last executing test programs: 24.91431029s ago: executing program 1 (id=828): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x50, 0x30, 0x9, 0x0, 0x0, {}, [{0x3c, 0x1, [@m_skbedit={0x38, 0x1, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0xff03}]}, {0x4}, {0xc, 0x5}, {0xc, 0x9, {0x4c}}}}]}]}, 0x50}}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040341d04000000000000010902"], 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001739e6108d90f2c006b060102030109021b000107d445000904"], 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef50d"], 0xf8) 23.711429684s ago: executing program 1 (id=841): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x100000000000000, r2}) close(0x4) close(r2) 23.601181157s ago: executing program 1 (id=842): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0xa8140180, 0x0, 0x0, 0x0, 0x0, 0x0) io_submit(r1, 0xf3, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x1, 0x0, r0, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}]) 23.27762868s ago: executing program 1 (id=844): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x2) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) chdir(&(0x7f0000000040)='./file0\x00') mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) 23.20111497s ago: executing program 1 (id=845): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000540)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@nfs_export_on}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = creat(&(0x7f0000000440)='./file0\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000140)=@OVL_FILEID_V1={0x16, 0x3ffff, {'\x00', {0x0, 0xfb, 0x15, 0x3, 0x5, "e837282efe0868327a31a705ec978547"}}}, 0xd71640) 22.951659875s ago: executing program 1 (id=846): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000001c0)={0x1, 0x0, [{0x1, 0x2, 0x80, 0xfffffff9, 0xeaa}]}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b442606838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe0f53ecc9abb1c638d0daf7409000000000000007e714351c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2215af04c32980b53ea45e5cf150d3442ba0e58aae0fdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c427070a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e13091496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad690200000084feb026fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d96fad69b0fba98d6bcb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135aaa972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e1533135fee0b67f925e9baabdb846b5bf66855e3f8b751ca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da88c1c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf900"}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x8400ae8e, &(0x7f0000000140)=@arm64={0x5, 0xae, 0x0, '\x00', 0x7fffffff}) 22.884447159s ago: executing program 32 (id=846): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000001c0)={0x1, 0x0, [{0x1, 0x2, 0x80, 0xfffffff9, 0xeaa}]}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b442606838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe0f53ecc9abb1c638d0daf7409000000000000007e714351c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2215af04c32980b53ea45e5cf150d3442ba0e58aae0fdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c427070a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e13091496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad690200000084feb026fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d96fad69b0fba98d6bcb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135aaa972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e1533135fee0b67f925e9baabdb846b5bf66855e3f8b751ca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da88c1c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf900"}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x8400ae8e, &(0x7f0000000140)=@arm64={0x5, 0xae, 0x0, '\x00', 0x7fffffff}) 16.768623734s ago: executing program 2 (id=940): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000002c00ef5f"], 0x14}, 0x1, 0x0, 0x0, 0x20008081}, 0x800) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b0001006d61637365630000100002800c0004000200000100c2800008000500", @ANYRES32=r3], 0x48}, 0x1, 0x0, 0x0, 0x8090}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) 16.681592278s ago: executing program 2 (id=941): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x24008090}, 0x40000) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f0000000180)={0x0, 0xffffffffffffffbb, &(0x7f00000000c0)={&(0x7f0000001a00)={0x1c, 0x0, 0x100, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xee69d72ab46ee1fc}, 0x20000080) recvmmsg(r1, &(0x7f000000a140)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000001980)=""/109, 0x6d}], 0x1}, 0x8}], 0x1, 0x40010061, 0x0) 16.681412622s ago: executing program 2 (id=942): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x2108, r0}, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) 16.609422426s ago: executing program 2 (id=943): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000340)='./file0/../file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0xb101e, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125499, 0x0) mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3047c4a, 0x0) 16.603765145s ago: executing program 2 (id=944): r0 = socket$inet(0x2, 0x1, 0x100) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) bind$inet(r0, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10) listen(r1, 0x7) 16.31831291s ago: executing program 2 (id=949): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000001, 0xc3072, 0xffffffffffffffff, 0x3000000) write$UHID_INPUT(r0, &(0x7f0000000240)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x11, r0, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) 16.178188023s ago: executing program 33 (id=949): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000001, 0xc3072, 0xffffffffffffffff, 0x3000000) write$UHID_INPUT(r0, &(0x7f0000000240)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x11, r0, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) 1.19734982s ago: executing program 4 (id=1161): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_io_uring_setup(0x507d, &(0x7f0000000480)={0x0, 0x0, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='net_prio.prioidx\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='6'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.183604553s ago: executing program 0 (id=1162): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x2c25, 0x7, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc) 1.110499166s ago: executing program 4 (id=1163): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) readv(r0, &(0x7f0000000600)=[{&(0x7f0000000140)=""/169, 0xa9}], 0x1) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 1.002593273s ago: executing program 5 (id=1164): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmsg$unix(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/28, 0x1c}], 0x1}, 0x3) sendmmsg$alg(r1, &(0x7f0000001100)=[{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)="fa2b7adf90d8fc637536b3a9d31f56371d", 0x11}], 0x1}], 0x1, 0x40044) sendmsg$NFT_MSG_GETSET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, 0xa, 0xa, 0x3, 0x0, 0x0, {0x0, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40080) 1.002288077s ago: executing program 0 (id=1165): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be1712bf8b4dc", 0x20) r1 = accept4$alg(r0, 0x0, 0x0, 0x800) sendmsg$alg(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)="f06b513852db5e2932f57d866ee44f1a1accda95ac7eda3f431dcc9d7a410195f8", 0x21}], 0x1, 0x0, 0x0, 0x40000}, 0x40900) io_setup(0xff, &(0x7f0000000380)=0x0) io_submit(r2, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f00000002c0)="cf82f1bf8afe49c28704cbc0163a65ac7e1ad81e53e9528ff749fddedb81d27bf2", 0x21}]) 910.273391ms ago: executing program 5 (id=1167): unshare(0x6a040000) r0 = socket(0x10, 0x80002, 0x0) sendmsg(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="24000000180003041dfffd946f610500020100000005fe060c10880008000f00fff3c00e", 0x24}], 0x1}, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'lo\x00', @broadcast}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x70bd29, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a}}, 0x1c}}, 0x0) 894.137629ms ago: executing program 3 (id=1168): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) symlinkat(&(0x7f0000000040)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0/file0\x00', 0x1000) chdir(&(0x7f00000003c0)='./bus\x00') creat(&(0x7f0000000040)='./file0\x00', 0x51) 786.906983ms ago: executing program 0 (id=1169): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe4000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000000c0)="3b76210fb6150f209e440f20c0663503000000440f22c00fa2660fc7b2d42af30fa7d0440f20c066350d000000440f22c06767f2caab12bad004ec", 0x3b}], 0x1, 0xd, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x10583a, 0x5, 0xa, 0x4000000000, 0x6, 0x2, 0x1041, 0x4, 0x7, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x9, 0x800005, 0x6a], 0xeeee8000, 0x1000d6}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 786.64784ms ago: executing program 3 (id=1170): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f00000003c0)=0x1, 0x4) sendmsg$can_raw(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "0000000000000003"}, 0x10}, 0x1, 0x0, 0x0, 0x8001}, 0x20000000) mprotect(&(0x7f0000000000/0x1000)=nil, 0x20000000, 0x0) recvfrom(r0, &(0x7f00000024c0)=""/73, 0x49, 0x140, 0x0, 0x0) 771.304775ms ago: executing program 5 (id=1171): unshare(0x6a040000) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r1, 0x40047457, &(0x7f00000000c0)=0x56e02eb) 671.274747ms ago: executing program 3 (id=1172): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000010000e1850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 656.991352ms ago: executing program 4 (id=1173): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0xc0049364, &(0x7f0000000180)) 611.219231ms ago: executing program 3 (id=1174): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000002000095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x94) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r2, r3, 0x25, 0x2, @val=@netfilter={0x7}}, 0x20) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0xffffffff, 0x0, {0x0, 0x0, 0x74, r3, {0x0, 0x7}, {0x0, 0x4}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000500)={r4, r0, 0x4, r2}, 0x10) 550.608056ms ago: executing program 4 (id=1175): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r0, 0x0, 0x0) capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f0000000080)=""/159) socket$nl_route(0x10, 0x3, 0x0) mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, 0x0) 505.696097ms ago: executing program 5 (id=1176): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r0 = epoll_create1(0x80000) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0xa0000001}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 502.174159ms ago: executing program 0 (id=1177): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket$packet(0x11, 0x3, 0x300) bind$packet(r2, &(0x7f0000000240)={0x11, 0xf6, 0x0, 0x1, 0xa, 0x6, @local}, 0x14) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[], 0xfdef) 499.028235ms ago: executing program 4 (id=1178): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x101402, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x8000) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001a40)=@newtfilter={0x38, 0x2c, 0xd2b, 0x800, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x10, 0xfff1}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xb, 0xfff2}}]}}]}, 0x38}}, 0x24044094) 388.491495ms ago: executing program 5 (id=1179): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'bond0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="400d0000000000003000128008000100687372002400028008000200", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r2], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) 316.910339ms ago: executing program 0 (id=1180): listen(0xffffffffffffffff, 0x10040) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a80000000060a010400000000000000000a0000010900010073797a310000000054000480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000000000000000000008000100544545000900020073797a320000000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x3, 0x3}}]}}}]}, 0x40}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8923, &(0x7f00000000c0)={'veth0_vlan\x00', @random="01350700"}) 289.807543ms ago: executing program 3 (id=1181): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000001000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688f54c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 86.089569ms ago: executing program 0 (id=1182): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) readv(r0, &(0x7f0000000600)=[{&(0x7f0000000140)=""/169, 0xa9}], 0x1) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 85.955497ms ago: executing program 4 (id=1183): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000080), 0xffffffffffffffd) 48.861676ms ago: executing program 3 (id=1184): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="b80000001900010029bd7000fedbdf25fe800000000000000000000000000017ff01000000000000000000000000000100000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000030000000000000000000000000000000200000000000000fdffffffffffffff000000000000000000000000000000000008000000000000060000000000000000000000000000d47e0ac40000000000010002"], 0xb8}, 0x1, 0x0, 0x0, 0x24008040}, 0x8000) syz_emit_ethernet(0x46, &(0x7f0000000400)={@local, @random="df00004000", @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@ssrr={0x89, 0x7, 0xa2, [@broadcast]}, @cipso={0x86, 0x6, 0x1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) sendmsg$nl_route(r1, 0x0, 0x0) 0s ago: executing program 5 (id=1185): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x10) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x1, 0x2ff}, &(0x7f0000000140), &(0x7f0000000280)) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:46642' (ED25519) to the list of known hosts. [ 49.025019][ T5924] cgroup: Unknown subsys name 'net' [ 49.209100][ T5924] cgroup: Unknown subsys name 'cpuset' [ 49.213097][ T5924] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 50.325791][ T5924] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.546730][ T5944] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.549585][ T5944] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 54.552453][ T5944] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.563174][ T5954] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 54.567590][ T5954] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 54.573173][ T5952] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.577604][ T5952] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.580459][ T5952] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.583176][ T5952] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.585760][ T5952] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.586900][ T5954] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 54.590641][ T5956] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.594433][ T5956] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 54.597120][ T5304] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.597383][ T5956] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.602997][ T5952] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.603181][ T5956] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.608203][ T5956] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.611080][ T5956] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.613625][ T5956] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 54.903712][ T5941] chnl_net:caif_netlink_parms(): no params data found [ 54.945340][ T5953] chnl_net:caif_netlink_parms(): no params data found [ 54.964226][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 54.991028][ T5945] chnl_net:caif_netlink_parms(): no params data found [ 55.096325][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.106608][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.110126][ T5941] bridge_slave_0: entered allmulticast mode [ 55.114341][ T5941] bridge_slave_0: entered promiscuous mode [ 55.153176][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.156623][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.159854][ T5941] bridge_slave_1: entered allmulticast mode [ 55.166243][ T5941] bridge_slave_1: entered promiscuous mode [ 55.170190][ T5953] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.173386][ T5953] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.176964][ T5953] bridge_slave_0: entered allmulticast mode [ 55.181024][ T5953] bridge_slave_0: entered promiscuous mode [ 55.212397][ T5953] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.215523][ T5953] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.218558][ T5953] bridge_slave_1: entered allmulticast mode [ 55.222137][ T5953] bridge_slave_1: entered promiscuous mode [ 55.243668][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.246036][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.249059][ T5949] bridge_slave_0: entered allmulticast mode [ 55.254226][ T5949] bridge_slave_0: entered promiscuous mode [ 55.292445][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.295294][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.297899][ T5949] bridge_slave_1: entered allmulticast mode [ 55.300714][ T5949] bridge_slave_1: entered promiscuous mode [ 55.304769][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.312071][ T5953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.329081][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.344584][ T5953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.354333][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.357354][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.360629][ T5945] bridge_slave_0: entered allmulticast mode [ 55.364613][ T5945] bridge_slave_0: entered promiscuous mode [ 55.395708][ T5953] team0: Port device team_slave_0 added [ 55.398088][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.400563][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.402910][ T5945] bridge_slave_1: entered allmulticast mode [ 55.406004][ T5945] bridge_slave_1: entered promiscuous mode [ 55.411138][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.415584][ T5941] team0: Port device team_slave_0 added [ 55.419102][ T5953] team0: Port device team_slave_1 added [ 55.427898][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.432549][ T5941] team0: Port device team_slave_1 added [ 55.490643][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.494589][ T5949] team0: Port device team_slave_0 added [ 55.497283][ T5953] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.499747][ T5953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.508657][ T5953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.513638][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.515970][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.524973][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.530529][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.534503][ T5949] team0: Port device team_slave_1 added [ 55.537843][ T5953] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.540984][ T5953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.552688][ T5953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.565186][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.568513][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.577961][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.614697][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.617871][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.627885][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.637286][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.640369][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.651501][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.694323][ T5945] team0: Port device team_slave_0 added [ 55.703336][ T5953] hsr_slave_0: entered promiscuous mode [ 55.707380][ T5953] hsr_slave_1: entered promiscuous mode [ 55.722827][ T5945] team0: Port device team_slave_1 added [ 55.765620][ T5941] hsr_slave_0: entered promiscuous mode [ 55.769265][ T5941] hsr_slave_1: entered promiscuous mode [ 55.772427][ T5941] debugfs: 'hsr0' already exists in 'hsr' [ 55.775047][ T5941] Cannot create hsr debugfs directory [ 55.809511][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.811883][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.820405][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.833980][ T5949] hsr_slave_0: entered promiscuous mode [ 55.836827][ T5949] hsr_slave_1: entered promiscuous mode [ 55.839252][ T5949] debugfs: 'hsr0' already exists in 'hsr' [ 55.841153][ T5949] Cannot create hsr debugfs directory [ 55.850642][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.852897][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.861504][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.017671][ T5945] hsr_slave_0: entered promiscuous mode [ 56.021092][ T5945] hsr_slave_1: entered promiscuous mode [ 56.024156][ T5945] debugfs: 'hsr0' already exists in 'hsr' [ 56.027035][ T5945] Cannot create hsr debugfs directory [ 56.229377][ T5953] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 56.241252][ T5953] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 56.248009][ T5953] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 56.262901][ T5953] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 56.331732][ T5941] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.337270][ T5941] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.342723][ T5941] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.347676][ T5941] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.413425][ T5945] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 56.420477][ T5945] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 56.432666][ T5945] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 56.439824][ T5945] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 56.513891][ T5949] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 56.521940][ T5949] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 56.531038][ T5949] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 56.537783][ T5949] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 56.568834][ T5953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.616313][ T5953] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.628711][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.647685][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.651042][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.667667][ T5956] Bluetooth: hci1: command tx timeout [ 56.667704][ T5944] Bluetooth: hci3: command tx timeout [ 56.668046][ T64] Bluetooth: hci2: command tx timeout [ 56.668202][ T5952] Bluetooth: hci0: command tx timeout [ 56.678322][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.681571][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.690369][ T5941] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.714428][ T3148] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.717525][ T3148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.733934][ T90] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.736548][ T90] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.749971][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.796134][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.801062][ T5945] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.822333][ T3148] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.825527][ T3148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.840344][ T3148] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.843518][ T3148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.860817][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.885834][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.889378][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.895074][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.898419][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.983188][ T5953] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.020526][ T5953] veth0_vlan: entered promiscuous mode [ 57.030305][ T5953] veth1_vlan: entered promiscuous mode [ 57.052082][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.077744][ T5953] veth0_macvtap: entered promiscuous mode [ 57.082593][ T5953] veth1_macvtap: entered promiscuous mode [ 57.110944][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.127852][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.170903][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.182378][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.192343][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.197721][ T5941] veth0_vlan: entered promiscuous mode [ 57.204517][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.224565][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.228871][ T5941] veth1_vlan: entered promiscuous mode [ 57.249086][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.287614][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.291508][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.305407][ T5941] veth0_macvtap: entered promiscuous mode [ 57.315089][ T5941] veth1_macvtap: entered promiscuous mode [ 57.338525][ T95] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.347208][ T95] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.377752][ T5949] veth0_vlan: entered promiscuous mode [ 57.390119][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.402082][ T5953] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 57.405293][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.420388][ T5949] veth1_vlan: entered promiscuous mode [ 57.431897][ T95] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.435713][ T95] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.449314][ T95] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.453901][ T95] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.468505][ T5945] veth0_vlan: entered promiscuous mode [ 57.477312][ T5945] veth1_vlan: entered promiscuous mode [ 57.514815][ T5949] veth0_macvtap: entered promiscuous mode [ 57.526221][ T5945] veth0_macvtap: entered promiscuous mode [ 57.533505][ T5949] veth1_macvtap: entered promiscuous mode [ 57.537939][ T5015] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.538325][ T5945] veth1_macvtap: entered promiscuous mode [ 57.541503][ T5015] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.593266][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.599665][ T95] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.602440][ T95] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.611426][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.620610][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.633354][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.636912][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.649747][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.658903][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.662758][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.681114][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.685064][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.692163][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.696209][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.777276][ T95] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.780721][ T95] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.895946][ T90] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.905021][ T90] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.945257][ T90] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.963017][ T90] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.971424][ T6041] ======================================================= [ 57.971424][ T6041] WARNING: The mand mount option has been deprecated and [ 57.971424][ T6041] and is ignored by this kernel. Remove the mand [ 57.971424][ T6041] option from the mount to silence this warning. [ 57.971424][ T6041] ======================================================= [ 58.005820][ T90] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.026977][ T90] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.172994][ T6048] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.623375][ T6070] random: crng reseeded on system resumption [ 58.647707][ T6070] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 58.746863][ T5944] Bluetooth: hci1: command tx timeout [ 58.749867][ T5944] Bluetooth: hci3: command tx timeout [ 58.757492][ T5944] Bluetooth: hci0: command tx timeout [ 58.757660][ T5956] Bluetooth: hci2: command tx timeout [ 58.892269][ T6081] netlink: 300 bytes leftover after parsing attributes in process `syz.3.21'. [ 58.896629][ T6081] netlink: 152 bytes leftover after parsing attributes in process `syz.3.21'. [ 58.908300][ T6048] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.979202][ T6085] netlink: 'syz.3.23': attribute type 10 has an invalid length. [ 58.982565][ T6085] netlink: 40 bytes leftover after parsing attributes in process `syz.3.23'. [ 58.985723][ T6085] dummy0: entered promiscuous mode [ 58.990000][ T6085] bridge0: port 3(dummy0) entered blocking state [ 58.992757][ T6085] bridge0: port 3(dummy0) entered disabled state [ 58.995243][ T6085] dummy0: entered allmulticast mode [ 59.000037][ T6085] bridge0: port 3(dummy0) entered blocking state [ 59.003167][ T6085] bridge0: port 3(dummy0) entered forwarding state [ 59.777567][ T6115] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 59.835478][ T6117] capability: warning: `syz.3.36' uses deprecated v2 capabilities in a way that may be insecure [ 59.858172][ T6048] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.951140][ T40] audit: type=1326 audit(1764680240.830:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.3.38" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf707d579 code=0x0 [ 60.183556][ T6126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.40'. [ 60.255128][ T6128] Zero length message leads to an empty skb [ 60.325054][ T6132] netlink: 4 bytes leftover after parsing attributes in process `syz.0.42'. [ 60.403068][ T6133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 60.490201][ T6048] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.582937][ T90] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.600363][ T90] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.613747][ T5015] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.626062][ T5015] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.826792][ T5956] Bluetooth: hci2: command tx timeout [ 60.828062][ T5944] Bluetooth: hci0: command tx timeout [ 60.828096][ T64] Bluetooth: hci3: command tx timeout [ 60.828146][ T5952] Bluetooth: hci1: command tx timeout [ 60.916280][ T6160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.51'. [ 60.926531][ T6160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.51'. [ 61.146516][ T6037] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 61.240334][ T6180] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 61.316671][ T6037] usb 8-1: Using ep0 maxpacket: 8 [ 61.320536][ T6037] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 61.323702][ T6037] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 61.328103][ T6037] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 61.331873][ T6037] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 61.335190][ T6037] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 61.340449][ T6037] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 61.343564][ T6037] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.557026][ T6037] usb 8-1: GET_CAPABILITIES returned 0 [ 61.559059][ T6037] usbtmc 8-1:16.0: can't read capabilities [ 61.872678][ T6157] usbtmc 8-1:16.0: usb_control_msg returned -71 [ 61.874681][ T6028] usb 8-1: USB disconnect, device number 2 [ 61.882360][ T6209] usb 8-1: usbtmc_ioctl_clear_out_halt returned -19 [ 62.676385][ T6261] input: syz0 as /devices/virtual/input/input5 [ 62.907425][ T5944] Bluetooth: hci1: command tx timeout [ 62.907482][ T5952] Bluetooth: hci0: command tx timeout [ 62.911566][ T5956] Bluetooth: hci3: command tx timeout [ 62.917338][ T5956] Bluetooth: hci2: command tx timeout [ 63.066663][ T6277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 63.487456][ T6315] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.560750][ T6315] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.633615][ T6315] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.703961][ T6315] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.759433][ T6327] IPv4: Oversized IP packet from 127.202.26.0 [ 63.808762][ T3148] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.822000][ T90] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.835518][ T3148] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.851499][ T4925] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.962694][ T6335] netlink: 40 bytes leftover after parsing attributes in process `syz.2.102'. [ 63.969283][ T6335] netlink: 40 bytes leftover after parsing attributes in process `syz.2.102'. [ 64.011562][ T6337] input: syz0 as /devices/virtual/input/input6 [ 64.195798][ T6347] input: syz0 as /devices/virtual/input/input7 [ 64.686518][ T6028] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 64.846481][ T6028] usb 8-1: Using ep0 maxpacket: 16 [ 64.851695][ T6028] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.861033][ T6028] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 64.864913][ T6028] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 64.871793][ T6028] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 64.875728][ T6028] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.888252][ T6028] usb 8-1: config 0 descriptor?? [ 65.309484][ T6028] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 65.312269][ T6028] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 65.315061][ T6028] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 65.318652][ T6028] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 65.321804][ T6028] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 65.333960][ T6028] input: HID 0955:7214 Haptics as /devices/virtual/input/input8 [ 65.373261][ T6028] shield 0003:0955:7214.0002: Registered Thunderstrike controller [ 65.378818][ T6028] shield 0003:0955:7214.0002: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.3-1/input0 [ 65.466574][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 65.466583][ T5952] Bluetooth: hci4: command 0x1003 tx timeout [ 65.506489][ T6358] netlink: 504 bytes leftover after parsing attributes in process `syz.3.113'. [ 65.519810][ T6007] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 65.524810][ T1459] usb 8-1: USB disconnect, device number 3 [ 65.532356][ T6007] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 65.534961][ T6392] Bluetooth: MGMT ver 1.23 [ 65.536051][ T6007] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 65.542314][ T6007] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 65.561397][ T6395] netlink: 12 bytes leftover after parsing attributes in process `syz.0.126'. [ 65.565358][ T6395] bridge_slave_0: default FDB implementation only supports local addresses [ 65.570254][ T6395] netlink: 12 bytes leftover after parsing attributes in process `syz.0.126'. [ 65.573221][ T6395] bridge_slave_0: default FDB implementation only supports local addresses [ 66.124505][ T6432] Illegal XDP return value 4294967274 on prog (id 20) dev syz_tun, expect packet loss! [ 67.243451][ T6470] netlink: 'syz.1.159': attribute type 4 has an invalid length. [ 67.264745][ T6470] netlink: 'syz.1.159': attribute type 4 has an invalid length. [ 67.486624][ T52] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 67.636726][ T52] usb 8-1: Using ep0 maxpacket: 32 [ 67.640430][ T52] usb 8-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 67.644231][ T52] usb 8-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 67.648860][ T52] usb 8-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 8448, setting to 1024 [ 67.652513][ T52] usb 8-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 67.663047][ T52] usb 8-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 67.667436][ T52] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.670521][ T52] usb 8-1: Product: syz [ 67.672181][ T52] usb 8-1: Manufacturer: syz [ 67.674134][ T52] usb 8-1: SerialNumber: syz [ 67.677557][ T6491] netlink: 'syz.1.167': attribute type 1 has an invalid length. [ 67.682872][ C2] imon 8-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 67.688078][ T52] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:155.0/input/input9 [ 67.730910][ T6491] bond1: (slave xfrm1): The slave device specified does not support setting the MAC address [ 67.735097][ T6491] bond1: (slave xfrm1): Setting fail_over_mac to active for active-backup mode [ 67.740967][ T6491] bond1: (slave xfrm1): making interface the new active one [ 67.745951][ T6491] bond1: (slave xfrm1): Enslaving as an active interface with an up link [ 67.880387][ T6498] process 'syz.1.170' launched './file0' with NULL argv: empty string added [ 67.897835][ T52] imon 8-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 67.901337][ T52] (id 0x00) [ 67.966712][ T52] rc_core: IR keymap rc-imon-pad not found [ 67.969575][ T52] Registered IR keymap rc-empty [ 67.971765][ T52] imon 8-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 67.976331][ T52] imon 8-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 68.115712][ T6509] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.175'. [ 68.118308][ T52] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:155.0/rc/rc0 [ 68.123571][ T52] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:155.0/rc/rc0/input10 [ 68.144671][ T52] imon 8-1:155.0: iMON device (15c2:ffdc, intf0) on usb<8:4> initialized [ 68.294611][ T6037] usb 8-1: USB disconnect, device number 4 [ 68.586659][ T5952] Bluetooth: hci4: command 0x1003 tx timeout [ 68.589896][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 68.678709][ T6525] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 68.833342][ T6535] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 68.843209][ T6535] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 69.056374][ T6548] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 69.074835][ T6548] bond1 (unregistering): Released all slaves [ 69.095100][ T6553] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 69.237779][ T6562] netlink: 8 bytes leftover after parsing attributes in process `syz.0.199'. [ 69.566632][ T6588] netlink: 20 bytes leftover after parsing attributes in process `syz.3.210'. [ 69.698447][ T40] audit: type=1326 audit(1764680250.580:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6598 comm="syz.1.216" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x0 [ 69.923495][ T6614] binder: 6613:6614 ioctl c0306201 800001c0 returned -14 [ 70.809385][ T6646] netlink: 'syz.3.233': attribute type 3 has an invalid length. [ 70.812294][ T6645] syz.1.232 uses obsolete (PF_INET,SOCK_PACKET) [ 70.812849][ T6646] netlink: 'syz.3.233': attribute type 3 has an invalid length. [ 70.819433][ T40] audit: type=1326 audit(1764680251.700:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6628 comm="syz.2.226" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7fc00000 [ 71.314213][ T6689] netlink: 96 bytes leftover after parsing attributes in process `syz.3.254'. [ 71.495053][ T40] audit: type=1326 audit(1764680252.370:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6628 comm="syz.2.226" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7fc00000 [ 71.584291][ T6707] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 71.634764][ T40] audit: type=1326 audit(1764680252.510:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.0.262" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70fd579 code=0x0 [ 72.472632][ T6037] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 72.478203][ T6037] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [syz1] on syz0 [ 73.016534][ T1459] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 73.166781][ T1459] usb 8-1: Using ep0 maxpacket: 32 [ 73.177914][ T1459] usb 8-1: config 0 has an invalid interface number: 67 but max is 0 [ 73.182866][ T1459] usb 8-1: config 0 has no interface number 0 [ 73.189543][ T1459] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 73.193617][ T1459] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.197673][ T1459] usb 8-1: Product: syz [ 73.199789][ T1459] usb 8-1: Manufacturer: syz [ 73.201941][ T1459] usb 8-1: SerialNumber: syz [ 73.208960][ T1459] usb 8-1: config 0 descriptor?? [ 73.214791][ T1459] smsc95xx v2.0.0 [ 73.216664][ T1459] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 73.221584][ T1459] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22 [ 73.423056][ T6757] netlink: 8 bytes leftover after parsing attributes in process `syz.3.282'. [ 73.429213][ T34] usb 8-1: USB disconnect, device number 5 [ 73.449090][ T6777] hsr0: entered allmulticast mode [ 73.451294][ T6777] hsr_slave_0: entered allmulticast mode [ 73.453567][ T6777] hsr_slave_1: entered allmulticast mode [ 73.461351][ T6777] hsr_slave_0: left promiscuous mode [ 73.465487][ T6777] hsr_slave_1: left promiscuous mode [ 73.488413][ T6777] hsr0 (unregistering): left allmulticast mode [ 73.615732][ T6785] loop6: detected capacity change from 0 to 2640 [ 73.619351][ T6785] Buffer I/O error on dev loop6, logical block 0, async page read [ 73.622257][ T6785] Buffer I/O error on dev loop6, logical block 0, async page read [ 73.625418][ T6785] Buffer I/O error on dev loop6, logical block 0, async page read [ 73.628968][ T6785] Buffer I/O error on dev loop6, logical block 0, async page read [ 73.631647][ T6785] Buffer I/O error on dev loop6, logical block 0, async page read [ 73.634294][ T6785] Buffer I/O error on dev loop6, logical block 0, async page read [ 73.638668][ T6785] Buffer I/O error on dev loop6, logical block 0, async page read [ 73.641439][ T6785] Buffer I/O error on dev loop6, logical block 0, async page read [ 73.644047][ T6785] ldm_validate_partition_table(): Disk read failed. [ 73.646277][ T6785] Buffer I/O error on dev loop6, logical block 0, async page read [ 73.649652][ T6785] Buffer I/O error on dev loop6, logical block 0, async page read [ 73.652385][ T6785] Dev loop6: unable to read RDB block 0 [ 73.654463][ T6785] loop6: unable to read partition table [ 73.656714][ T6785] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 73.690143][ T6794] syz_tun: entered allmulticast mode [ 73.692807][ T6792] syz_tun: left allmulticast mode [ 74.168076][ T6831] loop4: detected capacity change from 0 to 7 [ 74.172162][ T6374] ldm_validate_partition_table(): Disk read failed. [ 74.174816][ T6374] Dev loop4: unable to read RDB block 0 [ 74.177534][ T6374] loop4: unable to read partition table [ 74.179719][ T6374] loop4: partition table beyond EOD, truncated [ 74.183630][ T6831] ldm_validate_partition_table(): Disk read failed. [ 74.186328][ T6831] Dev loop4: unable to read RDB block 0 [ 74.189444][ T6831] loop4: unable to read partition table [ 74.191589][ T6831] loop4: partition table beyond EOD, truncated [ 74.193800][ T6831] loop_reread_partitions: partition scan of loop4 (úùƒå¡™‰ü¾SêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5) [ 74.360488][ T6839] netlink: 4 bytes leftover after parsing attributes in process `syz.2.319'. [ 74.375909][ T6839] vxlan0: entered promiscuous mode [ 74.379946][ T95] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.384224][ T95] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.387750][ T95] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.391164][ T95] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 74.836987][ T6037] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 74.986517][ T6037] usb 6-1: Using ep0 maxpacket: 8 [ 74.990605][ T6037] usb 6-1: config 0 interface 0 has no altsetting 0 [ 74.993543][ T6037] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 74.997917][ T6037] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.004407][ T6037] usb 6-1: config 0 descriptor?? [ 75.433273][ T6037] mcp2221 0003:04D8:00DD.0004: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 75.506559][ T899] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 75.632497][ T6848] i2c i2c-2: unsupported multi-msg i2c transaction [ 75.637782][ T6037] usb 6-1: USB disconnect, device number 2 [ 75.668233][ T899] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 75.672589][ T899] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 75.678148][ T899] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 75.681149][ T899] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.891284][ T899] usb 7-1: usb_control_msg returned -32 [ 75.894066][ T899] usbtmc 7-1:16.0: can't read capabilities [ 76.032394][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.034709][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.451507][ T52] usb 7-1: USB disconnect, device number 2 [ 76.525370][ T6884] netlink: 'syz.1.338': attribute type 1 has an invalid length. [ 76.557142][ T6884] 8021q: adding VLAN 0 to HW filter on device bond2 [ 76.587511][ T6884] bond2: (slave geneve2): making interface the new active one [ 76.591863][ T6884] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 76.830975][ T6892] netlink: 'syz.1.340': attribute type 2 has an invalid length. [ 76.835253][ T6892] netlink: 532 bytes leftover after parsing attributes in process `syz.1.340'. [ 77.205776][ T6906] netlink: 20 bytes leftover after parsing attributes in process `syz.3.348'. [ 77.211780][ T6906] netlink: 20 bytes leftover after parsing attributes in process `syz.3.348'. [ 78.626782][ T7007] mmap: syz.2.389 (7007) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 78.633320][ T40] audit: type=1326 audit(1764680259.510:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.388" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70fd579 code=0x0 [ 79.015386][ T7025] bpf: Bad value for 'gid' [ 79.130602][ T7037] netlink: 8 bytes leftover after parsing attributes in process `syz.3.400'. [ 79.231726][ T7041] CIFS: VFS: Malformed UNC in devname [ 79.438257][ T7052] netlink: 'syz.3.408': attribute type 2 has an invalid length. [ 79.442751][ T7052] netlink: 532 bytes leftover after parsing attributes in process `syz.3.408'. [ 79.452143][ T7052] bridge0: port 3(dummy0) entered disabled state [ 79.485550][ T7052] dummy0 (unregistering): left allmulticast mode [ 79.489968][ T7052] bridge0: port 3(dummy0) entered disabled state [ 79.743126][ T7070] netlink: 'syz.1.417': attribute type 1 has an invalid length. [ 79.764538][ T7070] 8021q: adding VLAN 0 to HW filter on device bond3 [ 80.506368][ T7108] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.510377][ T7108] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.195770][ T7156] netlink: 4 bytes leftover after parsing attributes in process `syz.0.452'. [ 81.777257][ T6026] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 81.928143][ T6026] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 81.931325][ T6026] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 81.935485][ T6026] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 81.938885][ T6026] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 81.941731][ T6026] usb 7-1: Manufacturer: syz [ 81.944973][ T6026] usb 7-1: config 0 descriptor?? [ 82.006480][ T6026] rc_core: IR keymap rc-hauppauge not found [ 82.008616][ T6026] Registered IR keymap rc-empty [ 82.013046][ T6026] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 82.018392][ T6026] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input11 [ 82.159101][ T6007] usb 7-1: USB disconnect, device number 3 [ 82.958105][ T7223] 9pnet_fd: p9_fd_create_tcp (7223): problem connecting socket to 127.0.0.1 [ 83.626132][ T7271] netlink: 'syz.3.503': attribute type 1 has an invalid length. [ 83.657949][ T7271] 8021q: adding VLAN 0 to HW filter on device bond1 [ 83.689615][ T7271] bond1: (slave geneve2): making interface the new active one [ 83.697204][ T7271] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 83.780670][ T6026] Process accounting resumed [ 84.191169][ T7298] netlink: 'syz.2.515': attribute type 1 has an invalid length. [ 84.213429][ T7298] 8021q: adding VLAN 0 to HW filter on device bond1 [ 84.217823][ T52] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 84.253303][ T7298] bond1: (slave geneve2): making interface the new active one [ 84.257718][ T7298] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 84.368330][ T52] usb 6-1: config index 0 descriptor too short (expected 39, got 27) [ 84.380445][ T52] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 84.384823][ T52] usb 6-1: config 0 interface 0 has no altsetting 0 [ 84.399171][ T52] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 84.403206][ T52] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 84.408262][ T52] usb 6-1: Product: syz [ 84.410462][ T52] usb 6-1: Manufacturer: syz [ 84.412558][ T52] usb 6-1: SerialNumber: syz [ 84.417733][ T52] usb 6-1: config 0 descriptor?? [ 84.429609][ T52] hub 6-1:0.0: bad descriptor, ignoring hub [ 84.432330][ T52] hub 6-1:0.0: probe with driver hub failed with error -5 [ 84.440195][ T52] usb 6-1: selecting invalid altsetting 0 [ 85.327212][ T7287] usb 6-1: reset high-speed USB device number 3 using dummy_hcd [ 85.548887][ T7353] netlink: 'syz.3.536': attribute type 12 has an invalid length. [ 85.552284][ T7353] netlink: 'syz.3.536': attribute type 29 has an invalid length. [ 85.556007][ T7353] netlink: 148 bytes leftover after parsing attributes in process `syz.3.536'. [ 85.562541][ T7353] netlink: 'syz.3.536': attribute type 2 has an invalid length. [ 85.725327][ T7287] usb 6-1: failed to restore interface 0 altsetting 251 (error=-71) [ 85.730014][ T6026] usb 6-1: USB disconnect, device number 3 [ 86.276639][ T6007] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 86.277511][ T142] cfg80211: failed to load regulatory.db [ 86.426603][ T6007] usb 7-1: Using ep0 maxpacket: 32 [ 86.433700][ T6007] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 86.440616][ T7359] ceph: No mds server is up or the cluster is laggy [ 86.440617][ T7365] ceph: No mds server is up or the cluster is laggy [ 86.440686][ T6007] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 86.440713][ T6007] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 86.442748][ T6007] usb 7-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 86.463312][ T6007] usb 7-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 86.467829][ T6007] usb 7-1: Product: syz [ 86.470224][ T6007] usb 7-1: Manufacturer: syz [ 86.472529][ T6007] usb 7-1: SerialNumber: syz [ 86.497288][ T6007] input: appletouch as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/input/input12 [ 86.568525][ T7407] overlayfs: statfs failed on './file0' [ 86.616890][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.703005][ T6007] usb 7-1: USB disconnect, device number 4 [ 86.760175][ T6007] appletouch 7-1:1.0: input: appletouch disconnected [ 87.432148][ T40] audit: type=1326 audit(1764680275.313:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7437 comm="syz.0.571" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7fc00000 [ 88.049805][ T40] audit: type=1326 audit(1764680275.933:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7437 comm="syz.0.571" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70fd579 code=0x7fc00000 [ 88.127823][ T7469] input: syz0 as /devices/virtual/input/input13 [ 88.968021][ T7533] netlink: 12 bytes leftover after parsing attributes in process `syz.2.608'. [ 88.971875][ T7533] netlink: 'syz.2.608': attribute type 15 has an invalid length. [ 88.982634][ T7533] vxlan1: entered promiscuous mode [ 88.990326][ T1182] netdevsim netdevsim2 netdevsim0: set [0, 1] type 1 family 0 port 256 - 0 [ 89.022256][ T7536] 8021q: adding VLAN 0 to HW filter on device bond1 [ 89.026054][ T7536] bridge0: port 3(bond1) entered blocking state [ 89.029514][ T7536] bridge0: port 3(bond1) entered disabled state [ 89.032549][ T7536] bond1: entered allmulticast mode [ 89.038345][ T7536] bond1: entered promiscuous mode [ 89.041237][ T7536] bridge0: port 3(bond1) entered blocking state [ 89.044081][ T7536] bridge0: port 3(bond1) entered forwarding state [ 89.047327][ T1182] netdevsim netdevsim2 netdevsim1: set [0, 1] type 1 family 0 port 256 - 0 [ 89.050669][ T1182] netdevsim netdevsim2 netdevsim2: set [0, 1] type 1 family 0 port 256 - 0 [ 89.054195][ T1182] netdevsim netdevsim2 netdevsim3: set [0, 1] type 1 family 0 port 256 - 0 [ 89.736518][ T6026] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 89.897680][ T6026] usb 5-1: Using ep0 maxpacket: 8 [ 89.906269][ T6026] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 89.910809][ T6026] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 89.914557][ T6026] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 89.918599][ T6026] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 89.923043][ T6026] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 89.926810][ T6026] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.950081][ T95] bridge0: port 3(bond1) entered disabled state [ 90.013980][ T7576] 8021q: adding VLAN 0 to HW filter on device bond2 [ 90.016993][ T7576] bridge0: port 3(bond2) entered blocking state [ 90.019980][ T7576] bridge0: port 3(bond2) entered disabled state [ 90.022918][ T7576] bond2: entered allmulticast mode [ 90.027987][ T7576] bond2: entered promiscuous mode [ 90.140075][ T6026] usb 5-1: usb_control_msg returned -32 [ 90.142245][ T6026] usbtmc 5-1:16.0: can't read capabilities [ 90.498872][ T7598] netlink: 28 bytes leftover after parsing attributes in process `syz.3.634'. [ 90.503727][ T7598] netlink: 28 bytes leftover after parsing attributes in process `syz.3.634'. [ 91.035192][ T7624] binder: 7623:7624 ioctl c0306201 800003c0 returned -14 [ 91.497666][ T7644] netlink: 8 bytes leftover after parsing attributes in process `syz.1.653'. [ 92.521252][ T52] usb 5-1: USB disconnect, device number 2 [ 92.889629][ T1027] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 92.906990][ T1182] Bluetooth: hci4: Frame reassembly failed (-84) [ 93.048786][ T1027] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 93.054288][ T1027] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 93.059646][ T1027] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 93.063922][ T1027] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 93.069687][ T1027] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 93.073621][ T1027] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.079087][ T1027] usb 6-1: config 0 descriptor?? [ 93.509391][ T1027] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 93.587684][ T7712] netlink: 'syz.3.682': attribute type 9 has an invalid length. [ 93.591211][ T7712] netlink: 'syz.3.682': attribute type 11 has an invalid length. [ 93.594577][ T7712] netlink: 'syz.3.682': attribute type 12 has an invalid length. [ 93.598244][ T7712] netlink: 210060 bytes leftover after parsing attributes in process `syz.3.682'. [ 93.606597][ T7712] openvswitch: netlink: Message has 4 unknown bytes. [ 94.006149][ T7727] netlink: 'syz.3.688': attribute type 1 has an invalid length. [ 94.025443][ T7727] 8021q: adding VLAN 0 to HW filter on device bond3 [ 94.054699][ T7727] bond3: (slave geneve3): making interface the new active one [ 94.059658][ T7727] bond3: (slave geneve3): Enslaving as an active interface with an up link [ 94.170498][ T7730] syzkaller1: entered promiscuous mode [ 94.173194][ T7730] syzkaller1: entered allmulticast mode [ 94.527288][ T40] audit: type=1326 audit(1764680282.413:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.3.692" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf707d579 code=0x0 [ 94.916791][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 95.269676][ T7769] Invalid ELF header magic: != ELF [ 95.368438][ T7777] trusted_key: syz.2.701 sent an empty control message without MSG_MORE. [ 95.481301][ T40] audit: type=1326 audit(1764680283.363:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7788 comm="syz.0.709" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 95.506770][ T40] audit: type=1326 audit(1764680283.373:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7788 comm="syz.0.709" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 95.511713][ T6028] usb 6-1: USB disconnect, device number 4 [ 95.523524][ T40] audit: type=1326 audit(1764680283.373:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7788 comm="syz.0.709" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 95.531177][ T40] audit: type=1326 audit(1764680283.373:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7788 comm="syz.0.709" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 95.540134][ T40] audit: type=1326 audit(1764680283.373:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7788 comm="syz.0.709" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 95.549418][ T40] audit: type=1326 audit(1764680283.373:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7788 comm="syz.0.709" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 95.558299][ T40] audit: type=1326 audit(1764680283.373:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7788 comm="syz.0.709" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 95.565246][ T40] audit: type=1326 audit(1764680283.373:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7788 comm="syz.0.709" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 95.572374][ T40] audit: type=1326 audit(1764680283.373:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7788 comm="syz.0.709" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 95.587951][ T7799] netlink: 52 bytes leftover after parsing attributes in process `syz.2.714'. [ 95.607378][ T7799] netlink: 4 bytes leftover after parsing attributes in process `syz.2.714'. [ 95.787956][ T7808] netlink: 25 bytes leftover after parsing attributes in process `syz.1.718'. [ 95.981134][ T7828] input: syz0 as /devices/virtual/input/input15 [ 96.426037][ T7860] input: syz0 as /devices/virtual/input/input16 [ 96.448855][ T6370] udevd[6370]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 96.894893][ T7883] overlayfs: overlapping lowerdir path [ 96.903654][ T7883] overlayfs: failed to verify upper (209/file0, ino=1101, err=-116) [ 96.908177][ T7883] overlayfs: failed to verify index dir 'upper' xattr [ 96.911130][ T7883] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.023943][ T7890] netlink: 'syz.3.751': attribute type 4 has an invalid length. [ 97.052554][ T7890] netlink: 'syz.3.751': attribute type 4 has an invalid length. [ 97.302952][ T6026] libceph: connect (1)[c::]:6789 error -101 [ 97.307346][ T6026] libceph: mon0 (1)[c::]:6789 connect error [ 97.328587][ T1027] libceph: connect (1)[c::]:6789 error -101 [ 97.331331][ T1027] libceph: mon0 (1)[c::]:6789 connect error [ 97.569119][ T142] libceph: connect (1)[c::]:6789 error -101 [ 97.571990][ T142] libceph: mon0 (1)[c::]:6789 connect error [ 97.596836][ T1027] libceph: connect (1)[c::]:6789 error -101 [ 97.599424][ T1027] libceph: mon0 (1)[c::]:6789 connect error [ 97.766599][ T7933] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 97.768873][ T7933] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 97.785114][ T7935] "syz.0.769" (7935) uses obsolete ecb(arc4) skcipher [ 97.787762][ T7933] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 97.790363][ T7933] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 97.802872][ T7933] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 97.805859][ T7933] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 97.818799][ T7933] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 97.820820][ T7933] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 98.081445][ T142] libceph: connect (1)[c::]:6789 error -101 [ 98.088339][ T142] libceph: mon0 (1)[c::]:6789 connect error [ 98.107925][ T1027] libceph: connect (1)[c::]:6789 error -101 [ 98.108692][ T7907] ceph: No mds server is up or the cluster is laggy [ 98.114753][ T1027] libceph: mon0 (1)[c::]:6789 connect error [ 98.118374][ T7912] ceph: No mds server is up or the cluster is laggy [ 98.208020][ T7965] netlink: 508 bytes leftover after parsing attributes in process `syz.1.775'. [ 98.220877][ T7966] netlink: 'syz.3.774': attribute type 13 has an invalid length. [ 98.223794][ T7966] netlink: 'syz.3.774': attribute type 17 has an invalid length. [ 98.316799][ T7966] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.320147][ T7966] bridge0: port 2(bridge_slave_1) entered listening state [ 98.323475][ T7966] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.326808][ T7966] bridge0: port 1(bridge_slave_0) entered listening state [ 98.331001][ T34] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 98.343964][ T7966] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 98.357694][ T7971] netlink: 'syz.1.776': attribute type 12 has an invalid length. [ 98.361274][ T7971] netlink: 'syz.1.776': attribute type 29 has an invalid length. [ 98.369122][ T7971] netlink: 148 bytes leftover after parsing attributes in process `syz.1.776'. [ 98.373030][ T7971] netlink: 'syz.1.776': attribute type 2 has an invalid length. [ 98.376579][ T7971] netlink: 'syz.1.776': attribute type 3 has an invalid length. [ 98.379990][ T7971] netlink: 15 bytes leftover after parsing attributes in process `syz.1.776'. [ 98.487757][ T34] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 98.491229][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.495313][ T34] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 98.499603][ T34] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 98.502339][ T34] usb 7-1: Manufacturer: syz [ 98.505148][ T34] usb 7-1: config 0 descriptor?? [ 98.556683][ T34] rc_core: IR keymap rc-hauppauge not found [ 98.558925][ T34] Registered IR keymap rc-empty [ 98.561093][ T34] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 98.565608][ T34] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input17 [ 98.686692][ T1027] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 98.721017][ T34] usb 7-1: USB disconnect, device number 5 [ 98.867736][ T1027] usb 6-1: config 0 has no interfaces? [ 98.869655][ T1027] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 98.872713][ T1027] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.877571][ T1027] usb 6-1: config 0 descriptor?? [ 98.976681][ T6007] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 99.118461][ T1027] usb 6-1: USB disconnect, device number 5 [ 99.156951][ T6007] usb 5-1: Using ep0 maxpacket: 8 [ 99.175027][ T6007] usb 5-1: config 0 interface 0 has no altsetting 0 [ 99.178267][ T6007] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 99.182593][ T6007] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.194737][ T6007] usb 5-1: config 0 descriptor?? [ 99.568577][ T8016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.789'. [ 99.577413][ T8016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.789'. [ 99.624596][ T6007] mcp2221 0003:04D8:00DD.0006: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 99.826036][ T142] usb 5-1: USB disconnect, device number 3 [ 99.955248][ T8043] netlink: 'syz.1.800': attribute type 4 has an invalid length. [ 100.512722][ T8083] netlink: 'syz.1.818': attribute type 1 has an invalid length. [ 100.547334][ T8083] 8021q: adding VLAN 0 to HW filter on device bond4 [ 100.575347][ T8083] bond4: (slave geneve3): making interface the new active one [ 100.579038][ T8083] bond4: (slave geneve3): Enslaving as an active interface with an up link [ 100.634836][ T8090] netlink: 'syz.1.820': attribute type 8 has an invalid length. [ 100.709287][ T8094] netlink: 4 bytes leftover after parsing attributes in process `syz.1.822'. [ 100.787610][ T8100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.825'. [ 100.793658][ T8100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.825'. [ 101.256697][ T6185] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 101.386651][ T6007] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 101.407927][ T6185] usb 6-1: config 0 has no interfaces? [ 101.409778][ T6185] usb 6-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 101.412704][ T6185] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.416388][ T6185] usb 6-1: config 0 descriptor?? [ 101.536870][ T6007] usb 5-1: Using ep0 maxpacket: 16 [ 101.548211][ T6007] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.552067][ T6007] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 101.556553][ T6007] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 101.560161][ T6007] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.564917][ T6007] usb 5-1: config 0 descriptor?? [ 101.597103][ T142] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 101.625262][ T8109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.630267][ T8109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.636057][ T6026] usb 6-1: USB disconnect, device number 6 [ 101.767891][ T142] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 101.774094][ T142] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 101.778516][ T142] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 101.781858][ T142] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.980359][ T6007] HID 045e:07da: Invalid code 65791 type 1 [ 101.987658][ T6007] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:045E:07DA.0007/input/input18 [ 102.002793][ T142] usb 7-1: usb_control_msg returned -32 [ 102.004196][ T6007] microsoft 0003:045E:07DA.0007: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 102.010812][ T142] usbtmc 7-1:16.0: can't read capabilities [ 102.565402][ T142] usb 7-1: USB disconnect, device number 6 [ 102.778850][ T142] usb 5-1: USB disconnect, device number 4 [ 102.909795][ T1145] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.973271][ T1145] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.045271][ T1145] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.130098][ T1145] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.170246][ T5952] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.174128][ T5952] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.176714][ T8149] netlink: 24 bytes leftover after parsing attributes in process `syz.2.849'. [ 103.181043][ T5952] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.185717][ T5952] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.190107][ T5952] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.197968][ T5956] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.202605][ T5956] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.205865][ T5956] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.210510][ T5956] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.214262][ T5956] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.360991][ T1145] bridge_slave_1: left allmulticast mode [ 103.363045][ T1145] bridge_slave_1: left promiscuous mode [ 103.366178][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.372918][ T1145] bridge_slave_0: left allmulticast mode [ 103.375837][ T1145] bridge_slave_0: left promiscuous mode [ 103.378115][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.514983][ T1145] bond1 (unregistering): (slave xfrm1): Releasing backup interface [ 103.623013][ T1145] bond4 (unregistering): (slave geneve3): Releasing active interface [ 103.638338][ T1145] bond2 (unregistering): (slave geneve2): Releasing active interface [ 103.738065][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.743799][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.749552][ T1145] bond0 (unregistering): Released all slaves [ 103.754544][ T1145] bond1 (unregistering): Released all slaves [ 103.812795][ T1145] bond2 (unregistering): Released all slaves [ 103.904862][ T1145] bond3 (unregistering): Released all slaves [ 103.962699][ T1145] bond4 (unregistering): Released all slaves [ 103.991288][ T8173] syzkaller1: entered promiscuous mode [ 103.993704][ T8173] syzkaller1: entered allmulticast mode [ 104.014795][ T8190] syzkaller0: entered promiscuous mode [ 104.019564][ T8190] syzkaller0: entered allmulticast mode [ 104.079062][ T8199] ref_ctr_offset mismatch. inode: 0x51a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x300000018 [ 104.139773][ T8146] chnl_net:caif_netlink_parms(): no params data found [ 104.306633][ T8146] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.309212][ T8146] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.311884][ T8146] bridge_slave_0: entered allmulticast mode [ 104.314669][ T8146] bridge_slave_0: entered promiscuous mode [ 104.320715][ T8146] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.324023][ T8146] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.327005][ T8146] bridge_slave_1: entered allmulticast mode [ 104.329772][ T8146] bridge_slave_1: entered promiscuous mode [ 104.347620][ T8146] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.352656][ T8146] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.373663][ T8146] team0: Port device team_slave_0 added [ 104.388875][ T8146] team0: Port device team_slave_1 added [ 104.413505][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.416379][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 104.420277][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.422788][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 104.430987][ T1145] veth1_macvtap: left promiscuous mode [ 104.433072][ T1145] veth0_macvtap: left promiscuous mode [ 104.436029][ T1145] veth1_vlan: left promiscuous mode [ 104.438476][ T1145] veth0_vlan: left promiscuous mode [ 104.627152][ T8227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.867'. [ 104.791312][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 104.822692][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 105.118300][ T8146] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.126247][ T8146] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.138319][ T8146] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.148488][ T8146] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.151790][ T8146] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.163560][ T8146] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.220541][ T8146] hsr_slave_0: entered promiscuous mode [ 105.223939][ T8146] hsr_slave_1: entered promiscuous mode [ 105.317205][ T5956] Bluetooth: hci3: command tx timeout [ 105.429883][ T8146] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 105.438693][ T8146] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 105.445685][ T8146] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 105.455092][ T8146] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 105.539484][ T8146] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.606570][ T899] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 105.608821][ T8146] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.616938][ T90] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.620049][ T90] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.629589][ T3148] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.632770][ T3148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.771514][ T899] usb 7-1: config 0 has no interfaces? [ 105.773974][ T899] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 105.778325][ T899] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.783664][ T899] usb 7-1: config 0 descriptor?? [ 105.821908][ T8146] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.035179][ T8146] veth0_vlan: entered promiscuous mode [ 106.036743][ T899] usb 7-1: USB disconnect, device number 7 [ 106.046663][ T8146] veth1_vlan: entered promiscuous mode [ 106.075404][ T8146] veth0_macvtap: entered promiscuous mode [ 106.082335][ T8146] veth1_macvtap: entered promiscuous mode [ 106.093674][ T8146] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.109235][ T8146] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.121738][ T3148] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.124658][ T3148] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.128766][ T3148] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.131681][ T3148] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.198695][ T90] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.201436][ T90] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.215952][ T3148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.220562][ T3148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.804308][ T8311] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 106.940606][ T8316] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 107.111099][ T8322] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.114348][ T8322] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.121890][ T8332] netlink: 'syz.0.889': attribute type 1 has an invalid length. [ 107.223045][ T8322] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 107.239419][ T8322] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 107.357947][ T8332] bond2: entered promiscuous mode [ 107.359622][ T8332] bond2: entered allmulticast mode [ 107.361567][ T8332] 8021q: adding VLAN 0 to HW filter on device bond2 [ 107.369892][ T8334] erspan1: entered allmulticast mode [ 107.374336][ T8334] bond2: (slave erspan1): making interface the new active one [ 107.376979][ T8334] erspan1: entered promiscuous mode [ 107.379798][ T8334] bond2: (slave erspan1): Enslaving as an active interface with an up link [ 107.383098][ T90] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.389574][ T90] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.392525][ T90] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.396855][ T5956] Bluetooth: hci3: command tx timeout [ 107.406849][ T90] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.327071][ T8396] evm: overlay not supported [ 108.591265][ T8416] "syz.0.925" (8416) uses obsolete ecb(arc4) skcipher [ 108.686392][ T8422] netlink: 24 bytes leftover after parsing attributes in process `syz.4.926'. [ 108.747795][ T8427] overlayfs: statfs failed on './file0' [ 109.349011][ T8460] wg1 speed is unknown, defaulting to 1000 [ 109.351858][ T8460] wg1 speed is unknown, defaulting to 1000 [ 109.359725][ T8460] wg1 speed is unknown, defaulting to 1000 [ 109.368784][ T8460] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 109.387908][ T8460] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 109.418648][ T8460] wg1 speed is unknown, defaulting to 1000 [ 109.423615][ T8460] wg1 speed is unknown, defaulting to 1000 [ 109.428738][ T8460] wg1 speed is unknown, defaulting to 1000 [ 109.432887][ T8460] wg1 speed is unknown, defaulting to 1000 [ 109.467039][ T5956] Bluetooth: hci3: command tx timeout [ 109.593725][ T8467] netlink: 4 bytes leftover after parsing attributes in process `syz.3.947'. [ 109.600542][ T46] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 109.605758][ T46] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 109.606727][ T8467] netlink: 'syz.3.947': attribute type 15 has an invalid length. [ 109.613199][ T8467] netlink: 'syz.3.947': attribute type 18 has an invalid length. [ 109.616986][ T46] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.633765][ T8467] vxlan0: entered promiscuous mode [ 109.640220][ T1145] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 109.646522][ T1145] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 109.649360][ T1145] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 109.652257][ T1145] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 109.724778][ T46] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 109.730983][ T46] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 109.735262][ T46] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.807879][ T46] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 109.812295][ T46] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 109.817032][ T46] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.901408][ T46] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 109.904824][ T46] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 109.909219][ T46] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.938452][ T5952] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 109.942684][ T5952] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 109.945504][ T5952] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 109.949099][ T5952] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 109.951856][ T5952] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 109.973497][ T8474] wg1 speed is unknown, defaulting to 1000 [ 110.054441][ T46] bridge_slave_1: left allmulticast mode [ 110.056769][ T46] bridge_slave_1: left promiscuous mode [ 110.058923][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.065075][ T46] bridge_slave_0: left allmulticast mode [ 110.072115][ T46] bridge_slave_0: left promiscuous mode [ 110.074719][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.298535][ T46] bond1 (unregistering): (slave geneve2): Releasing active interface [ 110.452317][ T8480] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 110.529199][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 110.534984][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 110.549418][ T46] bond0 (unregistering): Released all slaves [ 110.639293][ T46] bond1 (unregistering): Released all slaves [ 110.725814][ T8474] chnl_net:caif_netlink_parms(): no params data found [ 110.855482][ T8474] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.858641][ T8474] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.861717][ T8474] bridge_slave_0: entered allmulticast mode [ 110.865728][ T8474] bridge_slave_0: entered promiscuous mode [ 110.870777][ T8474] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.873385][ T8474] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.875914][ T8474] bridge_slave_1: entered allmulticast mode [ 110.880213][ T8474] bridge_slave_1: entered promiscuous mode [ 110.911303][ T8474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.920125][ T8474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.950541][ T8474] team0: Port device team_slave_0 added [ 110.955084][ T46] hsr_slave_0: left promiscuous mode [ 110.958874][ T46] hsr_slave_1: left promiscuous mode [ 110.960996][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.963425][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.966192][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.968918][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.980088][ T46] veth1_vlan: left promiscuous mode [ 110.981926][ T46] veth0_vlan: left promiscuous mode [ 111.220922][ T46] team0 (unregistering): Port device team_slave_1 removed [ 111.242731][ T46] team0 (unregistering): Port device team_slave_0 removed [ 111.428674][ T8512] netlink: 8 bytes leftover after parsing attributes in process `syz.0.963'. [ 111.482408][ T8513] netlink: 16 bytes leftover after parsing attributes in process `syz.0.963'. [ 111.507328][ T8474] team0: Port device team_slave_1 added [ 111.531918][ T8474] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.534239][ T8474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 111.543087][ T8474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.547413][ T5952] Bluetooth: hci3: command tx timeout [ 111.554999][ T8474] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.558235][ T8474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 111.576990][ T8474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.629569][ T8519] netlink: 'syz.4.964': attribute type 1 has an invalid length. [ 111.640138][ T8474] hsr_slave_0: entered promiscuous mode [ 111.643365][ T8474] hsr_slave_1: entered promiscuous mode [ 111.646198][ T8474] debugfs: 'hsr0' already exists in 'hsr' [ 111.648247][ T8474] Cannot create hsr debugfs directory [ 111.790295][ T8474] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 111.801333][ T8474] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 111.805766][ T8474] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 111.810568][ T8474] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 111.895340][ T8474] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.907327][ T8474] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.913042][ T3148] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.915970][ T3148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.931023][ T90] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.933703][ T90] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.943181][ T8551] pimreg: entered allmulticast mode [ 111.957844][ T8551] pimreg: left allmulticast mode [ 112.029589][ T5952] Bluetooth: hci1: command tx timeout [ 112.140033][ T8474] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.379291][ T8474] veth0_vlan: entered promiscuous mode [ 112.384786][ T8474] veth1_vlan: entered promiscuous mode [ 112.401625][ T8595] netlink: 240 bytes leftover after parsing attributes in process `syz.4.976'. [ 112.439226][ T8474] veth0_macvtap: entered promiscuous mode [ 112.443940][ T8474] veth1_macvtap: entered promiscuous mode [ 112.455601][ T8474] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.463939][ T8474] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.474071][ T3148] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.478894][ T3148] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.482766][ T3148] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.495281][ T3148] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.578178][ T90] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.580864][ T90] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.615682][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.619520][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.690101][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 112.690116][ T40] audit: type=1326 audit(1764680300.573:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.980" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7fc00000 [ 112.714496][ T8619] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 112.936509][ T6026] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 113.098107][ T6026] usb 9-1: Using ep0 maxpacket: 16 [ 113.123784][ T6026] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.127438][ T6026] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.130959][ T6026] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 113.135238][ T6026] usb 9-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 113.163417][ T6026] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.185344][ T6026] usb 9-1: config 0 descriptor?? [ 113.353762][ T40] audit: type=1326 audit(1764680301.233:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.980" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70fd579 code=0x7fc00000 [ 113.414603][ T8629] input: syz1 as /devices/virtual/input/input19 [ 113.612865][ T6026] input: HID 05ac:8241 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:05AC:8241.0008/input/input20 [ 113.694681][ T6026] appleir 0003:05AC:8241.0008: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.4-1/input0 [ 113.755547][ T8644] Bluetooth: Invalid byte 0b after esc byte [ 113.815289][ T52] usb 9-1: USB disconnect, device number 2 [ 114.057539][ T8661] netlink: 'syz.0.1004': attribute type 1 has an invalid length. [ 114.100177][ T8661] gretap1: entered allmulticast mode [ 114.105339][ T8661] bond3: (slave gretap1): making interface the new active one [ 114.109737][ T8661] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 114.113945][ T8664] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 114.115961][ T8664] syzkaller1: Linktype set failed because interface is up [ 114.116686][ T6026] syzkaller1: tun_net_xmit 76 [ 114.118538][ T5956] Bluetooth: hci1: command tx timeout [ 114.420103][ T40] audit: type=1326 audit(1764680302.303:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.0.1013" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x0 [ 114.886571][ T6026] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 115.048626][ T6026] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 115.053516][ T6026] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 115.058165][ T6026] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 115.062108][ T6026] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.068792][ T8695] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 115.075342][ T6026] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 115.283740][ T40] audit: type=1326 audit(1764680303.163:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8687 comm="syz.3.1015" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7fc00000 [ 115.339850][ T6026] usb 9-1: USB disconnect, device number 3 [ 115.786648][ T5952] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 116.196581][ T5956] Bluetooth: hci1: command tx timeout [ 116.248434][ T8731] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1031'. [ 116.300976][ T8735] netlink: 'syz.5.1032': attribute type 1 has an invalid length. [ 116.307233][ T8735] gretap1: entered allmulticast mode [ 116.412637][ T8747] netlink: 'syz.3.1035': attribute type 27 has an invalid length. [ 116.424281][ T8747] vxlan0: left promiscuous mode [ 116.430302][ T90] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.452312][ T8747] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.455335][ T8747] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.459648][ T8747] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 116.473987][ T61] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.486859][ T61] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.490063][ T61] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.631409][ T8763] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1042'. [ 116.682150][ T8763] hsr_slave_1 (unregistering): left promiscuous mode [ 116.787207][ T8776] all: renamed from bridge_slave_0 [ 117.057684][ T8801] netlink: 27 bytes leftover after parsing attributes in process `syz.5.1055'. [ 117.084961][ T8798] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.193027][ T8798] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.265492][ T8798] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.359442][ T8798] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.462507][ T46] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.471939][ T46] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.481096][ T46] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.490555][ T46] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.536583][ T29] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 117.688023][ T29] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.691541][ T29] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.694735][ T29] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 117.701897][ T29] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 117.705758][ T29] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.710841][ T29] usb 9-1: config 0 descriptor?? [ 117.869638][ T8832] netlink: 'syz.0.1066': attribute type 27 has an invalid length. [ 117.938628][ T8832] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.941769][ T8832] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.046682][ T8832] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.052672][ T8832] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.125148][ T29] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 118.129011][ T29] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 118.132612][ T29] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 118.136079][ T29] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 118.140200][ T29] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 118.144423][ T29] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 118.148119][ T29] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 118.152641][ T29] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 118.155881][ T29] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 118.166840][ T29] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 118.199700][ T8832] bond2: left promiscuous mode [ 118.201946][ T8832] erspan1: left promiscuous mode [ 118.204057][ T8832] bond2: left allmulticast mode [ 118.215506][ T8832] erspan1: left allmulticast mode [ 118.225707][ T8832] gretap1: left allmulticast mode [ 118.243202][ T8834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.247543][ T8834] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.257772][ T8834] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 118.265755][ T90] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.267277][ T5956] Bluetooth: hci1: command tx timeout [ 118.281778][ T90] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.285505][ T90] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.293117][ T90] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.380564][ T8328] usb 9-1: USB disconnect, device number 4 [ 119.159337][ T8872] loop2: detected capacity change from 0 to 7 [ 119.168337][ T8872] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 119.172206][ T8872] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 119.174618][ T8872] Dev loop2: unable to read RDB block 7 [ 119.177970][ T8872] loop2: unable to read partition table [ 119.180089][ T8872] loop2: partition table beyond EOD, truncated [ 119.186539][ T8872] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 119.208525][ T8602] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 119.368996][ T8602] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.373983][ T8602] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.379885][ T8602] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 119.382893][ T8602] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.396527][ T8602] usb 10-1: Product: syz [ 119.398215][ T8602] usb 10-1: Manufacturer: syz [ 119.399864][ T8602] usb 10-1: SerialNumber: syz [ 119.448270][ T8886] netlink: 'syz.0.1086': attribute type 1 has an invalid length. [ 119.620502][ T8602] cdc_ncm 10-1:1.0: bind() failure [ 119.624272][ T8602] cdc_ncm 10-1:1.1: CDC Union missing and no IAD found [ 119.630096][ T8602] cdc_ncm 10-1:1.1: bind() failure [ 119.635132][ T8602] usb 10-1: USB disconnect, device number 2 [ 120.149547][ T8906] input: syz1 as /devices/virtual/input/input21 [ 120.921386][ T8947] Bluetooth: (null): Too short H5 packet [ 121.201607][ T6028] kernel read not supported for file bpf-prog (pid: 6028 comm: kworker/0:4) [ 121.246572][ T6037] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 121.270887][ T8969] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 121.398030][ T6037] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.401728][ T6037] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.404957][ T6037] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 121.409332][ T6037] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 121.412469][ T6037] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.417878][ T6037] usb 8-1: config 0 descriptor?? [ 121.626707][ T29] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 121.778727][ T29] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 121.782581][ T29] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 121.785900][ T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 121.790415][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.796159][ T8974] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 121.801045][ T29] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 121.840929][ T6037] plantronics 0003:047F:FFFF.000A: reserved main item tag 0xd [ 121.853438][ T6037] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 121.939738][ T8999] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1129'. [ 122.110831][ T6037] usb 8-1: USB disconnect, device number 6 [ 122.168384][ T8328] usb 5-1: USB disconnect, device number 5 [ 122.326038][ T9011] netfs: Couldn't get user pages (rc=-14) [ 122.671704][ T9031] netlink: 'syz.4.1144': attribute type 1 has an invalid length. [ 122.677105][ T9031] netlink: 'syz.4.1144': attribute type 4 has an invalid length. [ 122.696548][ T9031] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1144'. [ 122.751082][ T9030] kvm: MWAIT instruction emulated as NOP! [ 123.065435][ T9043] wg1 speed is unknown, defaulting to 1000 [ 124.377096][ T9064] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1151'. [ 124.496639][ T9073] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1154'. [ 125.003361][ T9110] wg1 speed is unknown, defaulting to 1000 [ 125.045216][ T9113] lo: entered promiscuous mode [ 125.047155][ T9113] lo: entered allmulticast mode [ 125.055776][ T9112] overlayfs: failed to get inode (-116) [ 125.063337][ T9112] overlayfs: failed to get inode (-116) [ 125.204316][ T9119] wg1 speed is unknown, defaulting to 1000 [ 125.342280][ T9126] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1174'. [ 125.462446][ T9126] hsr_slave_1 (unregistering): left promiscuous mode [ 125.549801][ T9140] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1179'. [ 125.557905][ T9140] bond0: entered promiscuous mode [ 125.559817][ T9140] bond_slave_0: entered promiscuous mode [ 125.561927][ T9140] bond_slave_1: entered promiscuous mode [ 125.565193][ T9140] bond0: left promiscuous mode [ 125.567576][ T9140] bond_slave_0: left promiscuous mode [ 125.570089][ T9140] bond_slave_1: left promiscuous mode [ 125.608057][ T9141] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1179'. [ 125.617324][ T9141] bond0: entered promiscuous mode [ 125.619172][ T9141] bond_slave_0: entered promiscuous mode [ 125.621218][ T9141] bond_slave_1: entered promiscuous mode [ 125.624741][ T9141] bond0: left promiscuous mode [ 125.628691][ T9141] bond_slave_0: left promiscuous mode [ 125.631831][ T9141] bond_slave_1: left promiscuous mode [ 125.788904][ T9144] : renamed from veth0_vlan [ 125.903863][ T9152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1184'. [ 125.914785][ T9152] ------------[ cut here ]------------ [ 125.917547][ T9152] WARNING: net/ipv4/route.c:1275 at ip_rt_bug+0x2b/0x120, CPU#0: syz.3.1184/9152 [ 125.921152][ T9152] Modules linked in: [ 125.923504][ T9152] CPU: 0 UID: 0 PID: 9152 Comm: syz.3.1184 Not tainted syzkaller #0 PREEMPT(full) [ 125.927546][ T9152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 125.932082][ T9152] RIP: 0010:ip_rt_bug+0x2b/0x120 [ 125.934358][ T9152] Code: 0f 1e fa 41 54 55 53 48 89 d3 48 83 ec 08 e8 dc a4 03 f8 66 90 e8 d5 a4 03 f8 ba 02 00 00 00 48 89 de 31 ff e8 f6 d0 6e ff 90 <0f> 0b 90 48 83 c4 08 31 c0 5b 5d 41 5c c3 cc cc cc cc e8 ae a4 03 [ 125.943006][ T9152] RSP: 0018:ffffc9000446f3a8 EFLAGS: 00010287 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 125.945603][ T9152] RAX: 0000000000000f2b RBX: ffff888024d5edc0 RCX: ffffc9000c001000 [ 125.949437][ T9152] RDX: 0000000000080000 RSI: ffffffff89b97c6a RDI: ffffffff8bd1bd00 [ 125.953272][ T9152] RBP: ffff888024d5edc0 R08: 0000000000000001 R09: 0000000000000001 [ 125.957062][ T9152] R10: ffffc9000446f358 R11: 00000000290790a2 R12: ffff88804f688000 [ 125.960869][ T9152] R13: ffff8880207f7800 R14: ffff88806d16ba00 R15: ffff888024d5ee18 [ 125.964550][ T9152] FS: 0000000000000000(0000) GS:ffff8880979a8000(0063) knlGS:00000000f546db40 [ 125.968743][ T9152] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 125.971756][ T9152] CR2: 000000003061fffc CR3: 000000005c258000 CR4: 0000000000352ef0 [ 125.975823][ T9152] DR0: 0000000000000001 DR1: 0000000000000005 DR2: 8000000000000001 [ 125.979821][ T9152] DR3: 0000000000000007 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 125.983412][ T9152] Call Trace: [ 125.985012][ T9152] [ 125.986490][ T9152] ip_push_pending_frames+0x419/0x5d0 [ 125.988956][ T9152] icmp_push_reply+0x308/0x440 [ 125.991098][ T9152] __icmp_send+0xce3/0x1990 [ 125.993217][ T9152] ? __pfx___icmp_send+0x10/0x10 [ 125.995553][ T9152] ? fib_multipath_hash+0x1661/0x1700 [ 125.998257][ T9152] ? __ip_options_compile+0x873/0x1670 [ 126.000793][ T9152] ? ip_route_input_noref+0x15d/0x2e0 [ 126.003307][ T9152] ip_options_compile+0xb6/0x100 [ 126.005643][ T9152] ? __pfx_ip_options_compile+0x10/0x10 [ 126.008311][ T9152] ? tcp_v4_early_demux+0xca/0xbf0 [ 126.010720][ T9152] ip_rcv_finish_core+0x6de/0x2290 [ 126.013091][ T9152] ip_rcv+0x1c0/0x600 [ 126.014974][ T9152] ? __pfx_ip_rcv+0x10/0x10 [ 126.017158][ T9152] __netif_receive_skb_one_core+0x197/0x1e0 [ 126.019952][ T9152] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 126.022876][ T9152] ? lock_acquire+0x179/0x330 [ 126.024966][ T9152] ? __phys_addr+0xe8/0x180 [ 126.027436][ T9152] __netif_receive_skb+0x1d/0x160 [ 126.029643][ T9152] netif_receive_skb+0x137/0x760 [ 126.031664][ T9152] ? __pfx_netif_receive_skb+0x10/0x10 [ 126.033891][ T9152] tun_rx_batched.isra.0+0x3ee/0x740 [ 126.035747][ T9152] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 126.037833][ T9152] tun_get_user+0x28b2/0x3cc0 [ 126.039457][ T9152] ? __pfx_tun_get_user+0x10/0x10 [ 126.041146][ T9152] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 126.043000][ T9152] ? find_held_lock+0x2b/0x80 [ 126.044626][ T9152] ? tun_get+0x191/0x370 [ 126.046087][ T9152] tun_chr_write_iter+0xdc/0x210 [ 126.047880][ T9152] vfs_write+0x7d3/0x11d0 [ 126.049561][ T9152] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 126.051906][ T9152] ? __pfx_vfs_write+0x10/0x10 [ 126.053922][ T9152] ? find_held_lock+0x2b/0x80 [ 126.055919][ T9152] ksys_write+0x12a/0x250 [ 126.057875][ T9152] ? __pfx_ksys_write+0x10/0x10 [ 126.059913][ T9152] ? rcu_is_watching+0x12/0xc0 [ 126.061925][ T9152] __do_fast_syscall_32+0x7c/0x370 [ 126.063836][ T9152] do_fast_syscall_32+0x32/0x80 [ 126.065651][ T9152] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 126.067886][ T9152] RIP: 0023:0xf707d579 [ 126.069273][ T9152] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 126.075607][ T9152] RSP: 002b:00000000f546d520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 126.078683][ T9152] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000400 [ 126.081451][ T9152] RDX: 0000000000000046 RSI: 00000000f7416ff4 RDI: 0000000000000000 [ 126.084006][ T9152] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 126.086622][ T9152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.089324][ T9152] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 126.092522][ T9152] [ 126.093540][ T9152] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 126.096542][ T9152] CPU: 0 UID: 0 PID: 9152 Comm: syz.3.1184 Not tainted syzkaller #0 PREEMPT(full) [ 126.100487][ T9152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 126.104471][ T9152] Call Trace: [ 126.105924][ T9152] [ 126.107227][ T9152] dump_stack_lvl+0x3d/0x1f0 [ 126.109261][ T9152] vpanic+0x640/0x6f0 [ 126.110851][ T9152] ? ip_rt_bug+0x2b/0x120 [ 126.112260][ T9152] panic+0xca/0xd0 [ 126.113908][ T9152] ? __pfx_panic+0x10/0x10 [ 126.115858][ T9152] check_panic_on_warn+0xab/0xb0 [ 126.118016][ T9152] __warn+0x108/0x3c0 [ 126.119778][ T9152] __report_bug+0x2a0/0x520 [ 126.121759][ T9152] ? ip_rt_bug+0x2b/0x120 [ 126.123653][ T9152] ? __pfx___report_bug+0x10/0x10 [ 126.125807][ T9152] ? ip_rt_bug+0x2b/0x120 [ 126.127361][ T9152] report_bug+0xb2/0x220 [ 126.129240][ T9152] ? ip_rt_bug+0x2b/0x120 [ 126.131132][ T9152] handle_bug+0x127/0x260 [ 126.133027][ T9152] exc_invalid_op+0x17/0x50 [ 126.134952][ T9152] asm_exc_invalid_op+0x1a/0x20 [ 126.136906][ T9152] RIP: 0010:ip_rt_bug+0x2b/0x120 [ 126.138802][ T9152] Code: 0f 1e fa 41 54 55 53 48 89 d3 48 83 ec 08 e8 dc a4 03 f8 66 90 e8 d5 a4 03 f8 ba 02 00 00 00 48 89 de 31 ff e8 f6 d0 6e ff 90 <0f> 0b 90 48 83 c4 08 31 c0 5b 5d 41 5c c3 cc cc cc cc e8 ae a4 03 [ 126.147012][ T9152] RSP: 0018:ffffc9000446f3a8 EFLAGS: 00010287 [ 126.149629][ T9152] RAX: 0000000000000f2b RBX: ffff888024d5edc0 RCX: ffffc9000c001000 [ 126.152565][ T9152] RDX: 0000000000080000 RSI: ffffffff89b97c6a RDI: ffffffff8bd1bd00 [ 126.155745][ T9152] RBP: ffff888024d5edc0 R08: 0000000000000001 R09: 0000000000000001 [ 126.158722][ T9152] R10: ffffc9000446f358 R11: 00000000290790a2 R12: ffff88804f688000 [ 126.162070][ T9152] R13: ffff8880207f7800 R14: ffff88806d16ba00 R15: ffff888024d5ee18 [ 126.165420][ T9152] ? ip_rt_bug+0x2a/0x120 [ 126.166929][ T9152] ? ip_rt_bug+0x2a/0x120 [ 126.168561][ T9152] ip_push_pending_frames+0x419/0x5d0 [ 126.170973][ T9152] icmp_push_reply+0x308/0x440 [ 126.172826][ T9152] __icmp_send+0xce3/0x1990 [ 126.174644][ T9152] ? __pfx___icmp_send+0x10/0x10 [ 126.176773][ T9152] ? fib_multipath_hash+0x1661/0x1700 [ 126.179152][ T9152] ? __ip_options_compile+0x873/0x1670 [ 126.181163][ T9152] ? ip_route_input_noref+0x15d/0x2e0 [ 126.183386][ T9152] ip_options_compile+0xb6/0x100 [ 126.185476][ T9152] ? __pfx_ip_options_compile+0x10/0x10 [ 126.187925][ T9152] ? tcp_v4_early_demux+0xca/0xbf0 [ 126.190028][ T9152] ip_rcv_finish_core+0x6de/0x2290 [ 126.191967][ T9152] ip_rcv+0x1c0/0x600 [ 126.193700][ T9152] ? __pfx_ip_rcv+0x10/0x10 [ 126.195655][ T9152] __netif_receive_skb_one_core+0x197/0x1e0 [ 126.198235][ T9152] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 126.200967][ T9152] ? lock_acquire+0x179/0x330 [ 126.203161][ T9152] ? __phys_addr+0xe8/0x180 [ 126.205173][ T9152] __netif_receive_skb+0x1d/0x160 [ 126.207356][ T9152] netif_receive_skb+0x137/0x760 [ 126.209449][ T9152] ? __pfx_netif_receive_skb+0x10/0x10 [ 126.211785][ T9152] tun_rx_batched.isra.0+0x3ee/0x740 [ 126.214058][ T9152] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 126.216245][ T9152] tun_get_user+0x28b2/0x3cc0 [ 126.218178][ T9152] ? __pfx_tun_get_user+0x10/0x10 [ 126.220492][ T9152] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 126.222583][ T9152] ? find_held_lock+0x2b/0x80 [ 126.224297][ T9152] ? tun_get+0x191/0x370 [ 126.226166][ T9152] tun_chr_write_iter+0xdc/0x210 [ 126.228343][ T9152] vfs_write+0x7d3/0x11d0 [ 126.229976][ T9152] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 126.232153][ T9152] ? __pfx_vfs_write+0x10/0x10 [ 126.234230][ T9152] ? find_held_lock+0x2b/0x80 [ 126.236228][ T9152] ksys_write+0x12a/0x250 [ 126.237816][ T9152] ? __pfx_ksys_write+0x10/0x10 [ 126.239951][ T9152] ? rcu_is_watching+0x12/0xc0 [ 126.242050][ T9152] __do_fast_syscall_32+0x7c/0x370 [ 126.244296][ T9152] do_fast_syscall_32+0x32/0x80 [ 126.246397][ T9152] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 126.249061][ T9152] RIP: 0023:0xf707d579 [ 126.250832][ T9152] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 126.259007][ T9152] RSP: 002b:00000000f546d520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 126.262544][ T9152] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000400 [ 126.265902][ T9152] RDX: 0000000000000046 RSI: 00000000f7416ff4 RDI: 0000000000000000 [ 126.269332][ T9152] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 126.272671][ T9152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.276064][ T9152] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 126.278998][ T9152] [ 126.281199][ T9152] Kernel Offset: disabled [ 126.283099][ T9152] Rebooting in 86400 seconds..