_hcd.0: Device attached [ 724.425190][ T5805] usb 39-1: new low-speed USB device number 6 using vhci_hcd [ 724.477289][ T9566] vhci_hcd: connection reset by peer [ 724.481790][ T1713] vhci_hcd: stop threads [ 724.481812][ T1713] vhci_hcd: release socket [ 724.482071][ T1713] vhci_hcd: disconnect device [ 724.925273][ T5802] Bluetooth: hci6: command tx timeout [ 725.833859][ T9584] overlayfs: missing 'lowerdir' [ 727.005278][ T5802] Bluetooth: hci6: command tx timeout [ 729.590122][ T5805] vhci_hcd: vhci_device speed not set [ 732.212166][ T9636] netlink: 'syz.0.864': attribute type 10 has an invalid length. [ 733.012503][ T9636] team0: Cannot enslave team device to itself [ 733.342974][ T9643] overlayfs: missing 'lowerdir' [ 735.524743][ T9667] netlink: 20 bytes leftover after parsing attributes in process `syz.1.871'. [ 735.524769][ T9667] openvswitch: netlink: Flow key attr not present in new flow. [ 736.041146][ T9670] Invalid logical block size (8192) [ 736.071882][ T9670] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 738.174348][ T9673] netlink: 64 bytes leftover after parsing attributes in process `syz.1.872'. [ 738.174557][ T9673] block nbd0: not configured, cannot reconfigure [ 739.605923][ T9669] capability: warning: `syz.0.870' uses deprecated v2 capabilities in a way that may be insecure [ 739.929326][ T9523] chnl_net:caif_netlink_parms(): no params data found [ 739.957214][ T13] bridge_slave_1: left allmulticast mode [ 739.957236][ T13] bridge_slave_1: left promiscuous mode [ 739.957411][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 740.082286][ T13] bridge_slave_0: left allmulticast mode [ 740.082314][ T13] bridge_slave_0: left promiscuous mode [ 740.082515][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 740.625754][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 740.706157][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 740.768479][ T13] bond0 (unregistering): Released all slaves [ 741.234783][ T9692] netlink: 36 bytes leftover after parsing attributes in process `syz.1.878'. [ 741.628149][ T9699] netlink: 4 bytes leftover after parsing attributes in process `syz.1.878'. [ 741.988064][ T9701] netlink: 'syz.3.879': attribute type 10 has an invalid length. [ 743.424262][ T9697] team0: Mode changed to "loadbalance" [ 744.885322][ T13] hsr_slave_0: left promiscuous mode [ 744.925261][ T13] hsr_slave_1: left promiscuous mode [ 744.934680][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 744.979808][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 746.152718][ C1] vkms_vblank_simulate: vblank timer overrun [ 746.886251][ T13] team0 (unregistering): Port device team_slave_1 removed [ 746.903337][ T9741] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 747.086905][ T13] team0 (unregistering): Port device team_slave_0 removed [ 748.250216][ T9523] bridge0: port 1(bridge_slave_0) entered blocking state [ 748.252578][ T9523] bridge0: port 1(bridge_slave_0) entered disabled state [ 748.252755][ T9523] bridge_slave_0: entered allmulticast mode [ 748.397279][ T9523] bridge_slave_0: entered promiscuous mode [ 748.472599][ T9523] bridge0: port 2(bridge_slave_1) entered blocking state [ 748.472790][ T9523] bridge0: port 2(bridge_slave_1) entered disabled state [ 748.473054][ T9523] bridge_slave_1: entered allmulticast mode [ 748.552482][ T9523] bridge_slave_1: entered promiscuous mode [ 749.460456][ T9523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 749.523772][ C1] vkms_vblank_simulate: vblank timer overrun [ 749.535717][ T9523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 749.668796][ C1] vkms_vblank_simulate: vblank timer overrun [ 749.824701][ T9523] team0: Port device team_slave_0 added [ 749.831595][ T9523] team0: Port device team_slave_1 added [ 750.060121][ T9523] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 750.060142][ T9523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 750.060170][ T9523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 750.112018][ T9523] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 750.112039][ T9523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 750.112069][ T9523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 750.290304][ C1] vkms_vblank_simulate: vblank timer overrun [ 750.408885][ C1] vkms_vblank_simulate: vblank timer overrun [ 750.618798][ C1] vkms_vblank_simulate: vblank timer overrun [ 751.025954][ T9783] 9pnet_fd: Insufficient options for proto=fd [ 751.103703][ T9523] hsr_slave_0: entered promiscuous mode [ 751.124286][ T9523] hsr_slave_1: entered promiscuous mode [ 751.338502][ T8440] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 751.345210][ T8440] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 751.347651][ T8440] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 751.367416][ T8440] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 751.368248][ T8440] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 751.651757][ T9793] Invalid logical block size (8192) [ 756.860392][ T5802] Bluetooth: hci1: command tx timeout [ 757.122909][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.123055][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 759.052839][ T5802] Bluetooth: hci1: command tx timeout [ 760.495237][ T1153] Bluetooth: hci2: Frame reassembly failed (-84) [ 761.165455][ T8440] Bluetooth: hci1: command tx timeout [ 761.448912][ T9822] overlayfs: missing 'lowerdir' [ 762.542813][ T5802] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 763.322400][ T8440] Bluetooth: hci1: command tx timeout [ 763.546171][ T9832] 9pnet_fd: Insufficient options for proto=fd [ 764.377938][ T9839] netlink: 'syz.0.911': attribute type 10 has an invalid length. [ 764.384564][ T9839] team0: Cannot enslave team device to itself [ 773.980009][ T9864] overlayfs: missing 'lowerdir' [ 774.642135][ T1246] Bluetooth: hci2: Frame reassembly failed (-84) [ 776.685344][ T5802] Bluetooth: hci2: command 0x1003 tx timeout [ 776.686139][ T8440] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 781.765314][ T9894] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 781.765344][ T9894] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 781.766800][ T9894] vhci_hcd vhci_hcd.0: Device attached [ 782.086092][ T10] usb 35-1: new low-speed USB device number 6 using vhci_hcd [ 782.773370][ T9907] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 782.830102][ T9900] vhci_hcd: connection reset by peer [ 782.830565][ T6791] vhci_hcd: stop threads [ 782.830583][ T6791] vhci_hcd: release socket [ 782.830667][ T6791] vhci_hcd: disconnect device [ 783.605702][ T9789] chnl_net:caif_netlink_parms(): no params data found [ 784.490841][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 785.498526][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 785.500024][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 785.524101][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 785.526591][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 785.865281][ T13] bridge_slave_1: left allmulticast mode [ 785.865316][ T13] bridge_slave_1: left promiscuous mode [ 785.865624][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.136797][ T13] bridge_slave_0: left allmulticast mode [ 787.136933][ T13] bridge_slave_0: left promiscuous mode [ 787.138349][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 787.725267][ T8440] Bluetooth: hci2: command tx timeout [ 787.835236][ T10] vhci_hcd: vhci_device speed not set [ 789.895213][ T8440] Bluetooth: hci2: command tx timeout [ 791.965125][ T8440] Bluetooth: hci2: command tx timeout [ 793.950745][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 794.211543][ T8440] Bluetooth: hci2: command tx timeout [ 795.178576][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 795.268424][ T13] bond0 (unregistering): Released all slaves [ 795.616708][ T9956] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 795.616736][ T9956] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 795.616843][ T9956] vhci_hcd vhci_hcd.0: Device attached [ 795.863468][ T9957] vhci_hcd: connection closed [ 795.876189][ T6791] vhci_hcd: stop threads [ 795.876212][ T6791] vhci_hcd: release socket [ 795.876247][ T6791] vhci_hcd: disconnect device [ 795.878198][ T9963] overlayfs: missing 'lowerdir' [ 797.715649][ T9975] overlayfs: failed to resolve './bus': -2 [ 800.185689][ T9988] ptrace attach of "./syz-executor exec"[5797] was attempted by ""[9988] [ 801.874634][ T13] hsr_slave_0: left promiscuous mode [ 801.905948][ T13] hsr_slave_1: left promiscuous mode [ 801.907231][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 802.076389][T10022] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 802.146450][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 803.507459][T10031] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 803.507551][T10031] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 803.508345][T10031] vhci_hcd vhci_hcd.0: Device attached [ 803.775608][ T8217] usb 33-1: new low-speed USB device number 7 using vhci_hcd [ 804.270590][T10032] vhci_hcd: connection reset by peer [ 804.274535][ T12] vhci_hcd: stop threads [ 804.274557][ T12] vhci_hcd: release socket [ 804.274764][ T12] vhci_hcd: disconnect device [ 805.161413][T10046] overlayfs: missing 'lowerdir' [ 807.506168][ T13] team0 (unregistering): Port device team_slave_1 removed [ 807.655995][ T13] team0 (unregistering): Port device team_slave_0 removed [ 808.493887][ T9789] bridge0: port 1(bridge_slave_0) entered blocking state [ 808.494071][ T9789] bridge0: port 1(bridge_slave_0) entered disabled state [ 808.494318][ T9789] bridge_slave_0: entered allmulticast mode [ 808.507988][ T9789] bridge_slave_0: entered promiscuous mode [ 808.525936][ T9789] bridge0: port 2(bridge_slave_1) entered blocking state [ 808.526095][ T9789] bridge0: port 2(bridge_slave_1) entered disabled state [ 808.526371][ T9789] bridge_slave_1: entered allmulticast mode [ 808.529747][ T9789] bridge_slave_1: entered promiscuous mode [ 808.917678][ T8217] vhci_hcd: vhci_device speed not set [ 809.181908][ T9789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 809.207237][ T9789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 812.112651][ T37] kauditd_printk_skb: 65 callbacks suppressed [ 812.112672][ T37] audit: type=1326 audit(1762353430.998:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10081 comm="syz.3.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f46c4f6c9 code=0x7ffc0000 [ 812.112726][ T37] audit: type=1326 audit(1762353430.998:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10081 comm="syz.3.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f46c4f6c9 code=0x7ffc0000 [ 812.196673][ T37] audit: type=1326 audit(1762353431.088:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10081 comm="syz.3.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f0f46c4f6c9 code=0x7ffc0000 [ 812.196739][ T37] audit: type=1326 audit(1762353431.088:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10081 comm="syz.3.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f46c4f6c9 code=0x7ffc0000 [ 812.196789][ T37] audit: type=1326 audit(1762353431.088:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10081 comm="syz.3.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f46c4f6c9 code=0x7ffc0000 [ 812.196840][ T37] audit: type=1326 audit(1762353431.088:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10081 comm="syz.3.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0f46c4f6c9 code=0x7ffc0000 [ 812.196890][ T37] audit: type=1326 audit(1762353431.088:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10081 comm="syz.3.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f46c4f6c9 code=0x7ffc0000 [ 812.196941][ T37] audit: type=1326 audit(1762353431.088:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10081 comm="syz.3.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f46c4f6c9 code=0x7ffc0000 [ 812.235160][ T37] audit: type=1326 audit(1762353431.118:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10081 comm="syz.3.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f0f46c4f6c9 code=0x7ffc0000 [ 812.235227][ T37] audit: type=1326 audit(1762353431.118:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10081 comm="syz.3.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f46c4f6c9 code=0x7ffc0000 [ 813.404780][T10080] ptrace attach of "./syz-executor exec"[5797] was attempted by ""[10080] [ 813.446448][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 813.451772][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 813.472947][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 813.501094][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 813.534779][ T5802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 813.587623][T10082] netlink: 'syz.3.951': attribute type 3 has an invalid length. [ 813.587646][T10082] netlink: 'syz.3.951': attribute type 1 has an invalid length. [ 814.070719][ T13] bridge_slave_1: left allmulticast mode [ 814.070754][ T13] bridge_slave_1: left promiscuous mode [ 814.071093][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 814.132191][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.132274][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.176135][ T13] bridge_slave_0: left allmulticast mode [ 814.176159][ T13] bridge_slave_0: left promiscuous mode [ 814.176354][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 814.631258][T10113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.954'. [ 814.769987][T10115] netlink: 4 bytes leftover after parsing attributes in process `syz.0.954'. [ 815.206284][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 815.299945][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 815.397954][ T13] bond0 (unregistering): Released all slaves [ 815.608902][T10114] team0: Mode changed to "loadbalance" [ 815.649661][ T5802] Bluetooth: hci1: command tx timeout [ 817.315191][ T5890] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 817.468096][ T5890] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 817.468134][ T5890] usb 4-1: config 0 interface 0 has no altsetting 0 [ 817.471163][ T5890] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 817.471184][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 817.471197][ T5890] usb 4-1: Product: syz [ 817.471206][ T5890] usb 4-1: Manufacturer: syz [ 817.471214][ T5890] usb 4-1: SerialNumber: syz [ 817.478249][ T5890] usb 4-1: config 0 descriptor?? [ 817.503902][ T5890] usb 4-1: selecting invalid altsetting 0 [ 817.717131][ T8440] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 817.730430][ T5814] Bluetooth: hci1: command tx timeout [ 817.751703][ T8440] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 817.761313][ T8440] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 817.765268][ T8440] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 817.779133][ T9921] chnl_net:caif_netlink_parms(): no params data found [ 817.779629][ T8440] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 817.942609][ T5890] usb 4-1: USB disconnect, device number 10 [ 818.936786][ T13] hsr_slave_0: left promiscuous mode [ 819.071389][ T13] hsr_slave_1: left promiscuous mode [ 819.129071][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 819.308931][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 819.805196][ T8440] Bluetooth: hci1: command tx timeout [ 819.807527][ T5802] Bluetooth: hci5: command tx timeout [ 821.415864][ T13] team0 (unregistering): Port device team_slave_1 removed [ 821.606337][ T13] team0 (unregistering): Port device team_slave_0 removed [ 821.885395][ T5802] Bluetooth: hci5: command tx timeout [ 821.885434][ T5802] Bluetooth: hci1: command tx timeout [ 822.856352][ T9921] bridge0: port 1(bridge_slave_0) entered blocking state [ 822.856516][ T9921] bridge0: port 1(bridge_slave_0) entered disabled state [ 822.856764][ T9921] bridge_slave_0: entered allmulticast mode [ 822.865342][ T9921] bridge_slave_0: entered promiscuous mode [ 822.881071][ T9921] bridge0: port 2(bridge_slave_1) entered blocking state [ 822.881254][ T9921] bridge0: port 2(bridge_slave_1) entered disabled state [ 822.881656][ T9921] bridge_slave_1: entered allmulticast mode [ 822.886046][ T9921] bridge_slave_1: entered promiscuous mode [ 823.364724][ T9921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 824.145220][ T8440] Bluetooth: hci5: command tx timeout [ 825.133414][ T9921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 826.205388][ T8440] Bluetooth: hci5: command tx timeout [ 827.852006][ T9921] team0: Port device team_slave_0 added [ 827.951066][ T9921] team0: Port device team_slave_1 added [ 828.673928][ T9921] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 828.673942][ T9921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 828.673960][ T9921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 828.775210][ T9921] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 828.775231][ T9921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 828.775264][ T9921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 830.408231][ T13] bridge_slave_1: left allmulticast mode [ 830.408262][ T13] bridge_slave_1: left promiscuous mode [ 830.408567][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 830.486983][ T13] bridge_slave_0: left allmulticast mode [ 830.487016][ T13] bridge_slave_0: left promiscuous mode [ 830.487320][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 831.217663][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 831.305891][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 831.383134][ T13] bond0 (unregistering): Released all slaves [ 832.121431][ T9921] hsr_slave_0: entered promiscuous mode [ 832.123887][ T9921] hsr_slave_1: entered promiscuous mode [ 832.139071][T10095] chnl_net:caif_netlink_parms(): no params data found [ 833.175242][ T37] kauditd_printk_skb: 27 callbacks suppressed [ 833.175294][ T37] audit: type=1326 audit(1762353451.988:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10217 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 833.175566][ T37] audit: type=1326 audit(1762353451.998:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10217 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 833.175804][ T37] audit: type=1326 audit(1762353451.998:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10217 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 833.176088][ T37] audit: type=1326 audit(1762353451.998:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10217 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 833.176368][ T37] audit: type=1326 audit(1762353452.008:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10217 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 833.176660][ T37] audit: type=1326 audit(1762353452.008:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10217 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 833.176878][ T37] audit: type=1326 audit(1762353452.008:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10217 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 833.177134][ T37] audit: type=1326 audit(1762353452.008:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10217 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 833.177415][ T37] audit: type=1326 audit(1762353452.008:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10217 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 833.177656][ T37] audit: type=1326 audit(1762353452.018:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10217 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55029cf6c9 code=0x7ffc0000 [ 833.498683][T10221] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 838.211855][T10250] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 838.953338][T10137] chnl_net:caif_netlink_parms(): no params data found [ 838.985324][T10260] syz2: rxe_newlink: already configured on ipvlan0 [ 839.015632][T10095] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.015876][T10095] bridge0: port 1(bridge_slave_0) entered disabled state [ 839.016145][T10095] bridge_slave_0: entered allmulticast mode [ 839.019478][T10095] bridge_slave_0: entered promiscuous mode [ 839.097866][T10095] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.098052][T10095] bridge0: port 2(bridge_slave_1) entered disabled state [ 839.098333][T10095] bridge_slave_1: entered allmulticast mode [ 839.103513][T10095] bridge_slave_1: entered promiscuous mode [ 839.753485][T10095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 839.810970][T10095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 839.898304][T10268] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 839.898335][T10268] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 839.898636][T10268] vhci_hcd vhci_hcd.0: Device attached [ 840.165163][ T10] usb 39-1: new low-speed USB device number 7 using vhci_hcd [ 840.695489][T10269] vhci_hcd: connection reset by peer [ 840.700927][ T6791] vhci_hcd: stop threads [ 840.700989][ T6791] vhci_hcd: release socket [ 840.701158][ T6791] vhci_hcd: disconnect device [ 841.705450][ T5890] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 841.727518][T10095] team0: Port device team_slave_0 added [ 841.735912][T10137] bridge0: port 1(bridge_slave_0) entered blocking state [ 841.736132][T10137] bridge0: port 1(bridge_slave_0) entered disabled state [ 841.736364][T10137] bridge_slave_0: entered allmulticast mode [ 841.741092][T10137] bridge_slave_0: entered promiscuous mode [ 841.761791][T10137] bridge0: port 2(bridge_slave_1) entered blocking state [ 841.761936][T10137] bridge0: port 2(bridge_slave_1) entered disabled state [ 841.762162][T10137] bridge_slave_1: entered allmulticast mode [ 841.765695][T10137] bridge_slave_1: entered promiscuous mode [ 841.769496][T10095] team0: Port device team_slave_1 added [ 841.835825][ T5890] usb 4-1: device descriptor read/64, error -71 [ 842.105321][ T5890] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 842.235233][ T5890] usb 4-1: device descriptor read/64, error -71 [ 842.348670][ T5890] usb usb4-port1: attempt power cycle [ 842.765874][ T5890] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 843.076422][ T5890] usb 4-1: device descriptor read/8, error -71 [ 843.293322][T10137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 843.341841][T10095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 843.341860][T10095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 843.341883][T10095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 843.355186][ T5890] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 843.376637][ T5890] usb 4-1: device descriptor read/8, error -71 [ 843.490746][ T5890] usb usb4-port1: unable to enumerate USB device [ 843.542688][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 843.620195][T10137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 843.624786][T10095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 843.624805][T10095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 843.624835][T10095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 844.468959][T10288] netlink: 'syz.0.989': attribute type 10 has an invalid length. [ 844.502569][ T8440] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 844.554616][ T8440] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 844.557009][ T8440] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 844.564287][ T8440] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 844.570522][ T8440] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 845.127382][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.235807][T10137] team0: Port device team_slave_0 added [ 845.307228][T10137] team0: Port device team_slave_1 added [ 845.330318][ T10] vhci_hcd: vhci_device speed not set [ 845.767088][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 846.615118][T10095] hsr_slave_0: entered promiscuous mode [ 846.626995][T10095] hsr_slave_1: entered promiscuous mode [ 846.628026][T10095] debugfs: 'hsr0' already exists in 'hsr' [ 846.628051][T10095] Cannot create hsr debugfs directory [ 846.629171][T10137] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 846.629187][T10137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 846.629215][T10137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 846.765771][ T8440] Bluetooth: hci3: command tx timeout [ 847.025785][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 847.118410][T10137] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 847.118430][T10137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 847.118460][T10137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 847.728384][ C1] vkms_vblank_simulate: vblank timer overrun [ 848.239876][ C1] vkms_vblank_simulate: vblank timer overrun [ 848.453688][ C1] vkms_vblank_simulate: vblank timer overrun [ 848.950600][ C1] vkms_vblank_simulate: vblank timer overrun [ 848.952529][ T8440] Bluetooth: hci3: command tx timeout [ 850.187871][ C1] vkms_vblank_simulate: vblank timer overrun [ 850.536136][T10137] hsr_slave_0: entered promiscuous mode [ 850.537782][T10137] hsr_slave_1: entered promiscuous mode [ 850.538942][T10137] debugfs: 'hsr0' already exists in 'hsr' [ 850.538967][T10137] Cannot create hsr debugfs directory [ 851.005622][ T8440] Bluetooth: hci3: command tx timeout [ 851.025162][ T43] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 851.207242][ T43] usb 4-1: device descriptor read/64, error -71 [ 851.455497][ T43] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 851.585226][ T43] usb 4-1: device descriptor read/64, error -71 [ 851.695770][ T43] usb usb4-port1: attempt power cycle [ 852.065199][ T43] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 852.091142][ T43] usb 4-1: device descriptor read/8, error -71 [ 852.335569][ T43] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 852.536149][ T43] usb 4-1: device descriptor read/8, error -71 [ 852.763844][ T43] usb usb4-port1: unable to enumerate USB device [ 853.147278][ T8440] Bluetooth: hci3: command tx timeout [ 857.945251][ T10] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 858.915192][ T10] usb 4-1: device descriptor read/64, error -71 [ 859.155363][ T10] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 859.285397][ T10] usb 4-1: device descriptor read/64, error -71 [ 859.395649][ T10] usb usb4-port1: attempt power cycle [ 859.788467][ T10] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 859.809656][ T10] usb 4-1: device descriptor read/8, error -71 [ 860.055381][ T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 860.068576][ T13] bond0 (unregistering): Released all slaves [ 860.076132][ T10] usb 4-1: device descriptor read/8, error -71 [ 860.185676][ T10] usb usb4-port1: unable to enumerate USB device [ 861.688577][T10369] netlink: 'syz.0.1014': attribute type 2 has an invalid length. [ 861.689799][T10369] netlink: 'syz.0.1014': attribute type 5 has an invalid length. [ 861.894924][T10287] chnl_net:caif_netlink_parms(): no params data found [ 862.123185][T10372] overlayfs: overlapping lowerdir path [ 862.196803][T10373] overlayfs: overlapping lowerdir path [ 862.695188][ T13] hsr_slave_0: left promiscuous mode [ 862.751695][ T13] hsr_slave_1: left promiscuous mode [ 862.850580][ T13] veth1_macvtap: left promiscuous mode [ 862.850659][ T13] veth0_macvtap: left promiscuous mode [ 862.850828][ T13] veth1_vlan: left promiscuous mode [ 862.850877][ T13] veth0_vlan: left promiscuous mode [ 863.978341][T10382] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 869.842173][T10287] bridge0: port 1(bridge_slave_0) entered blocking state [ 869.842539][T10287] bridge0: port 1(bridge_slave_0) entered disabled state [ 869.842798][T10287] bridge_slave_0: entered allmulticast mode [ 869.869511][T10287] bridge_slave_0: entered promiscuous mode [ 869.904384][T10287] bridge0: port 2(bridge_slave_1) entered blocking state [ 869.904535][T10287] bridge0: port 2(bridge_slave_1) entered disabled state [ 869.904799][T10287] bridge_slave_1: entered allmulticast mode [ 869.918977][T10287] bridge_slave_1: entered promiscuous mode [ 870.521463][T10287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 870.529614][T10287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 871.900630][T10137] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 871.933006][T10287] team0: Port device team_slave_0 added [ 871.944027][T10137] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 872.026510][T10287] team0: Port device team_slave_1 added [ 872.033788][T10137] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 872.238151][T10137] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 872.406164][T10287] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 872.406184][T10287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 872.406215][T10287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 872.538670][T10287] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 872.538691][T10287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 872.538710][T10287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 872.972766][T10287] hsr_slave_0: entered promiscuous mode [ 872.974383][T10287] hsr_slave_1: entered promiscuous mode [ 872.976390][T10287] debugfs: 'hsr0' already exists in 'hsr' [ 872.976416][T10287] Cannot create hsr debugfs directory [ 874.622857][T10450] ubi31: attaching mtd0 [ 874.937657][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 874.943624][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 874.959708][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 874.974613][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 874.987512][ T5802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 875.215142][T10450] ubi31: scanning is finished [ 875.215202][T10450] ubi31: empty MTD device detected [ 875.572811][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.572897][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 877.033550][T10450] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 877.085644][ T5802] Bluetooth: hci1: command tx timeout [ 877.371033][ T13] bridge_slave_1: left allmulticast mode [ 877.371066][ T13] bridge_slave_1: left promiscuous mode [ 877.371394][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 877.567063][ T13] bridge_slave_0: left allmulticast mode [ 877.567097][ T13] bridge_slave_0: left promiscuous mode [ 877.567399][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 879.026333][ T8440] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 879.040104][ T8440] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 879.046966][ T8440] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 879.077480][ T8440] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 879.093203][ T8440] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 879.156580][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 879.178245][ T5802] Bluetooth: hci1: command tx timeout [ 879.250235][T10468] capability: warning: `syz.3.1035' uses 32-bit capabilities (legacy support in use) [ 879.385776][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 879.467087][ T13] bond0 (unregistering): Released all slaves [ 881.292578][ T5802] Bluetooth: hci2: command tx timeout [ 881.293145][ T8440] Bluetooth: hci1: command tx timeout [ 883.325101][ T5802] Bluetooth: hci2: command tx timeout [ 883.533964][ T5802] Bluetooth: hci1: command tx timeout [ 883.635147][ T13] hsr_slave_0: left promiscuous mode [ 883.685245][ T13] hsr_slave_1: left promiscuous mode [ 883.686037][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 883.708895][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 884.335792][ T13] team0 (unregistering): Port device team_slave_1 removed [ 884.490075][ T13] team0 (unregistering): Port device team_slave_0 removed [ 885.405454][ T5802] Bluetooth: hci2: command tx timeout [ 886.184734][T10449] chnl_net:caif_netlink_parms(): no params data found [ 886.657388][T10287] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 886.724436][T10287] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 886.818459][T10287] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 886.906376][T10287] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 887.485311][ T5802] Bluetooth: hci2: command tx timeout [ 889.997183][T10449] bridge0: port 1(bridge_slave_0) entered blocking state [ 889.997282][T10449] bridge0: port 1(bridge_slave_0) entered disabled state [ 889.997469][T10449] bridge_slave_0: entered allmulticast mode [ 889.999179][T10449] bridge_slave_0: entered promiscuous mode [ 890.206709][T10449] bridge0: port 2(bridge_slave_1) entered blocking state [ 890.206896][T10449] bridge0: port 2(bridge_slave_1) entered disabled state [ 890.207163][T10449] bridge_slave_1: entered allmulticast mode [ 890.210534][T10449] bridge_slave_1: entered promiscuous mode [ 890.517111][T10476] chnl_net:caif_netlink_parms(): no params data found [ 890.802472][T10449] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 890.923087][T10449] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 893.072410][T10449] team0: Port device team_slave_0 added [ 893.164507][T10560] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1053'. [ 893.625755][T10572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1053'. [ 893.739853][T10449] team0: Port device team_slave_1 added [ 895.092759][T10449] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 895.092779][T10449] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 895.092802][T10449] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 895.093969][T10476] bridge0: port 1(bridge_slave_0) entered blocking state [ 895.094137][T10476] bridge0: port 1(bridge_slave_0) entered disabled state [ 895.094372][T10476] bridge_slave_0: entered allmulticast mode [ 895.101920][T10476] bridge_slave_0: entered promiscuous mode [ 895.524466][T10449] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 895.524519][T10449] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 895.524581][T10449] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 895.609608][T10476] bridge0: port 2(bridge_slave_1) entered blocking state [ 895.611272][T10476] bridge0: port 2(bridge_slave_1) entered disabled state [ 895.634048][T10476] bridge_slave_1: entered allmulticast mode [ 895.845121][T10476] bridge_slave_1: entered promiscuous mode [ 897.611608][T10476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 897.731532][T10476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 897.944147][T10449] hsr_slave_0: entered promiscuous mode [ 897.945989][T10449] hsr_slave_1: entered promiscuous mode [ 898.037504][T10476] team0: Port device team_slave_0 added [ 898.229952][T10476] team0: Port device team_slave_1 added [ 898.843999][T10476] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 898.844020][T10476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 898.844049][T10476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 898.941154][T10476] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 898.941176][T10476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 898.941207][T10476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 901.661281][T10618] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1066'. [ 901.864247][T10619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1066'. [ 902.523537][T10476] hsr_slave_0: entered promiscuous mode [ 902.533657][T10476] hsr_slave_1: entered promiscuous mode [ 902.548862][T10476] debugfs: 'hsr0' already exists in 'hsr' [ 902.548892][T10476] Cannot create hsr debugfs directory [ 903.052045][T10287] 8021q: adding VLAN 0 to HW filter on device bond0 [ 903.377910][T10287] 8021q: adding VLAN 0 to HW filter on device team0 [ 903.509096][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 903.509666][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 903.601380][ T6963] bridge0: port 2(bridge_slave_1) entered blocking state [ 903.601713][ T6963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 903.894250][ T13] bridge_slave_1: left allmulticast mode [ 903.894283][ T13] bridge_slave_1: left promiscuous mode [ 903.894589][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 903.976063][ T13] bridge_slave_0: left allmulticast mode [ 903.976086][ T13] bridge_slave_0: left promiscuous mode [ 903.976358][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 904.088894][ T13] bridge_slave_1: left allmulticast mode [ 904.088929][ T13] bridge_slave_1: left promiscuous mode [ 904.090511][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 904.178050][ T13] bridge_slave_0: left allmulticast mode [ 904.178086][ T13] bridge_slave_0: left promiscuous mode [ 904.178405][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 905.014702][T10641] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1072'. [ 905.359958][ C1] vkms_vblank_simulate: vblank timer overrun [ 905.670260][ T8440] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 905.674536][ T8440] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 905.679213][ T8440] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 905.681168][ T8440] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 905.682097][ T8440] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 905.835070][ C1] vkms_vblank_simulate: vblank timer overrun [ 906.151989][ C1] vkms_vblank_simulate: vblank timer overrun [ 906.543701][ C1] vkms_vblank_simulate: vblank timer overrun [ 906.976011][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 907.096083][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 907.159019][ T13] bond0 (unregistering): Released all slaves [ 907.328049][ C1] vkms_vblank_simulate: vblank timer overrun [ 907.505914][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 907.596243][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 907.680405][ T13] bond0 (unregistering): Released all slaves [ 907.725207][ T8440] Bluetooth: hci3: command tx timeout [ 907.906930][ C1] vkms_vblank_simulate: vblank timer overrun [ 908.155231][ C1] vkms_vblank_simulate: vblank timer overrun [ 908.307235][ C1] vkms_vblank_simulate: vblank timer overrun [ 908.385850][ T5802] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 908.530855][ C1] vkms_vblank_simulate: vblank timer overrun [ 908.587547][T10659] overlayfs: missing 'lowerdir' [ 908.690789][ C1] vkms_vblank_simulate: vblank timer overrun [ 908.751038][T10665] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1077'. [ 908.873021][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1077'. [ 909.805086][ T5802] Bluetooth: hci3: command tx timeout [ 911.885295][ T5802] Bluetooth: hci3: command tx timeout [ 913.188522][T10714] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1080'. [ 913.574778][T10726] fuse: Bad value for 'fd' [ 914.175020][ T5802] Bluetooth: hci3: command tx timeout [ 920.885206][ T13] hsr_slave_0: left promiscuous mode [ 920.905299][ T13] hsr_slave_1: left promiscuous mode [ 920.906501][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 920.956275][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 921.145446][ T13] hsr_slave_0: left promiscuous mode [ 921.165500][ T13] hsr_slave_1: left promiscuous mode [ 921.166378][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 921.221912][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 922.304065][ T13] team0 (unregistering): Port device team_slave_1 removed [ 922.486167][ T13] team0 (unregistering): Port device team_slave_0 removed [ 923.017375][T10753] overlayfs: missing 'lowerdir' [ 926.325811][ T13] team0 (unregistering): Port device team_slave_1 removed [ 926.455814][ T13] team0 (unregistering): Port device team_slave_0 removed [ 927.163916][T10771] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1088'. [ 928.418044][T10776] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 929.611193][ T8440] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 929.625635][ T8440] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 929.631131][ T8440] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 929.643631][ T8440] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 929.644576][ T8440] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 930.342549][T10449] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 930.447684][T10449] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 930.615127][T10449] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 930.651326][T10647] chnl_net:caif_netlink_parms(): no params data found [ 930.770840][T10449] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 931.737577][ C0] vkms_vblank_simulate: vblank timer overrun [ 931.737831][ T8440] Bluetooth: hci5: command tx timeout [ 932.252909][ C0] vkms_vblank_simulate: vblank timer overrun [ 932.400193][ C0] vkms_vblank_simulate: vblank timer overrun [ 932.437670][T10476] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 932.519418][ C0] vkms_vblank_simulate: vblank timer overrun [ 932.564812][T10647] bridge0: port 1(bridge_slave_0) entered blocking state [ 932.566298][T10647] bridge0: port 1(bridge_slave_0) entered disabled state [ 932.566526][T10647] bridge_slave_0: entered allmulticast mode [ 932.569461][T10647] bridge_slave_0: entered promiscuous mode [ 932.635136][T10476] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 932.723134][T10647] bridge0: port 2(bridge_slave_1) entered blocking state [ 932.723294][T10647] bridge0: port 2(bridge_slave_1) entered disabled state [ 932.723527][T10647] bridge_slave_1: entered allmulticast mode [ 932.727771][T10647] bridge_slave_1: entered promiscuous mode [ 932.731418][T10476] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 932.769633][T10833] 9pnet_virtio: no channels available for device syz [ 932.930787][T10476] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 933.184703][T10647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 933.233989][T10647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 933.631253][T10647] team0: Port device team_slave_0 added [ 933.654429][T10647] team0: Port device team_slave_1 added [ 933.680184][T10844] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1096'. [ 933.805097][ T8440] Bluetooth: hci5: command tx timeout [ 934.482115][T10647] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 934.482131][T10647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 934.482149][T10647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 934.732733][T10647] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 934.732757][T10647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 934.732775][T10647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 934.881550][ C0] vkms_vblank_simulate: vblank timer overrun [ 934.918494][ T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 935.224842][ C0] vkms_vblank_simulate: vblank timer overrun [ 935.661422][ T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 935.986303][ T5802] Bluetooth: hci5: command tx timeout [ 935.999170][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 936.020255][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 936.022410][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 936.036769][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 936.037725][ T5802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 937.014178][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 937.014266][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.872113][ T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 937.921951][T10880] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1101'. [ 937.921990][T10880] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1101'. [ 937.922662][T10880] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 937.990858][T10647] hsr_slave_0: entered promiscuous mode [ 937.994138][T10647] hsr_slave_1: entered promiscuous mode [ 937.998884][T10647] debugfs: 'hsr0' already exists in 'hsr' [ 937.998913][T10647] Cannot create hsr debugfs directory [ 938.018277][T10784] chnl_net:caif_netlink_parms(): no params data found [ 938.045344][ T8440] Bluetooth: hci5: command tx timeout [ 938.290614][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 938.308508][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 938.318108][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 938.367227][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 938.368189][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 938.425974][ T13] bond0: (slave netdevsim0): Releasing backup interface [ 938.473300][ T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 939.010536][T10900] 9pnet_virtio: no channels available for device syz [ 939.088213][ T5802] Bluetooth: hci1: command tx timeout [ 939.914450][T10784] bridge0: port 1(bridge_slave_0) entered blocking state [ 939.917382][T10784] bridge0: port 1(bridge_slave_0) entered disabled state [ 939.917613][T10784] bridge_slave_0: entered allmulticast mode [ 939.950532][T10784] bridge_slave_0: entered promiscuous mode [ 940.009523][T10784] bridge0: port 2(bridge_slave_1) entered blocking state [ 940.009608][T10784] bridge0: port 2(bridge_slave_1) entered disabled state [ 940.009758][T10784] bridge_slave_1: entered allmulticast mode [ 940.020535][T10784] bridge_slave_1: entered promiscuous mode [ 940.445156][ T5802] Bluetooth: hci2: command tx timeout [ 940.605180][ T5890] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 940.689712][T10784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 940.738654][T10784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 940.769653][ T5890] usb 1-1: config 0 has no interfaces? [ 940.776623][ T5890] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 940.776653][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 940.776681][ T5890] usb 1-1: Product: syz [ 940.776695][ T5890] usb 1-1: Manufacturer: syz [ 940.776710][ T5890] usb 1-1: SerialNumber: syz [ 940.807770][ T5890] usb 1-1: config 0 descriptor?? [ 941.019521][ T10] usb 1-1: USB disconnect, device number 10 [ 941.175246][ T5802] Bluetooth: hci1: command tx timeout [ 941.267891][T10784] team0: Port device team_slave_0 added [ 941.285633][T10784] team0: Port device team_slave_1 added [ 942.040870][T10784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 942.040886][T10784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 942.040904][T10784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 942.308102][T10784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 942.308159][T10784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 942.308228][T10784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 942.534392][ T5802] Bluetooth: hci2: command tx timeout [ 943.246780][ T5802] Bluetooth: hci1: command tx timeout [ 943.259093][T10784] hsr_slave_0: entered promiscuous mode [ 943.260566][T10784] hsr_slave_1: entered promiscuous mode [ 943.261653][T10784] debugfs: 'hsr0' already exists in 'hsr' [ 943.261679][T10784] Cannot create hsr debugfs directory [ 943.866378][T10923] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1108'. [ 943.883675][T10888] chnl_net:caif_netlink_parms(): no params data found [ 943.914220][T10864] chnl_net:caif_netlink_parms(): no params data found [ 944.421968][T10932] 9pnet_virtio: no channels available for device syz [ 944.606107][ T5802] Bluetooth: hci2: command tx timeout [ 944.915316][ T13] bridge_slave_1: left allmulticast mode [ 944.915351][ T13] bridge_slave_1: left promiscuous mode [ 944.915662][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 945.017101][ T13] bridge_slave_0: left allmulticast mode [ 945.017135][ T13] bridge_slave_0: left promiscuous mode [ 945.017448][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 945.325775][ T5802] Bluetooth: hci1: command tx timeout [ 945.877563][ T43] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 946.047745][ T43] usb 1-1: config 0 has no interfaces? [ 946.077570][ T43] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 946.077603][ T43] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 946.077624][ T43] usb 1-1: Product: syz [ 946.077637][ T43] usb 1-1: Manufacturer: syz [ 946.077651][ T43] usb 1-1: SerialNumber: syz [ 946.086674][ T43] usb 1-1: config 0 descriptor?? [ 946.305221][ T5917] usb 1-1: USB disconnect, device number 11 [ 946.689526][ T5802] Bluetooth: hci2: command tx timeout [ 947.843506][ T13] bond0 (unregistering): Released all slaves [ 949.111497][T10963] 9pnet_virtio: no channels available for device syz [ 950.796176][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 950.955751][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 951.078262][ T13] bond0 (unregistering): Released all slaves [ 952.886522][T10888] bridge0: port 1(bridge_slave_0) entered blocking state [ 952.918892][T10888] bridge0: port 1(bridge_slave_0) entered disabled state [ 952.919115][T10888] bridge_slave_0: entered allmulticast mode [ 952.920826][T10888] bridge_slave_0: entered promiscuous mode [ 952.923756][T10864] bridge0: port 1(bridge_slave_0) entered blocking state [ 952.923910][T10864] bridge0: port 1(bridge_slave_0) entered disabled state [ 952.924135][T10864] bridge_slave_0: entered allmulticast mode [ 952.931577][T10864] bridge_slave_0: entered promiscuous mode [ 952.952977][T10888] bridge0: port 2(bridge_slave_1) entered blocking state [ 952.953122][T10888] bridge0: port 2(bridge_slave_1) entered disabled state [ 952.953322][T10888] bridge_slave_1: entered allmulticast mode [ 952.958432][T10888] bridge_slave_1: entered promiscuous mode [ 952.960513][T10864] bridge0: port 2(bridge_slave_1) entered blocking state [ 952.960752][T10864] bridge0: port 2(bridge_slave_1) entered disabled state [ 952.960954][T10864] bridge_slave_1: entered allmulticast mode [ 952.964097][T10864] bridge_slave_1: entered promiscuous mode [ 953.609671][T10999] 9pnet_virtio: no channels available for device syz [ 954.336476][T10888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 954.375663][T10864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 954.392335][T10888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 954.534018][T10864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 954.890843][T10888] team0: Port device team_slave_0 added [ 955.060557][T10888] team0: Port device team_slave_1 added [ 955.355482][ T13] hsr_slave_0: left promiscuous mode [ 955.488278][ T13] hsr_slave_0: left promiscuous mode [ 955.510240][ T13] hsr_slave_1: left promiscuous mode [ 955.511048][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 955.546646][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 955.657358][ T13] veth1_macvtap: left promiscuous mode [ 955.657434][ T13] veth0_macvtap: left promiscuous mode [ 955.657602][ T13] veth1_vlan: left promiscuous mode [ 955.657651][ T13] veth0_vlan: left promiscuous mode [ 956.944187][ T6963] smc: removing ib device syz2 [ 961.406751][ T13] team0 (unregistering): Port device team_slave_1 removed [ 961.575930][ T13] team0 (unregistering): Port device team_slave_0 removed [ 963.508269][T10864] team0: Port device team_slave_0 added [ 963.735254][ T10] ================================================================== [ 963.735269][ T10] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x6e/0x190 [ 963.735294][ T10] Read of size 8 at addr ffff88805d6d42e8 by task kworker/0:1/10 [ 963.735305][ T10] [ 963.735323][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 963.735338][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 963.735348][ T10] Workqueue: events smc_ib_port_event_work [ 963.735441][ T10] Call Trace: [ 963.735446][ T10] [ 963.735452][ T10] dump_stack_lvl+0x189/0x250 [ 963.735472][ T10] ? rcu_is_watching+0x15/0xb0 [ 963.735483][ T10] ? __kasan_check_byte+0x12/0x40 [ 963.735501][ T10] ? __pfx_dump_stack_lvl+0x10/0x10 [ 963.735518][ T10] ? rcu_is_watching+0x15/0xb0 [ 963.735529][ T10] ? lock_release+0x4b/0x3e0 [ 963.735546][ T10] ? __virt_addr_valid+0x1c8/0x5c0 [ 963.735573][ T10] ? __virt_addr_valid+0x4a5/0x5c0 [ 963.735591][ T10] print_report+0xca/0x240 [ 963.735608][ T10] ? __ethtool_get_link_ksettings+0x6e/0x190 [ 963.735622][ T10] kasan_report+0x118/0x150 [ 963.735639][ T10] ? __ethtool_get_link_ksettings+0x6e/0x190 [ 963.735656][ T10] __ethtool_get_link_ksettings+0x6e/0x190 [ 963.735671][ T10] ib_get_eth_speed+0x15e/0x7b0 [ 963.735691][ T10] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 963.735709][ T10] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 963.735747][ T10] ? rxe_query_port+0x7e/0x3b0 [ 963.735764][ T10] rxe_query_port+0x93/0x3b0 [ 963.735781][ T10] ib_query_port+0x170/0x830 [ 963.735795][ T10] smc_ib_port_event_work+0x16f/0x940 [ 963.735810][ T10] ? process_scheduled_works+0x9ef/0x17b0 [ 963.735827][ T10] ? process_scheduled_works+0x9ef/0x17b0 [ 963.735842][ T10] process_scheduled_works+0xae1/0x17b0 [ 963.735871][ T10] ? __pfx_process_scheduled_works+0x10/0x10 [ 963.735889][ T10] worker_thread+0x8a0/0xda0 [ 963.735910][ T10] kthread+0x711/0x8a0 [ 963.735928][ T10] ? __pfx_worker_thread+0x10/0x10 [ 963.735943][ T10] ? __pfx_kthread+0x10/0x10 [ 963.735959][ T10] ? rt_spin_unlock+0x150/0x200 [ 963.735973][ T10] ? rt_spin_unlock+0x161/0x200 [ 963.735985][ T10] ? __pfx_kthread+0x10/0x10 [ 963.736002][ T10] ret_from_fork+0x4bc/0x870 [ 963.736018][ T10] ? __pfx_ret_from_fork+0x10/0x10 [ 963.736033][ T10] ? __switch_to_asm+0x39/0x70 [ 963.736045][ T10] ? __switch_to_asm+0x33/0x70 [ 963.736057][ T10] ? __pfx_kthread+0x10/0x10 [ 963.736078][ T10] ret_from_fork_asm+0x1a/0x30 [ 963.736095][ T10] [ 963.736100][ T10] [ 963.736103][ T10] Allocated by task 5810: [ 963.736109][ T10] kasan_save_track+0x3e/0x80 [ 963.736123][ T10] __kasan_kmalloc+0x93/0xb0 [ 963.736137][ T10] __kvmalloc_node_noprof+0x3fd/0x920 [ 963.736152][ T10] alloc_netdev_mqs+0xa6/0x11c0 [ 963.736167][ T10] rtnl_create_link+0x31f/0xd10 [ 963.736181][ T10] rtnl_newlink_create+0x25c/0xb00 [ 963.736192][ T10] rtnl_newlink+0x16e4/0x1c80 [ 963.736202][ T10] rtnetlink_rcv_msg+0x7cf/0xb70 [ 963.736211][ T10] netlink_rcv_skb+0x208/0x470 [ 963.736221][ T10] netlink_unicast+0x846/0xa10 [ 963.736237][ T10] netlink_sendmsg+0x805/0xb30 [ 963.736248][ T10] __sock_sendmsg+0x21c/0x270 [ 963.736263][ T10] __sys_sendto+0x3c7/0x520 [ 963.736273][ T10] __x64_sys_sendto+0xde/0x100 [ 963.736284][ T10] do_syscall_64+0xfa/0xfa0 [ 963.736331][ T10] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 963.736342][ T10] [ 963.736344][ T10] Freed by task 13: [ 963.736350][ T10] kasan_save_track+0x3e/0x80 [ 963.736363][ T10] __kasan_save_free_info+0x46/0x50 [ 963.736373][ T10] __kasan_slab_free+0x5c/0x80 [ 963.736387][ T10] kfree+0x197/0x950 [ 963.736399][ T10] device_release+0x9c/0x1c0 [ 963.736409][ T10] kobject_put+0x22b/0x480 [ 963.736453][ T10] netdev_run_todo+0xd2e/0xea0 [ 963.736466][ T10] default_device_exit_batch+0x81e/0x890 [ 963.736477][ T10] ops_undo_list+0x525/0x990 [ 963.736488][ T10] cleanup_net+0x4de/0x820 [ 963.736498][ T10] process_scheduled_works+0xae1/0x17b0 [ 963.736511][ T10] worker_thread+0x8a0/0xda0 [ 963.736524][ T10] kthread+0x711/0x8a0 [ 963.736539][ T10] ret_from_fork+0x4bc/0x870 [ 963.736551][ T10] ret_from_fork_asm+0x1a/0x30 [ 963.736562][ T10] [ 963.736565][ T10] The buggy address belongs to the object at ffff88805d6d4000 [ 963.736565][ T10] which belongs to the cache kmalloc-cg-4k of size 4096 [ 963.736575][ T10] The buggy address is located 744 bytes inside of [ 963.736575][ T10] freed 4096-byte region [ffff88805d6d4000, ffff88805d6d5000) [ 963.736589][ T10] [ 963.736592][ T10] The buggy address belongs to the physical page: [ 963.736599][ T10] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d6d0 [ 963.736611][ T10] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 963.736621][ T10] flags: 0x80000000000040(head|node=0|zone=1) [ 963.736632][ T10] page_type: f5(slab) [ 963.736644][ T10] raw: 0080000000000040 ffff88813ff30500 ffffea0001723a00 dead000000000002 [ 963.736654][ T10] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 963.736665][ T10] head: 0080000000000040 ffff88813ff30500 ffffea0001723a00 dead000000000002 [ 963.736676][ T10] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 963.736686][ T10] head: 0080000000000003 ffffea000175b401 00000000ffffffff 00000000ffffffff [ 963.736696][ T10] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 963.736702][ T10] page dumped because: kasan: bad access detected [ 963.736708][ T10] page_owner tracks the page as allocated [ 963.736713][ T10] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5800, tgid 5800 (syz-executor), ts 103371775670, free_ts 0 [ 963.736735][ T10] post_alloc_hook+0x240/0x2a0 [ 963.736750][ T10] get_page_from_freelist+0x28c0/0x2960 [ 963.736767][ T10] __alloc_frozen_pages_noprof+0x181/0x370 [ 963.736784][ T10] alloc_pages_mpol+0xd1/0x380 [ 963.736799][ T10] allocate_slab+0x96/0x350 [ 963.736810][ T10] ___slab_alloc+0xb12/0x13f0 [ 963.736819][ T10] __slab_alloc+0xc6/0x1f0 [ 963.736829][ T10] __kmalloc_node_track_caller_noprof+0x2a8/0x7e0 [ 963.736844][ T10] kmemdup_noprof+0x2b/0x70 [ 963.736856][ T10] __addrconf_sysctl_register+0x9e/0x4c0 [ 963.736869][ T10] addrconf_sysctl_register+0x168/0x1c0 [ 963.736881][ T10] ipv6_add_dev+0xd84/0x13c0 [ 963.736897][ T10] addrconf_notify+0x794/0x1010 [ 963.736909][ T10] notifier_call_chain+0x1b6/0x3e0 [ 963.736923][ T10] register_netdevice+0x163c/0x1b10 [ 963.736936][ T10] virt_wifi_newlink+0x428/0x860 [ 963.736947][ T10] page_owner free stack trace missing [ 963.736951][ T10] [ 963.736954][ T10] Memory state around the buggy address: [ 963.736960][ T10] ffff88805d6d4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 963.736968][ T10] ffff88805d6d4200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 963.736976][ T10] >ffff88805d6d4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 963.736983][ T10] ^ [ 963.736990][ T10] ffff88805d6d4300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 963.736998][ T10] ffff88805d6d4380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 963.737004][ T10] ================================================================== [ 963.737012][ T10] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 963.737022][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 963.737037][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 963.737045][ T10] Workqueue: events smc_ib_port_event_work [ 963.737060][ T10] Call Trace: [ 963.737067][ T10] [ 963.737075][ T10] dump_stack_lvl+0x99/0x250 [ 963.737093][ T10] ? __asan_memcpy+0x40/0x70 [ 963.737106][ T10] ? __pfx_dump_stack_lvl+0x10/0x10 [ 963.737124][ T10] ? __pfx__printk+0x10/0x10 [ 963.737141][ T10] vpanic+0x237/0x6d0 [ 963.737152][ T10] ? __pfx_vpanic+0x10/0x10 [ 963.737166][ T10] panic+0xb9/0xc0 [ 963.737176][ T10] ? __pfx_panic+0x10/0x10 [ 963.737186][ T10] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 963.737204][ T10] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 963.737222][ T10] ? __ethtool_get_link_ksettings+0x6e/0x190 [ 963.737236][ T10] check_panic_on_warn+0x89/0xb0 [ 963.737248][ T10] ? __ethtool_get_link_ksettings+0x6e/0x190 [ 963.737262][ T10] end_report+0x78/0x160 [ 963.737278][ T10] kasan_report+0x129/0x150 [ 963.737295][ T10] ? __ethtool_get_link_ksettings+0x6e/0x190 [ 963.737318][ T10] __ethtool_get_link_ksettings+0x6e/0x190 [ 963.737334][ T10] ib_get_eth_speed+0x15e/0x7b0 [ 963.737353][ T10] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 963.737370][ T10] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 963.737390][ T10] ? rxe_query_port+0x7e/0x3b0 [ 963.737406][ T10] rxe_query_port+0x93/0x3b0 [ 963.737422][ T10] ib_query_port+0x170/0x830 [ 963.737435][ T10] smc_ib_port_event_work+0x16f/0x940 [ 963.737450][ T10] ? process_scheduled_works+0x9ef/0x17b0 [ 963.737466][ T10] ? process_scheduled_works+0x9ef/0x17b0 [ 963.737481][ T10] process_scheduled_works+0xae1/0x17b0 [ 963.737501][ T10] ? __pfx_process_scheduled_works+0x10/0x10 [ 963.737520][ T10] worker_thread+0x8a0/0xda0 [ 963.737540][ T10] kthread+0x711/0x8a0 [ 963.737558][ T10] ? __pfx_worker_thread+0x10/0x10 [ 963.737572][ T10] ? __pfx_kthread+0x10/0x10 [ 963.737589][ T10] ? rt_spin_unlock+0x150/0x200 [ 963.737602][ T10] ? rt_spin_unlock+0x161/0x200 [ 963.737614][ T10] ? __pfx_kthread+0x10/0x10 [ 963.737631][ T10] ret_from_fork+0x4bc/0x870 [ 963.737645][ T10] ? __pfx_ret_from_fork+0x10/0x10 [ 963.737661][ T10] ? __switch_to_asm+0x39/0x70 [ 963.737672][ T10] ? __switch_to_asm+0x33/0x70 [ 963.737684][ T10] ? __pfx_kthread+0x10/0x10 [ 963.737701][ T10] ret_from_fork_asm+0x1a/0x30 [ 963.737717][ T10] [ 963.737904][ T10] Kernel Offset: disabled