last executing test programs: 1m32.195039596s ago: executing program 4 (id=1705): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000001a40)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020702500000000002020207b1af8ff00"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001400)={r0, 0x18000000000002a0, 0x28, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0xfffffdff, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m31.988206117s ago: executing program 4 (id=1706): setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000140)={0x16f, @tick=0x2, 0x1, {0x2}, 0x1, 0x2, 0x7}) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 1m31.068048574s ago: executing program 4 (id=1712): sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) sched_setscheduler(0x0, 0x2, &(0x7f00000190c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x0) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x8, 'syz0\x00', @null, 0x1, 0x0, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default]}) syz_emit_ethernet(0x2a, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1m24.014109325s ago: executing program 4 (id=1734): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000d4, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, "ef359f413bb90900f7d6a4ae6dddfbd11000000000000000000ff8ee09e737ff0edf110ff4117639c2eb8f18d2b8f6277dd41905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61ffcf33524bbd9bffbcc2542ded71038232d71e14efbac003000000852f2036dc783800000000e9b49600", "f28359738e229a4c66810000000000f300e6d902000000000000000000000001"}) openat(0xffffffffffffff9c, 0x0, 0x83, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 1m20.221660853s ago: executing program 4 (id=1747): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) statx(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x800, 0x8, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl$Q_SETINFO(0xffffffff80000602, &(0x7f0000000240)=@nbd={'/dev/nbd', 0x0}, r0, &(0x7f00000002c0)={0xefd, 0x2, 0x1, 0x4}) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket(0x10, 0x2, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x4, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x48882, 0x0) write(r5, &(0x7f0000000000), 0x0) r6 = dup(r4) fallocate(r6, 0x11, 0x6040000, 0x74000) ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x40047459, 0x0) r7 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_DEL_RULE(r7, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={&(0x7f00000014c0)=ANY=[@ANYBLOB="10000000f4030000000000000000000010000000e90300"/1023], 0x420}}, 0x0) r8 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r8, &(0x7f0000000040)={0x18, 0x2, {0x0, @multicast1}}, 0x1e) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @private2, 0x8}, 0x1c) write(r2, &(0x7f0000000040)="240000001e005ff6991a2b200e0f7a000200000000000000000008", 0x1b) close_range(r2, r2, 0x2) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffff9}) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) 1m19.173167621s ago: executing program 4 (id=1751): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000100000007"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m18.825536214s ago: executing program 32 (id=1751): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000100000007"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 12.2981249s ago: executing program 5 (id=1953): r0 = memfd_secret(0x0) prctl$PR_GET_THP_DISABLE(0x2a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000139209f422ca2f1d3568c599f830b1f821bc25fa46eaf53917fbae01ac86e06a0af31a9167ac93666cbfce317f4d89438ada20492c7e787769ae367b057e255f9fc7fcd3678acf258357e1e5a90d17a85ed2bb685014e05fe9dd53656818b650ff910557ae37262d1202049fd3e46740a84e730119514262213e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x45, 0x2, 0x2}, {0x60}, {}, {0x6}]}) socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r7, 0x4b72, &(0x7f0000001080)={0x1, 0x0, 0x20, 0x20, 0x0, 0x0}) fcntl$setlease(r0, 0x400, 0x0) fremovexattr(r0, 0x0) 9.108674573s ago: executing program 3 (id=1955): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x6, 0x8b}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) chdir(0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000001080)=0x3) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'syztnl0\x00', &(0x7f0000000700)={'syztnl0\x00', r0, 0x29, 0xc, 0x8, 0x940, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x8000, 0x80000001, 0x6}}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$audion(&(0x7f0000000040), 0x7, 0x200400) recvmsg$unix(r1, &(0x7f00000008c0)={&(0x7f0000000780)=@abs, 0x6e, &(0x7f0000000800)=[{&(0x7f0000000100)=""/15, 0xf}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x50}, 0x40) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$ttyS3(0xffffffffffffff9c, 0x0, 0xc2402, 0x0) connect$pptp(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x64, 0x3, 0x300, 0x6e, 0xffffffad, 0x190, 0x190, 0x190, 0x268, 0x268, 0x268, 0x268, 0x268, 0x3, 0x0, {[{{@ip={@remote, @local={0xac, 0x14, 0xd}, 0x0, 0x0, 'caif0\x00', 'ip6tnl0\x00'}, 0x0, 0x130, 0x190, 0xffffffc5, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f, 0x2}}]}, @common=@SET={0x60}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x0, 'team0\x00', 'team0\x00'}, 0x0, 0x98, 0xd8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x360) pipe2$watch_queue(0x0, 0x80) timerfd_gettime(0xffffffffffffffff, &(0x7f00000000c0)) sched_setscheduler(0x0, 0x1, 0x0) getpid() r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x34, r4, 0x1, 0x0, 0x0, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'batadv0\x00'}}}}}, 0x34}}, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x1, 0x1000000010000, 0x10000}) 9.000330234s ago: executing program 5 (id=1956): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = memfd_create(&(0x7f00000000c0)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8b\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xc1)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xadI\xafF\xf2\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x95\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYS', 0x0) write(r1, &(0x7f0000002140)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) readlinkat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000032240)=""/102400, 0x19000) 8.328741549s ago: executing program 1 (id=1958): syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000007600090700000000fcdbdf2507020000", @ANYRES32=0x0, @ANYBLOB="0c000d80"], 0x24}, 0x1, 0x5502000000000000}, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r5, 0x6, 0x5, &(0x7f0000000180)=0x1, 0x4) getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, &(0x7f0000000000), &(0x7f0000000100)=0x4) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) futex(0x0, 0x8c, 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) splice(r7, 0x0, r6, 0x0, 0x10000008ebc, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, 0x0, 0x0) 8.322411289s ago: executing program 5 (id=1959): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x40a02, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) write$snddsp(r0, 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETSHIFTSTATE(r1, 0x4b2f, 0x0) userfaultfd(0x80001) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_type(r2, 0x0, 0x2, 0x0) write$cgroup_type(r3, &(0x7f0000000280), 0x9) r4 = openat$cgroup_procs(r2, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000c40), 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000440)='./file1\x00', 0x3000046, &(0x7f00000000c0)={[{@data_writeback}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") modify_ldt$read(0x0, &(0x7f0000000100)=""/86, 0x56) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) sendfile(r5, r5, 0x0, 0x7a680000) inotify_add_watch(r5, &(0x7f0000000000)='./file0\x00', 0x25000409) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0x12) 8.321725769s ago: executing program 3 (id=1960): r0 = memfd_secret(0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_GET_THP_DISABLE(0x2a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000139209f422ca2f1d3568c599f830b1f821bc25fa46eaf53917fbae01ac86e06a0af31a9167ac93666cbfce317f4d89438ada20492c7e787769ae367b057e255f9fc7fcd3678acf258357e1e5a90d17a85ed2bb685014e05fe9dd53656818b650ff910557ae37262d1202049fd3e46740a84e730119514262213e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x45, 0x2, 0x2}, {0x60}, {}, {0x6}]}) socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f00000029c0)={0x0, 0x0, 0x0}, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r6, 0x4b72, &(0x7f0000001080)={0x1, 0x0, 0x20, 0x20, 0x0, 0x0}) fcntl$setlease(r0, 0x400, 0x0) fremovexattr(r0, 0x0) 8.038471111s ago: executing program 2 (id=1962): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_dev$video(&(0x7f0000000100), 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/packet\x00') preadv(r6, &(0x7f0000000540)=[{&(0x7f00000002c0)=""/170, 0xaa}], 0x1, 0x1, 0x1) preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000140)=""/249, 0xf9}], 0x1, 0x103, 0x3) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r7}, 0x10) r8 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev={0xfe, 0x80, '\x00', 0x1b}, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) r9 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) r10 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r10, 0xc0184800, &(0x7f0000000100)={0x4, r2}) ioctl$DMA_BUF_SET_NAME_A(r11, 0x40086203, &(0x7f0000002380)='\x03\x00\x00\x00\xd3\xa1\xcb\xff\x92\x1e\v\xe2Q5\x00\x00\x00\x00-\x01ontrol\x00') ioctl$VIDIOC_S_SELECTION(r1, 0xc0405668, &(0x7f0000000300)={0x0, 0x0, 0x1, {0x0, 0x4}}) read$FUSE(r11, &(0x7f0000002640)={0x2020}, 0x2020) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x23, &(0x7f0000000100), &(0x7f0000000200)=0x14) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$sndctrl(&(0x7f0000001780), 0xb, 0x101001) 7.002892529s ago: executing program 1 (id=1964): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0xc, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x52, r0, 0x4002000) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wg0\x00', 0x0}) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @broadcast, r1}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$vcsa(0x0, 0x1, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000003, 0x1010, 0xffffffffffffffff, 0xbe360000) mremap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil) 6.504174802s ago: executing program 0 (id=1965): r0 = memfd_secret(0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000139209f422ca2f1d3568c599f830b1f821bc25fa46eaf53917fbae01ac86e06a0af31a9167ac93666cbfce317f4d89438ada20492c7e787769ae367b057e255f9fc7fcd3678acf258357e1e5a90d17a85ed2bb685014e05fe9dd53656818b650ff910557ae37262d1202049fd3e46740a84e730119514262213e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x45, 0x2, 0x2}, {0x60}, {}, {0x6}]}) socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r7, 0x4b72, &(0x7f0000001080)={0x1, 0x0, 0x20, 0x20, 0x0, 0x0}) fcntl$setlease(r0, 0x400, 0x0) fremovexattr(r0, 0x0) 6.392753453s ago: executing program 2 (id=1966): r0 = memfd_secret(0x0) prctl$PR_GET_THP_DISABLE(0x2a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000139209f422ca2f1d3568c599f830b1f821bc25fa46eaf53917fbae01ac86e06a0af31a9167ac93666cbfce317f4d89438ada20492c7e787769ae367b057e255f9fc7fcd3678acf258357e1e5a90d17a85ed2bb685014e05fe9dd53656818b650ff910557ae37262d1202049fd3e46740a84e730119514262213e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x45, 0x2, 0x2}, {0x60}, {}, {0x6}]}) socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r7, 0x4b72, &(0x7f0000001080)={0x1, 0x0, 0x20, 0x20, 0x0, 0x0}) fcntl$setlease(r0, 0x400, 0x0) fremovexattr(r0, 0x0) 6.219268774s ago: executing program 5 (id=1967): syz_mount_image$udf(&(0x7f0000000480), &(0x7f00000004c0)='./file0\x00', 0x0, &(0x7f0000000500), 0x1, 0x46f, &(0x7f0000000540)="$eJzs299PW2Ucx/HPc2i7AyOuMIZuWUwTE0cwAgUZbKgJDjHGDeZY8cYsYVCwrlBCwcCyKLf7A3alN14sMV4si//DovEP0LhkXuj0xpvezSs153BOz2npBq60he39SqCn53zPOc/P8zxP0woAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEjvvDvalzSNTgUAAKinialLff2M/wAAPFcus/4HAAB4nhhZ+l1GH0wXzAX3/Rb7fGZpbT01Nl75tGbjntnkxjt/drJ/4I3B00PD/uuTz99rxzU5dXk0cS63uLySzufTc4nUUmY2N5fe9RWqPb9ct1sAicVra3Pz8/lEf89AyeH1+J+HDnfGR05Pp5J+bGpsfHwqFBOJPvXdt3ncDD8mS2/JqNe+YyYkWaq+LHZoO7XW7Gai281EamzczUg2M7O06hw0fkFYpWUS88uoDnVRFUty0mVie7Nmi8rSqzL6saNgJiU1STriHHjN/WB4V+lphIizdJXUpQNQZ/vYIVm6IqN7vXFd9MrVbVkx6UajE4eai8jSHRmdertgPnSfB05/ch6b56cT7y/N50Kxxng96qCPD/W0z59NtixNuD2+YC41OjGoO2eylJZRauQzd14hd156ZGToRPdH4RnGiztcx4nt8TrXbsbkaGjqYBo0h4BkG0sPZfToF9t93+WPAdLmv41NGurBWLovo9xawV0ahdelTaH1fdFBH/trm/5m+1xueWMls/DJasXjLfbo1fzqysxs5cNba9eSx+FO69gqRY2lL2X09XvfFO/rrQEi5bG33wzSZnv3LybDbTcvbH2e4Y8hx/s7wtsVk/w/5ke2d9+m6rKMEOM9/+evvOSWq1GLtrVBL+6YjD6+ddKLs2JOkN9I4u5/ez6TTfc5sf/IqP0HP9b9mMm5sutoEJt0YldkdPNeaexhL7YjiO13Yn+W0YOfKsceC2IHnNh1GeUfJPzYFif2ZS+2M4jtmc1l52pWwPuc0/+/l9GnvQnj12Vp/w962+0bQX/fLL/QY/p8tf0/Htq36bXDP7z2Gtmhvd6U0cZfJ/38uG3Ff6y0uf+D9pqV0Xe3SmP9hWJ7EJvcdcEeEE79R2TUNni3WDZeGXhvg1oL1/+J8tZRo/pvC+2Le/eN7U3WISm/cf3aTDabXmGDDTbYKG40+smEenDG/79l9Fv3/eJ8xxv/W7feBfO/R58H4//Z8gvVaPxvD+07681GohHJXl1cjnZKdn7j+uuZxZmF9EJ6aWhg+MzgwJnkcDTmz+2CraqL6pnk1P+MjFKT3xbXZ6Xzv8rz/5byC9Wo/o+G9rWUzFeqzjq8+k/IaP3h3eI6+knzf3+d1fXK1muxf9ao/jtC++LefVv3JusAAAAAAAAAAAAAAAAAcKBFjaVfZXTxasT4v43azff/tv1gqkbf/+oM7Zur0+8Vqi5UAAAAAAAAAACABrJk6SsZnVLBfOHsaJUuhF/xTPsvAAD//470H08=") 5.964284316s ago: executing program 1 (id=1968): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="6400000002060500000000000000eafffffffefc0500010007000000050005000200000005000400020000001800078005"], 0x64}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010001fff00000000000000", @ANYRES32, @ANYBLOB="000010000000000020"], 0x48}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22002, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f00000aa000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000080)=0x1) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x4, 0x8, 0xc, 0x0, 0x9, 0x10, 0x5, 0x2, 0xe, 0x3, 0x6, 0x5, 0x0, 0x0, 0x615, 0x3, 0x4, 0x3e, 0xa, '\x00', 0x7, 0x3}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5.551911899s ago: executing program 3 (id=1969): syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00017f", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ec0)=ANY=[@ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x58, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfffd, 0x0, @mcast2, 0x9}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0xff80}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 5.228487811s ago: executing program 0 (id=1970): r0 = syz_open_dev$loop(&(0x7f0000000000), 0x8, 0x8480) ioctl$BLKTRACESTOP(r0, 0x1275, 0x0) 5.107060222s ago: executing program 5 (id=1971): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x6, 0x8b}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) chdir(0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000001080)=0x3) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'syztnl0\x00', &(0x7f0000000700)={'syztnl0\x00', r0, 0x29, 0xc, 0x8, 0x940, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x8000, 0x80000001, 0x6}}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$audion(&(0x7f0000000040), 0x7, 0x200400) recvmsg$unix(r1, &(0x7f00000008c0)={&(0x7f0000000780)=@abs, 0x6e, &(0x7f0000000800)=[{&(0x7f0000000100)=""/15, 0xf}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x50}, 0x40) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$ttyS3(0xffffffffffffff9c, 0x0, 0xc2402, 0x0) connect$pptp(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x64, 0x3, 0x300, 0x6e, 0xffffffad, 0x190, 0x190, 0x190, 0x268, 0x268, 0x268, 0x268, 0x268, 0x3, 0x0, {[{{@ip={@remote, @local={0xac, 0x14, 0xd}, 0x0, 0x0, 'caif0\x00', 'ip6tnl0\x00'}, 0x0, 0x130, 0x190, 0xffffffc5, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f, 0x2}}]}, @common=@SET={0x60}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x0, 'team0\x00', 'team0\x00'}, 0x0, 0x98, 0xd8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x360) pipe2$watch_queue(0x0, 0x80) timerfd_gettime(0xffffffffffffffff, &(0x7f00000000c0)) sched_setscheduler(0x0, 0x1, 0x0) getpid() r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x34, r4, 0x1, 0x0, 0x0, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'batadv0\x00'}}}}}, 0x34}}, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x1, 0x1000000010000, 0x10000}) 5.101694592s ago: executing program 0 (id=1972): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000680)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e40806"], 0xfdef) 5.071446503s ago: executing program 3 (id=1973): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) brk(0x400000ffc020) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x1c, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20040000) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sock_addr=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 4.160035139s ago: executing program 1 (id=1974): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000000f8c0000000c0a01080000000000000000010000000900020073797a3200000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c0001400000000000000000140001800c000100636f756e74657200000000000000058011e70000666c6f775f6f66666c6f6164000000000900010073797a30"], 0x110}, 0x1, 0x0, 0x0, 0x24000001}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x0, 0x1, [0xe3]}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r5, 0x84, 0x6, 0x0, &(0x7f0000000200)) syz_usb_connect$uac1(0x1, 0x8f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000086b1d010140000102030109027d0003010000040904000004010100000a24010400000201021324060500060800000000000000000000000009047a900001020000"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000080)={0x0, 0x3}, 0x8) 3.878507352s ago: executing program 3 (id=1975): bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000300)={@map, 0x5, 0x1, 0xd76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) socket$kcm(0x2, 0x5, 0x84) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000002c0)=0xffffffffffffffff, 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_type(r2, &(0x7f00000001c0), 0x2, 0x0) write$cgroup_type(r3, &(0x7f0000000280), 0x9) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000c40), 0x12) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_subtree(r4, &(0x7f0000000080), 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[@ANYBLOB='+pid'], 0x6) syz_clone(0xc000000, &(0x7f0000000200)="48534bf23059f9eb9beb274051dac98d21b96d8fa1a83ff77acdb18b7bbfb3802836c03f", 0x24, &(0x7f0000000280), &(0x7f0000000400), &(0x7f0000000500)="13ef99f6ebaf376bd48bbff903c128f83e79e70847a5fc9048b9e7726ea8ae3e8bfb965e4c482aa1479f9e9b5f83d7ad29625a10d37e49c57e52535d83c109cf440c0e4f1a0c8f386c50c448a4b3f03a2213331551ef9dad99f03053368295c3fe2a5663e54ea7c1e6288f70dcc732c0bd69c3dd59a4ae0b2d4a27a9d94b426a8b78aab02848e3dfa09a600cbe0ac188e30c180f28fdbd98ce3081ac6aacce6289fa80d0c075ba18b0f681765b13c41efd8efd6f98") 2.897646848s ago: executing program 0 (id=1976): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000003100), r4) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000003200)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240)="8a", 0x1, 0x51, 0x0, 0x0) 2.495325292s ago: executing program 5 (id=1977): r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresgid(0x0, r1, r1) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) get_robust_list(r2, 0x0, 0x0) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x43, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=") r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000e5", @ANYRES16=0x0, @ANYBLOB="000425bd7000fbdbdf2546000000"], 0x14}}, 0x48800) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101900, 0xdc) r5 = socket(0x10, 0x3, 0x0) bind$netlink(r5, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r5, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r5, &(0x7f00000005c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r5, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4) write(r5, &(0x7f0000000000)='\"', 0x1) recvmmsg(r5, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) unlink(&(0x7f0000000180)='./file1\x00') rename(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000240)='./file1\x00') 1.726056907s ago: executing program 0 (id=1978): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) statx(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x800, 0x8, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl$Q_SETINFO(0xffffffff80000602, &(0x7f0000000240)=@nbd={'/dev/nbd', 0x0}, r0, &(0x7f00000002c0)={0xefd, 0x2, 0x1, 0x4}) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket(0x10, 0x2, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x4, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x48882, 0x0) write(r5, &(0x7f0000000000), 0x0) r6 = dup(r4) fallocate(r6, 0x11, 0x6040000, 0x74000) ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x40047459, 0x0) r7 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_DEL_RULE(r7, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={&(0x7f00000014c0)=ANY=[@ANYBLOB="10000000f4030000000000000000000010000000e90300"/1055], 0x420}}, 0x0) r8 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r8, &(0x7f0000000040)={0x18, 0x2, {0x0, @multicast1}}, 0x1e) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @private2, 0x8}, 0x1c) write(r2, &(0x7f0000000040)="240000001e005ff6991a2b200e0f7a000200000000000000000008", 0x1b) close_range(r2, r2, 0x2) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffff9}) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) 1.665368707s ago: executing program 3 (id=1979): r0 = memfd_secret(0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_GET_THP_DISABLE(0x2a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000139209f422ca2f1d3568c599f830b1f821bc25fa46eaf53917fbae01ac86e06a0af31a9167ac93666cbfce317f4d89438ada20492c7e787769ae367b057e255f9fc7fcd3678acf258357e1e5a90d17a85ed2bb685014e05fe9dd53656818b650ff910557ae37262d1202049fd3e46740a84e730119514262213e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a3000"], 0x7c}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x45, 0x2, 0x2}, {0x60}, {}, {0x6}]}) socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f00000029c0)={0x0, 0x0, 0x0}, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r6, 0x4b72, &(0x7f0000001080)={0x1, 0x0, 0x20, 0x20, 0x0, 0x0}) fcntl$setlease(r0, 0x400, 0x0) fremovexattr(r0, 0x0) 1.606624698s ago: executing program 2 (id=1980): r0 = memfd_secret(0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000139209f422ca2f1d3568c599f830b1f821bc25fa46eaf53917fbae01ac86e06a0af31a9167ac93666cbfce317f4d89438ada20492c7e787769ae367b057e255f9fc7fcd3678acf258357e1e5a90d17a85ed2bb685014e05fe9dd53656818b650ff910557ae37262d1202049fd3e46740a84e730119514262213e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x45, 0x2, 0x2}, {0x60}, {}, {0x6}]}) socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r7, 0x4b72, &(0x7f0000001080)={0x1, 0x0, 0x20, 0x20, 0x0, 0x0}) fcntl$setlease(r0, 0x400, 0x0) fremovexattr(r0, 0x0) 588.225706ms ago: executing program 2 (id=1981): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000001a40)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001400)={r0, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfffffdff, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 478.139826ms ago: executing program 2 (id=1982): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 309.701187ms ago: executing program 1 (id=1983): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bca2000000000000a6"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x5, 0xe, 0x0, &(0x7f0000000440)="6121eed4cd50bb2b01e841acde1a", 0x0, 0x29d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) 158.786389ms ago: executing program 2 (id=1984): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="6400000002060500000000000000eafffffffefc0500010007000000050005000200000005000400020000001800078005"], 0x64}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010001fff00000000000000", @ANYRES32, @ANYBLOB="000010000000000020"], 0x48}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22002, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f00000aa000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000080)=0x1) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x4, 0x8, 0xc, 0x0, 0x9, 0x10, 0x5, 0x2, 0xe, 0x3, 0x6, 0x5, 0x0, 0x0, 0x615, 0x3, 0x4, 0x3e, 0xa, '\x00', 0x7, 0x3}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 77.953029ms ago: executing program 0 (id=1985): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) brk(0x400000ffc020) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x1c, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20040000) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000000080)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sock_addr=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 0s ago: executing program 1 (id=1986): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000680)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e40806"], 0xfdef) kernel console output (not intermixed with test programs): ][ T127] usb 4-1: Manufacturer: syz [ 143.350068][ T127] usb 4-1: SerialNumber: syz [ 143.376697][ T127] usb 4-1: config 0 descriptor?? [ 143.401786][ T26] audit: type=1326 audit(1741592352.948:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5104 comm="syz.4.224" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90b38d169 code=0x0 [ 143.462486][ T127] usb 4-1: Found UVC 0.00 device syz (046d:08f3) [ 143.469677][ T127] usb 4-1: No valid video chain found. [ 143.635149][ T952] usb 4-1: USB disconnect, device number 5 [ 143.913350][ T5107] netlink: 4 bytes leftover after parsing attributes in process `syz.0.225'. [ 144.232108][ T952] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 144.454646][ T952] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 144.598046][ T26] audit: type=1326 audit(1741592354.148:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5117 comm="syz.1.227" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 145.121247][ T952] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 145.131501][ T952] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 145.153797][ T952] usb 1-1: string descriptor 0 read error: -22 [ 145.161101][ T952] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 145.180501][ T952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.270920][ T952] usb 1-1: 0:2 : does not exist [ 145.791756][ T5131] MTD: Attempt to mount non-MTD device "/dev/nbd1" [ 145.800952][ T5131] cramfs: wrong magic [ 146.422022][ T5138] netlink: 165 bytes leftover after parsing attributes in process `syz.4.234'. [ 148.345266][ T14] usb 1-1: USB disconnect, device number 3 [ 149.410957][ T26] audit: type=1326 audit(1741592358.958:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5149 comm="syz.2.239" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 150.778277][ T5173] MTD: Attempt to mount non-MTD device "/dev/nbd3" [ 150.938988][ T5173] cramfs: wrong magic [ 151.130356][ T26] audit: type=1326 audit(1741592360.678:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5174 comm="syz.2.245" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 152.112611][ T5186] netlink: 165 bytes leftover after parsing attributes in process `syz.4.248'. [ 152.607914][ T5190] netlink: 56 bytes leftover after parsing attributes in process `syz.3.249'. [ 152.725932][ T5191] siw: device registration error -23 [ 153.287277][ T5197] netlink: 4 bytes leftover after parsing attributes in process `syz.4.250'. [ 154.496985][ T26] audit: type=1326 audit(1741592363.558:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5195 comm="syz.0.252" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 154.962690][ T4292] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 154.971311][ T5212] i2c i2c-0: Invalid block write size 34 [ 155.105755][ T5212] bridge0: port 3(netdevsim2) entered blocking state [ 155.122553][ T5212] bridge0: port 3(netdevsim2) entered disabled state [ 155.152105][ T5212] device netdevsim2 entered promiscuous mode [ 155.161333][ T5212] bridge0: port 3(netdevsim2) entered blocking state [ 155.168308][ T5212] bridge0: port 3(netdevsim2) entered forwarding state [ 155.286290][ T4292] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 155.354693][ T4292] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 155.379942][ T4292] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 155.450833][ T5214] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 155.478668][ T5214] cramfs: wrong magic [ 155.584619][ T4292] usb 5-1: string descriptor 0 read error: -22 [ 155.585706][ T5220] xt_bpf: check failed: parse error [ 155.612197][ T4292] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 155.685071][ T4292] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.433654][ T5227] ======================================================= [ 156.433654][ T5227] WARNING: The mand mount option has been deprecated and [ 156.433654][ T5227] and is ignored by this kernel. Remove the mand [ 156.433654][ T5227] option from the mount to silence this warning. [ 156.433654][ T5227] ======================================================= [ 156.471780][ T5227] cgroup: Unknown subsys name 'permit_directio' [ 156.512479][ T5228] netlink: 165 bytes leftover after parsing attributes in process `syz.0.260'. [ 157.743305][ T5236] netlink: 'syz.1.261': attribute type 32 has an invalid length. [ 159.492482][ T26] audit: type=1326 audit(1741592369.038:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5241 comm="syz.0.264" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 160.112766][ T26] audit: type=1326 audit(1741592369.668:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5247 comm="syz.3.266" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 160.430096][ T5258] netlink: 56 bytes leftover after parsing attributes in process `syz.1.268'. [ 160.578525][ T5259] siw: device registration error -23 [ 160.912959][ T4292] usb 5-1: can't set config #1, error -110 [ 161.486250][ T4327] usb 5-1: USB disconnect, device number 6 [ 162.861873][ T5277] Cannot find add_set index 0 as target [ 162.934524][ T5280] netlink: 8 bytes leftover after parsing attributes in process `syz.2.275'. [ 163.938403][ T5282] netlink: 165 bytes leftover after parsing attributes in process `syz.0.274'. [ 164.043462][ T5271] tipc: Started in network mode [ 164.048520][ T5271] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 164.055940][ T5271] tipc: Enabled bearer , priority 0 [ 164.652239][ T26] audit: type=1326 audit(1741592374.168:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5286 comm="syz.2.277" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 165.163644][ T5298] netlink: 4 bytes leftover after parsing attributes in process `syz.4.280'. [ 165.173998][ T4292] tipc: Node number set to 8432298 [ 165.459366][ T5311] sch_tbf: burst 7710 is lower than device lo mtu (65550) ! [ 165.644866][ T952] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 165.893922][ T952] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 165.916879][ T952] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 166.017348][ T5319] netlink: 76 bytes leftover after parsing attributes in process `syz.0.286'. [ 166.660990][ T952] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 166.694449][ T952] usb 5-1: string descriptor 0 read error: -22 [ 166.700725][ T952] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 166.778589][ T952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.913829][ T952] usb 5-1: 0:2 : does not exist [ 167.010776][ T5323] netlink: 8 bytes leftover after parsing attributes in process `syz.0.287'. [ 168.042595][ T5328] netlink: 165 bytes leftover after parsing attributes in process `syz.2.288'. [ 169.182684][ T26] audit: type=1326 audit(1741592378.568:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5333 comm="syz.0.292" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 169.861460][ T4293] usb 5-1: USB disconnect, device number 7 [ 170.108738][ T26] audit: type=1326 audit(1741592379.658:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5336 comm="syz.2.293" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 170.601913][ T5355] netlink: 44 bytes leftover after parsing attributes in process `syz.0.295'. [ 171.177199][ T5357] netlink: 76 bytes leftover after parsing attributes in process `syz.1.297'. [ 171.790675][ T5365] netlink: 56 bytes leftover after parsing attributes in process `syz.0.302'. [ 172.583775][ T5371] netlink: 165 bytes leftover after parsing attributes in process `syz.1.301'. [ 173.290129][ T5385] xt_bpf: check failed: parse error [ 173.327913][ T26] audit: type=1326 audit(1741592382.878:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5369 comm="syz.3.304" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 174.488105][ T5393] netlink: 32 bytes leftover after parsing attributes in process `syz.4.310'. [ 175.114571][ T5404] netlink: 76 bytes leftover after parsing attributes in process `syz.0.311'. [ 175.837784][ T5416] netlink: 36 bytes leftover after parsing attributes in process `syz.1.316'. [ 175.848818][ T5414] netlink: 56 bytes leftover after parsing attributes in process `syz.0.318'. [ 176.586331][ T5405] ALSA: mixer_oss: invalid OSS volume '00000000000000000000006' [ 176.677660][ T5429] netlink: 'syz.1.320': attribute type 1 has an invalid length. [ 177.991301][ T5429] 8021q: adding VLAN 0 to HW filter on device bond1 [ 178.244484][ T5445] netlink: 32 bytes leftover after parsing attributes in process `syz.4.326'. [ 179.618219][ T5463] netlink: 76 bytes leftover after parsing attributes in process `syz.3.329'. [ 180.912785][ T4258] Bluetooth: hci1: command 0x0406 tx timeout [ 181.024603][ T5471] netlink: 4 bytes leftover after parsing attributes in process `syz.1.332'. [ 181.072298][ T4258] Bluetooth: hci3: command 0x0406 tx timeout [ 181.072465][ T4257] Bluetooth: hci0: command 0x0406 tx timeout [ 181.085063][ T4249] Bluetooth: hci2: command 0x0406 tx timeout [ 181.335507][ T5475] netlink: 56 bytes leftover after parsing attributes in process `syz.0.336'. [ 181.525440][ T26] audit: type=1326 audit(1741592391.078:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5469 comm="syz.3.333" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 185.903218][ T5528] i2c i2c-0: Invalid block write size 34 [ 186.809055][ T5542] netlink: 44 bytes leftover after parsing attributes in process `syz.4.352'. [ 188.790557][ T26] audit: type=1326 audit(1741592398.338:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5537 comm="syz.1.356" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 189.130554][ T5571] netlink: 'syz.3.364': attribute type 32 has an invalid length. [ 190.217395][ T5582] netlink: 8 bytes leftover after parsing attributes in process `syz.3.367'. [ 191.063242][ T5583] i2c i2c-0: Invalid block write size 34 [ 192.837579][ T5609] delete_channel: no stack [ 194.753510][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.759845][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.777992][ T5633] netlink: 8 bytes leftover after parsing attributes in process `syz.0.380'. [ 196.243364][ T5635] i2c i2c-0: Invalid block write size 34 [ 199.979848][ T5669] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 199.986685][ T5669] cramfs: wrong magic [ 200.575823][ T5677] Cannot find add_set index 0 as target [ 202.525777][ T5696] netlink: 'syz.4.401': attribute type 32 has an invalid length. [ 206.278158][ T5726] netlink: 4 bytes leftover after parsing attributes in process `syz.4.408'. [ 208.879803][ T5767] netlink: 56 bytes leftover after parsing attributes in process `syz.0.423'. [ 209.838877][ T5774] netlink: 4 bytes leftover after parsing attributes in process `syz.3.425'. [ 210.056595][ T26] audit: type=1326 audit(1741592419.538:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.2.427" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 213.077430][ T5817] xt_bpf: check failed: parse error [ 213.338509][ T5820] netlink: 56 bytes leftover after parsing attributes in process `syz.0.439'. [ 213.975191][ T26] audit: type=1326 audit(1741592423.528:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.1.441" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 215.770132][ T5853] xt_bpf: check failed: parse error [ 216.103266][ T26] audit: type=1326 audit(1741592425.658:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5863 comm="syz.4.454" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90b38d169 code=0x0 [ 219.003340][ T5892] xt_bpf: check failed: parse error [ 219.456179][ T26] audit: type=1326 audit(1741592428.988:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.1.467" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 223.358160][ T26] audit: type=1326 audit(1741592432.908:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.480" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 223.503556][ T5937] syz.0.478 (5937): drop_caches: 2 [ 224.030108][ T5957] Cannot find add_set index 0 as target [ 225.729392][ T5975] xt_bpf: check failed: parse error [ 226.577199][ T5993] netlink: 8 bytes leftover after parsing attributes in process `syz.2.494'. [ 227.415253][ T5997] netlink: 4 bytes leftover after parsing attributes in process `syz.0.495'. [ 227.652975][ T26] audit: type=1326 audit(1741592437.208:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5998 comm="syz.2.497" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 227.692566][ T4293] usb 1-1: new low-speed USB device number 4 using dummy_hcd [ 227.904199][ T4293] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 227.915483][ T4293] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 227.925703][ T4293] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 227.963882][ T4293] usb 1-1: string descriptor 0 read error: -22 [ 227.984034][ T4293] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 228.039409][ T4293] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.159462][ T4293] usb 1-1: 0:2 : does not exist [ 228.340382][ T127] usb 1-1: USB disconnect, device number 4 [ 231.523345][ T6031] device veth0_to_team entered promiscuous mode [ 232.708586][ T6038] program syz.4.506 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 233.592218][ T26] audit: type=1326 audit(1741592443.108:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6041 comm="syz.0.508" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 233.613776][ C0] vkms_vblank_simulate: vblank timer overrun [ 234.310889][ T6051] netlink: 4 bytes leftover after parsing attributes in process `syz.4.509'. [ 234.894422][ T6057] delete_channel: no stack [ 234.902402][ T4293] usb 5-1: new low-speed USB device number 8 using dummy_hcd [ 235.202187][ T6065] Cannot find add_set index 0 as target [ 235.382109][ T6065] tipc: Started in network mode [ 235.389101][ T6065] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 235.405336][ T6065] tipc: Enabled bearer , priority 0 [ 235.456562][ T4293] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 235.482109][ T4293] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 235.510880][ T4293] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 235.554014][ T4293] usb 5-1: string descriptor 0 read error: -22 [ 235.567346][ T4293] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 235.586841][ T4293] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.630120][ T4293] usb 5-1: 0:2 : does not exist [ 236.557964][ T4293] usb 5-1: USB disconnect, device number 8 [ 236.596409][ T4834] tipc: Node number set to 8432298 [ 237.173864][ T6075] blktrace: Concurrent blktraces are not allowed on sg0 [ 240.267766][ T26] audit: type=1326 audit(1741592449.818:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6100 comm="syz.2.523" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 241.074563][ T6111] netlink: 4 bytes leftover after parsing attributes in process `syz.3.526'. [ 241.222123][ T6115] Cannot find add_set index 0 as target [ 241.362133][ T127] usb 4-1: new low-speed USB device number 6 using dummy_hcd [ 241.674888][ T127] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 243.033454][ T127] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 243.043163][ T127] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 243.069516][ T127] usb 4-1: string descriptor 0 read error: -22 [ 243.076749][ T127] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 243.086269][ T127] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.177862][ T127] usb 4-1: 0:2 : does not exist [ 243.427405][ T4290] usb 4-1: USB disconnect, device number 6 [ 243.443906][ T6132] netlink: 56 bytes leftover after parsing attributes in process `syz.4.532'. [ 244.285626][ T6137] siw: device registration error -23 [ 244.728072][ T4548] udevd[4548]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 245.508258][ T26] audit: type=1326 audit(1741592454.918:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.2.536" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 245.931564][ T6139] xt_bpf: check failed: parse error [ 246.632218][ T6154] netlink: 32 bytes leftover after parsing attributes in process `syz.3.540'. [ 247.539976][ T4257] Bluetooth: hci4: command 0x0406 tx timeout [ 248.545720][ T6177] netlink: 4 bytes leftover after parsing attributes in process `syz.3.545'. [ 249.262205][ T4293] usb 4-1: new low-speed USB device number 7 using dummy_hcd [ 249.492760][ T6191] netlink: 4 bytes leftover after parsing attributes in process `syz.1.550'. [ 249.604897][ T4293] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.685062][ T6193] netlink: 8 bytes leftover after parsing attributes in process `syz.4.549'. [ 249.772422][ T4291] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 250.058521][ T4291] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 250.170318][ T4291] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 250.235311][ T4293] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 250.273061][ T4291] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 250.329879][ T4293] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 250.351028][ T4293] usb 4-1: string descriptor 0 read error: -22 [ 250.357378][ T4293] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 250.358424][ T4291] usb 2-1: string descriptor 0 read error: -22 [ 250.382797][ T4293] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.395750][ T4293] usb 4-1: 0:2 : does not exist [ 250.639680][ T4291] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 250.673719][ T26] audit: type=1326 audit(1741592460.228:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.2.548" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 251.018588][ T4291] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.049408][ T4291] usb 2-1: 0:2 : does not exist [ 251.765567][ T4834] usb 4-1: USB disconnect, device number 7 [ 252.320868][ T4293] usb 2-1: USB disconnect, device number 4 [ 253.019516][ T6217] netlink: 32 bytes leftover after parsing attributes in process `syz.1.556'. [ 255.634367][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.640878][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.766007][ T6249] netlink: 4 bytes leftover after parsing attributes in process `syz.3.565'. [ 256.835489][ T6250] netlink: 4 bytes leftover after parsing attributes in process `syz.1.566'. [ 257.072295][ T4349] usb 4-1: new low-speed USB device number 8 using dummy_hcd [ 257.112148][ T4294] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 257.364745][ T4349] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 257.376125][ T4294] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 257.393815][ T4349] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 257.406387][ T4294] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 258.981287][ T6254] sched: RT throttling activated [ 259.020260][ T4349] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 259.034804][ T4294] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 259.294996][ T4349] usb 4-1: string descriptor 0 read error: -22 [ 259.301742][ T4294] usb 2-1: string descriptor 0 read error: -22 [ 259.312754][ T4294] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 259.321877][ T4349] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 259.333316][ T4294] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.342301][ T4349] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.358394][ T4349] usb 4-1: 0:2 : does not exist [ 259.368822][ T4294] usb 2-1: 0:2 : does not exist [ 259.591416][ T4293] usb 4-1: USB disconnect, device number 8 [ 259.704069][ T6260] netlink: 32 bytes leftover after parsing attributes in process `syz.0.570'. [ 261.176484][ T4291] usb 2-1: USB disconnect, device number 5 [ 262.960417][ T6300] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 262.979867][ T6300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.579'. [ 263.566456][ T6300] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.907360][ T6300] device bridge_slave_1 left promiscuous mode [ 263.914534][ T6300] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.202467][ T6312] netlink: 32 bytes leftover after parsing attributes in process `syz.0.585'. [ 264.452894][ T6315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'. [ 264.780545][ T4289] usb 2-1: new low-speed USB device number 6 using dummy_hcd [ 264.973644][ T4289] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 265.001391][ T4289] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 265.020930][ T4289] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 265.103864][ T4289] usb 2-1: string descriptor 0 read error: -22 [ 265.128918][ T4289] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 265.177827][ T4289] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.258243][ T4289] usb 2-1: 0:2 : does not exist [ 266.473466][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 267.370149][ T4834] usb 2-1: USB disconnect, device number 6 [ 267.475771][ T6338] netlink: 76 bytes leftover after parsing attributes in process `syz.4.593'. [ 267.783355][ T6351] netlink: 32 bytes leftover after parsing attributes in process `syz.0.597'. [ 267.786279][ T6352] tmpfs: Bad value for 'mpol' [ 268.197732][ T6350] netlink: 24 bytes leftover after parsing attributes in process `syz.4.596'. [ 268.585363][ T6359] netlink: 'syz.4.596': attribute type 8 has an invalid length. [ 270.625557][ T6376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.603'. [ 270.715107][ T6377] i2c i2c-0: Invalid block write size 34 [ 273.118693][ T127] usb 3-1: new low-speed USB device number 5 using dummy_hcd [ 273.141162][ T4410] Bluetooth: hci5: Frame reassembly failed (-84) [ 273.272126][ T4327] usb 5-1: new low-speed USB device number 9 using dummy_hcd [ 273.313635][ T127] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 273.328681][ T127] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 273.350095][ T127] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 273.468370][ T4327] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 273.491082][ T4327] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 273.510552][ T4327] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 273.579600][ T4327] usb 5-1: string descriptor 0 read error: -22 [ 273.581789][ T127] usb 3-1: string descriptor 0 read error: -71 [ 273.592430][ T127] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 273.601571][ T127] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.617331][ T6386] netlink: 76 bytes leftover after parsing attributes in process `syz.0.606'. [ 273.627812][ T4327] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 273.682176][ T4327] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.723331][ T127] usb 3-1: can't set config #1, error -71 [ 273.734081][ T127] usb 3-1: USB disconnect, device number 5 [ 273.791381][ T4327] usb 5-1: 0:2 : does not exist [ 275.089549][ T6409] netlink: 168 bytes leftover after parsing attributes in process `syz.2.613'. [ 275.164094][ T4249] Bluetooth: hci5: command 0x1003 tx timeout [ 275.172364][ T4257] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 275.382807][ T4327] usb 5-1: USB disconnect, device number 9 [ 277.232414][ T6435] netlink: 4 bytes leftover after parsing attributes in process `syz.1.619'. [ 277.562163][ T4289] usb 2-1: new low-speed USB device number 7 using dummy_hcd [ 277.786006][ T4289] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 278.600356][ T4289] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 278.610077][ T4289] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 278.653050][ T4289] usb 2-1: string descriptor 0 read error: -22 [ 278.661000][ T4289] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 278.710101][ T4289] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.863942][ T4289] usb 2-1: 0:2 : does not exist [ 279.398972][ T6450] MTD: Attempt to mount non-MTD device "/dev/nbd0" [ 279.406424][ T6450] cramfs: wrong magic [ 279.641901][ T6455] netlink: 32 bytes leftover after parsing attributes in process `syz.0.627'. [ 280.183623][ T4834] usb 2-1: USB disconnect, device number 7 [ 284.032497][ T6492] netlink: 'syz.2.636': attribute type 32 has an invalid length. [ 285.449210][ T6499] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 285.455954][ T6499] cramfs: wrong magic [ 289.062221][ T6540] netlink: 'syz.2.650': attribute type 32 has an invalid length. [ 290.782201][ T6550] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 290.796264][ T6550] cramfs: wrong magic [ 291.161250][ T6555] delete_channel: no stack [ 292.624341][ T6576] netlink: 'syz.1.660': attribute type 8 has an invalid length. [ 297.051496][ T6603] netlink: 4 bytes leftover after parsing attributes in process `syz.1.668'. [ 297.372320][ T952] usb 2-1: new low-speed USB device number 8 using dummy_hcd [ 297.596175][ T952] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 297.654268][ T952] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 297.681576][ T952] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 297.721642][ T952] usb 2-1: string descriptor 0 read error: -22 [ 297.739998][ T952] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 297.770272][ T952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.790129][ T6612] netlink: 56 bytes leftover after parsing attributes in process `syz.0.673'. [ 297.809459][ T952] usb 2-1: 0:2 : does not exist [ 299.165097][ T6626] netlink: 32 bytes leftover after parsing attributes in process `syz.3.675'. [ 299.562579][ T6632] tmpfs: Unknown parameter 'usrquota' [ 300.596104][ T952] usb 2-1: USB disconnect, device number 8 [ 300.628446][ T6640] netlink: 168 bytes leftover after parsing attributes in process `syz.4.681'. [ 302.772848][ T6651] delete_channel: no stack [ 302.828657][ T6670] netlink: 32 bytes leftover after parsing attributes in process `syz.2.687'. [ 303.753563][ T6687] netlink: 4 bytes leftover after parsing attributes in process `syz.0.690'. [ 304.382832][ T4293] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 304.684047][ T4293] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 304.707332][ T4293] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 304.773465][ T4293] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 304.909813][ T4293] usb 1-1: string descriptor 0 read error: -22 [ 305.044919][ T4293] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 305.082684][ T4293] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.172763][ T4293] usb 1-1: 0:2 : does not exist [ 306.647873][ T6726] netlink: 32 bytes leftover after parsing attributes in process `syz.3.700'. [ 307.545209][ T6729] usb 1-1: USB disconnect, device number 5 [ 308.859518][ T4290] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 309.692136][ T4290] usb 3-1: Using ep0 maxpacket: 8 [ 310.302196][ T4290] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 310.317844][ T4290] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 310.327232][ T4290] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.338040][ T4290] usb 3-1: config 0 descriptor?? [ 310.881678][ T4290] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 312.381526][ T6775] netlink: 4 bytes leftover after parsing attributes in process `syz.3.715'. [ 312.672713][ T4346] usb 4-1: new low-speed USB device number 9 using dummy_hcd [ 312.816849][ T4290] usb 3-1: USB disconnect, device number 6 [ 313.033451][ T4346] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 313.044904][ T4346] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 313.055107][ T4346] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 313.073680][ T4346] usb 4-1: string descriptor 0 read error: -22 [ 313.085188][ T4346] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 313.101656][ T4346] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.801882][ T4346] usb 4-1: 0:2 : does not exist [ 315.141098][ T4290] usb 4-1: USB disconnect, device number 9 [ 315.816309][ T6813] netlink: 8 bytes leftover after parsing attributes in process `syz.3.726'. [ 316.998217][ T6825] ptrace attach of "./syz-executor exec"[4246] was attempted by "./syz-executor exec"[6825] [ 317.081395][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.088533][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.979251][ T4290] usb 2-1: new low-speed USB device number 9 using dummy_hcd [ 320.021110][ T6855] device ipvlan2 entered promiscuous mode [ 320.185791][ T4290] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 320.453042][ T6855] bridge0: port 3(ipvlan2) entered blocking state [ 320.651851][ T4290] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 320.662324][ T6855] bridge0: port 3(ipvlan2) entered disabled state [ 320.672785][ T4290] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 320.711456][ T4290] usb 2-1: string descriptor 0 read error: -22 [ 320.726660][ T4290] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 320.746950][ T4290] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.755675][ T6857] netlink: 8 bytes leftover after parsing attributes in process `syz.2.737'. [ 320.865325][ T4290] usb 2-1: 0:2 : does not exist [ 322.254440][ T6713] usb 2-1: USB disconnect, device number 9 [ 324.512361][ T6880] netlink: 'syz.1.742': attribute type 32 has an invalid length. [ 325.517942][ T6886] syz.3.747 (6886): drop_caches: 2 [ 329.211980][ T6887] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 329.239626][ T6887] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 329.261488][ T6887] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 329.289142][ T6887] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 329.302411][ T6887] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 329.311880][ T6887] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 329.331235][ T6887] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 329.348401][ T6887] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 329.364092][ T6887] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 329.380958][ T6887] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 329.395816][ T6887] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 329.416430][ T6887] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 329.435673][ T6887] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 329.454776][ T6887] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 329.479697][ T6887] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 330.310486][ T6934] netlink: 'syz.0.760': attribute type 32 has an invalid length. [ 330.989594][ T6933] syz.1.761 (6933): drop_caches: 2 [ 331.117595][ T6943] netlink: 44 bytes leftover after parsing attributes in process `syz.0.764'. [ 331.242122][ T4257] Bluetooth: hci0: command 0x0c1a tx timeout [ 331.312242][ T4257] Bluetooth: hci1: command 0x0c1a tx timeout [ 331.402123][ T4257] Bluetooth: hci3: command 0x0c1a tx timeout [ 331.402941][ T4249] Bluetooth: hci2: command 0x0c1a tx timeout [ 331.472447][ T4249] Bluetooth: hci4: command 0x0c1a tx timeout [ 331.808321][ T6951] Cannot find add_set index 0 as target [ 332.058742][ T6951] tipc: Started in network mode [ 332.070749][ T6951] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 332.142431][ T6951] tipc: Enabled bearer , priority 0 [ 332.942944][ T4289] usb 2-1: new low-speed USB device number 10 using dummy_hcd [ 333.157876][ T4289] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 333.276532][ T4289] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 333.298890][ T4290] tipc: Node number set to 8432298 [ 333.312775][ T4249] Bluetooth: hci0: command 0x0406 tx timeout [ 333.422126][ T4249] Bluetooth: hci1: command 0x0406 tx timeout [ 333.472372][ T4257] Bluetooth: hci3: command 0x0406 tx timeout [ 333.482404][ T4257] Bluetooth: hci2: command 0x0406 tx timeout [ 333.492793][ T4289] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 333.548147][ T4289] usb 2-1: string descriptor 0 read error: -22 [ 333.554427][ T4257] Bluetooth: hci4: command 0x0406 tx timeout [ 333.736210][ T4289] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 333.909752][ T4289] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.319097][ T4289] usb 2-1: 0:2 : does not exist [ 335.419556][ T6984] netlink: 'syz.0.775': attribute type 32 has an invalid length. [ 335.462490][ T6983] netlink: 44 bytes leftover after parsing attributes in process `syz.2.776'. [ 335.937018][ T4290] usb 2-1: USB disconnect, device number 10 [ 336.742126][ T4290] usb 2-1: new low-speed USB device number 11 using dummy_hcd [ 337.000540][ T4290] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 337.113230][ T4290] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 337.251902][ T4290] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 337.522161][ T4290] usb 2-1: string descriptor 0 read error: -22 [ 337.630426][ T4290] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 337.755802][ T4290] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.946245][ T4290] usb 2-1: 0:2 : does not exist [ 339.902406][ T4293] usb 2-1: USB disconnect, device number 11 [ 340.635311][ T7027] netlink: 'syz.2.789': attribute type 32 has an invalid length. [ 341.322146][ T4290] usb 2-1: new low-speed USB device number 12 using dummy_hcd [ 341.685721][ T4290] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 341.735912][ T4290] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 341.823912][ T4290] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 341.877082][ T4290] usb 2-1: string descriptor 0 read error: -22 [ 341.910219][ T4290] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 341.957295][ T4290] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.027780][ T4290] usb 2-1: 0:2 : does not exist [ 343.370836][ T4290] usb 2-1: USB disconnect, device number 12 [ 344.920549][ T7064] netlink: 'syz.2.800': attribute type 32 has an invalid length. [ 346.424772][ T7082] netlink: 44 bytes leftover after parsing attributes in process `syz.1.805'. [ 347.511007][ T22] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 347.714767][ T22] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 347.739977][ T22] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 347.752978][ T22] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 347.779177][ T22] usb 1-1: string descriptor 0 read error: -22 [ 347.795427][ T22] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 347.807321][ T22] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.856534][ T22] usb 1-1: 0:2 : does not exist [ 349.191417][ T7094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.811'. [ 349.346755][ T7100] Cannot find add_set index 0 as target [ 349.450739][ T7100] tipc: Enabling of bearer rejected, already enabled [ 349.736588][ T6729] usb 1-1: USB disconnect, device number 6 [ 350.732221][ T7112] netlink: 'syz.0.813': attribute type 32 has an invalid length. [ 350.921163][ T7117] netlink: 44 bytes leftover after parsing attributes in process `syz.2.817'. [ 352.589835][ T7139] netlink: 8 bytes leftover after parsing attributes in process `syz.3.824'. [ 352.972889][ T4289] usb 2-1: new low-speed USB device number 13 using dummy_hcd [ 353.494068][ T4289] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 353.555073][ T4289] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 353.588233][ T4289] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 353.654001][ T4289] usb 2-1: string descriptor 0 read error: -22 [ 353.660833][ T4289] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 353.704153][ T4289] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.771909][ T4289] usb 2-1: 0:2 : does not exist [ 355.158016][ T7164] syz.4.829 (7164): drop_caches: 2 [ 355.245097][ T7166] netlink: 'syz.3.830': attribute type 32 has an invalid length. [ 355.449215][ T22] usb 2-1: USB disconnect, device number 13 [ 356.542172][ T7183] xt_bpf: check failed: parse error [ 357.624765][ T7198] netlink: 'syz.1.840': attribute type 32 has an invalid length. [ 360.625054][ T7219] cgroup: No subsys list or none specified [ 360.732093][ T6729] usb 2-1: new low-speed USB device number 14 using dummy_hcd [ 360.964563][ T6729] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 360.999693][ T6729] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 361.070256][ T6729] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 361.341109][ T6729] usb 2-1: string descriptor 0 read error: -22 [ 361.347933][ T6729] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 361.358276][ T6729] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.952579][ T6729] usb 2-1: can't set config #1, error -71 [ 362.965642][ T6729] usb 2-1: USB disconnect, device number 14 [ 365.269823][ T7256] netlink: 8 bytes leftover after parsing attributes in process `syz.1.854'. [ 367.792785][ T7274] Cannot find add_set index 0 as target [ 367.819144][ T26] audit: type=1326 audit(1741592577.368:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7264 comm="syz.1.858" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 368.022281][ T7274] tipc: Started in network mode [ 368.036613][ T7274] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 368.243069][ T7274] tipc: Enabled bearer , priority 0 [ 369.972164][ T4289] tipc: Node number set to 8432298 [ 370.436309][ T7300] netlink: 'syz.4.868': attribute type 32 has an invalid length. [ 373.970986][ T26] audit: type=1326 audit(1741592583.518:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.4.878" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90b38d169 code=0x0 [ 374.079679][ T7346] netlink: 'syz.2.880': attribute type 2 has an invalid length. [ 374.096173][ T7346] netlink: 'syz.2.880': attribute type 1 has an invalid length. [ 374.104488][ T7346] netlink: 187320 bytes leftover after parsing attributes in process `syz.2.880'. [ 376.626488][ T4249] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 378.605055][ T7396] ptrace attach of "./syz-executor exec"[4246] was attempted by " eth0 #®uàûu0*óiÝÙƇ޿_ ößk¿.\x22¦À#pÍ/¦ò¼yL…aµ»~+>¼“ø«š3…l{@!2¶!®÷9kˆ\x0b8I$ýQ=rØÀØ\x09/vÓ§ØJý”#KTÝÓá¾_$A=zî½/X¾mOX)s”Þ¾_ˆN¸Þë)ÍÅ6m\x0a\x0b¾ë»‘zÂ|d\x1bÒùyx²\x1bLTrwˆ|0\x09Æâœí\x5cØ[È ó¬]V:üÞ\x07xïþ.TTÏ¿õ€a%ÜQ³CuTÌê‘èØYZyæ!‰œÑ¦7Švs²\x07þ³j*­IÌéª{]ï·òî*ù5JtÐsĪÈ~²ò0½fÛ®Gãûï”ï:Q\x1b㣤}ï`eÍL«Û\x0dòyŸg1ô\x09i/!ñ,Œuª¿~)”\x1b2“†çšòj¨–¦¢üN¯Th³\x1bo:è\x0bq7SäHóL œ—Bªq¹(öƒ±[„aF›ÚëÄ*q²’ Œv¬ AN¹ªà—Te˜Lþ—+uÓ^±ðà½\x07»åsha ë„™ÆñÕLD¨7 DQŠ2!8,¼%$ñòÖœyìKÚÅÜúÝöÆ´œ’…°¢%:ðô0´¦d´äLWÕ÷l\x1bþÞ\x0bh—=m‚.¬\x0bhþ„Q}ƒ8/ƒëP¾Ö+:ÎE\x5c•Ô¬’‡×˜—ãì­Õ¬€C„Rˆr^gºQ( [ 378.727586][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.935132][ T26] audit: type=1326 audit(1741592588.488:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7390 comm="syz.1.897" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 378.981359][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.122653][ T7411] netlink: 12 bytes leftover after parsing attributes in process `syz.3.902'. [ 379.550048][ T7415] syz.0.898 (7415): drop_caches: 2 [ 381.613588][ T6290] Bluetooth: hci5: Frame reassembly failed (-84) [ 383.632245][ T4249] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 384.243120][ T7450] netlink: 56 bytes leftover after parsing attributes in process `syz.0.915'. [ 384.364949][ T7453] netlink: 12 bytes leftover after parsing attributes in process `syz.1.916'. [ 385.477935][ T7467] netlink: 24 bytes leftover after parsing attributes in process `syz.1.921'. [ 385.847171][ T7469] netlink: 'syz.1.921': attribute type 8 has an invalid length. [ 388.770509][ T7496] netlink: 12 bytes leftover after parsing attributes in process `syz.2.930'. [ 390.048105][ T7514] netlink: 24 bytes leftover after parsing attributes in process `syz.2.935'. [ 390.882702][ T7517] netlink: 'syz.2.935': attribute type 8 has an invalid length. [ 391.221983][ T7519] misc userio: No port type given on /dev/userio [ 392.081030][ T7534] netlink: 12 bytes leftover after parsing attributes in process `syz.1.942'. [ 392.102214][ T4290] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 392.332237][ T4290] usb 3-1: Using ep0 maxpacket: 16 [ 392.349091][ T7529] netlink: 'syz.2.941': attribute type 10 has an invalid length. [ 392.390348][ T7529] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.424281][ T7529] device bridge_slave_1 left promiscuous mode [ 392.466381][ T7529] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.505560][ T7529] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 393.316614][ T4290] usb 3-1: unable to get BOS descriptor or descriptor too short [ 393.325177][ T4290] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 393.333154][ T4290] usb 3-1: can't read configurations, error -71 [ 393.484828][ T7555] misc userio: No port type given on /dev/userio [ 394.862290][ T7572] tmpfs: Bad value for 'mpol' [ 395.175704][ T7571] netlink: 12 bytes leftover after parsing attributes in process `syz.3.956'. [ 395.608164][ T4300] Bluetooth: hci5: Frame reassembly failed (-84) [ 398.343205][ T4249] Bluetooth: hci5: command 0x1003 tx timeout [ 398.351820][ T4257] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 398.511533][ T7597] netlink: 24 bytes leftover after parsing attributes in process `syz.2.964'. [ 399.738746][ T7611] netlink: 12 bytes leftover after parsing attributes in process `syz.2.969'. [ 400.353259][ T7619] netlink: 56 bytes leftover after parsing attributes in process `syz.2.972'. [ 400.406339][ T7619] siw: device registration error -23 [ 402.887282][ T7641] Cannot find set identified by id 0 to match [ 404.963185][ T7654] netlink: 12 bytes leftover after parsing attributes in process `syz.0.982'. [ 405.910640][ T26] audit: type=1326 audit(1741592615.058:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.3.983" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 406.948510][ T7678] netlink: 56 bytes leftover after parsing attributes in process `syz.1.988'. [ 407.459564][ T7680] siw: device registration error -23 [ 410.938626][ T26] audit: type=1326 audit(1741592620.488:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7696 comm="syz.2.993" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 411.710448][ T26] audit: type=1326 audit(1741592621.258:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7712 comm="syz.1.997" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 412.508402][ T4258] Bluetooth: hci5: sending frame failed (-49) [ 412.516225][ T4257] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 414.525240][ T7749] netlink: 'syz.2.1004': attribute type 32 has an invalid length. [ 415.489873][ T7759] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1007'. [ 415.605318][ T7759] 9pnet_fd: Insufficient options for proto=fd [ 415.776769][ T26] audit: type=1326 audit(1741592625.328:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7751 comm="syz.2.1010" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 415.911532][ T7760] ubi31: attaching mtd0 [ 415.962923][ T7760] ubi31: scanning is finished [ 415.970317][ T7760] ubi31: empty MTD device detected [ 416.857977][ T26] audit: type=1326 audit(1741592626.408:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7765 comm="syz.3.1011" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 417.461532][ T7760] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 417.504309][ T7760] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 417.514901][ T7778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1013'. [ 417.536842][ T7760] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 417.595157][ T7760] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 417.646114][ T7760] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 417.697958][ T7780] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1015'. [ 417.707132][ T7760] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 417.724151][ T7760] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1414000311 [ 417.743958][ T7760] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 417.840408][ T7775] ubi31: background thread "ubi_bgt31d" started, PID 7775 [ 417.982896][ T7783] Cannot find add_set index 0 as target [ 418.181141][ T7783] tipc: Enabling of bearer rejected, already enabled [ 419.465305][ T4368] Bluetooth: hci5: Frame reassembly failed (-84) [ 419.577010][ T7795] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1020'. [ 419.871598][ T7800] netlink: 'syz.1.1020': attribute type 8 has an invalid length. [ 421.026172][ T7805] MTD: Attempt to mount non-MTD device "/dev/nbd4" [ 421.032870][ T7805] cramfs: wrong magic [ 421.750268][ T26] audit: type=1326 audit(1741592631.298:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7808 comm="syz.0.1025" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 422.148204][ T4257] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 422.173648][ T4258] Bluetooth: hci5: command 0x1003 tx timeout [ 422.254781][ T26] audit: type=1326 audit(1741592631.808:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7804 comm="syz.3.1023" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 422.362051][ T7825] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1029'. [ 423.618933][ T7830] Cannot find add_set index 0 as target [ 423.712513][ T7830] tipc: Enabling of bearer rejected, already enabled [ 424.636739][ T7845] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1035'. [ 425.004796][ T7849] netlink: 'syz.0.1035': attribute type 8 has an invalid length. [ 425.913564][ T7844] netlink: 'syz.4.1033': attribute type 32 has an invalid length. [ 426.956652][ T7854] MTD: Attempt to mount non-MTD device "/dev/nbd3" [ 426.963961][ T7854] cramfs: wrong magic [ 427.337053][ T26] audit: type=1326 audit(1741592636.888:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7862 comm="syz.1.1038" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 429.595787][ T7882] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1043'. [ 430.622718][ T7890] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1046'. [ 430.730130][ T26] audit: type=1326 audit(1741592640.278:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7885 comm="syz.4.1044" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90b38d169 code=0x0 [ 432.961048][ T26] audit: type=1326 audit(1741592642.508:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7904 comm="syz.3.1051" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 433.912420][ T7922] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1054'. [ 435.012123][ T4293] usb 4-1: new low-speed USB device number 10 using dummy_hcd [ 435.309060][ T4293] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 435.423908][ T4293] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 435.471529][ T7934] netlink: 'syz.2.1055': attribute type 32 has an invalid length. [ 435.520213][ T4293] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 435.605499][ T4293] usb 4-1: string descriptor 0 read error: -22 [ 435.660178][ T4293] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 436.198265][ T4293] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.211678][ T4293] usb 4-1: 0:2 : does not exist [ 436.350061][ T7942] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1059'. [ 437.368846][ T26] audit: type=1326 audit(1741592646.918:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7946 comm="syz.0.1060" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 437.530710][ T4293] usb 4-1: USB disconnect, device number 10 [ 439.047877][ T7964] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1066'. [ 440.031250][ T26] audit: type=1326 audit(1741592648.968:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7959 comm="syz.3.1064" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 440.123852][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.210573][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.348519][ T7975] siw: device registration error -23 [ 442.893825][ T8004] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1073'. [ 443.333026][ T4346] usb 3-1: new low-speed USB device number 9 using dummy_hcd [ 443.604001][ T4346] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.638459][ T4346] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 443.667579][ T4346] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 443.883031][ T4346] usb 3-1: string descriptor 0 read error: -22 [ 443.889279][ T4346] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 443.900175][ T8014] Cannot find add_set index 0 as target [ 443.906014][ T4346] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.585792][ T8014] tipc: Enabling of bearer rejected, already enabled [ 444.634394][ T4346] usb 3-1: 0:2 : does not exist [ 445.247664][ T26] audit: type=1326 audit(1741592654.798:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8019 comm="syz.0.1079" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 446.766601][ T4293] usb 3-1: USB disconnect, device number 9 [ 447.096747][ T8042] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1084'. [ 449.557351][ T8064] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1092'. [ 450.542135][ T7] usb 3-1: new low-speed USB device number 10 using dummy_hcd [ 450.733805][ T7] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 450.771573][ T7] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 451.062688][ T26] audit: type=1326 audit(1741592660.608:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8073 comm="syz.1.1094" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 451.620642][ T7] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 452.039659][ T7] usb 3-1: string descriptor 0 read error: -22 [ 452.053560][ T7] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 452.072316][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.098758][ T7] usb 3-1: 0:2 : does not exist [ 452.312806][ T4291] usb 3-1: USB disconnect, device number 10 [ 453.022884][ T8089] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 453.104129][ T8089] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 453.307718][ T8089] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 453.495176][ T8089] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 453.584092][ T8089] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 453.726126][ T8089] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 453.823847][ T8089] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 453.924743][ T8089] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 453.931012][ T8089] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 453.938933][ T8089] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 453.949095][ T8089] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 453.957376][ T8089] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 453.965594][ T8089] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 453.983860][ T8089] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 454.736972][ T8089] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 454.782294][ T4258] Bluetooth: hci0: command 0x0c1a tx timeout [ 455.294490][ T8117] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1106'. [ 455.562160][ T4257] Bluetooth: hci1: command 0x0c1a tx timeout [ 455.585120][ T8124] netlink: 'syz.0.1106': attribute type 8 has an invalid length. [ 455.937145][ T26] audit: type=1326 audit(1741592665.488:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8120 comm="syz.1.1108" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 455.938760][ T4257] Bluetooth: hci2: command 0x0c1a tx timeout [ 455.967735][ T4258] Bluetooth: hci3: command 0x0c1a tx timeout [ 456.044020][ T4249] Bluetooth: hci4: command 0x0c1a tx timeout [ 456.807951][ T8133] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1110'. [ 457.192204][ T22] usb 4-1: new low-speed USB device number 11 using dummy_hcd [ 457.406918][ T22] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 457.441404][ T4257] Bluetooth: hci0: command 0x0406 tx timeout [ 457.457666][ T22] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 457.468850][ T8137] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1111'. [ 457.494997][ T22] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 457.642225][ T4249] Bluetooth: hci1: command 0x0406 tx timeout [ 457.694486][ T22] usb 4-1: string descriptor 0 read error: -22 [ 457.717137][ T22] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 457.791916][ T8145] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1112'. [ 458.033154][ T4257] Bluetooth: hci3: command 0x0406 tx timeout [ 458.033201][ T4249] Bluetooth: hci2: command 0x0406 tx timeout [ 458.298849][ T4257] Bluetooth: hci4: command 0x0406 tx timeout [ 458.323244][ T22] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.367029][ T22] usb 4-1: 0:2 : does not exist [ 458.761003][ T8153] Cannot find add_set index 0 as target [ 459.033633][ T8153] tipc: Enabling of bearer rejected, already enabled [ 459.744567][ T6729] usb 4-1: USB disconnect, device number 11 [ 460.548660][ T8164] netlink: 'syz.2.1117': attribute type 32 has an invalid length. [ 461.322537][ T8166] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 461.329826][ T8166] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 461.366744][ T8166] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 461.394439][ T8166] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 461.472591][ T26] audit: type=1326 audit(1741592671.018:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8178 comm="syz.1.1122" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 461.501283][ T8166] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 461.656327][ T8166] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 461.707054][ T8166] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 461.879268][ T8166] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 462.001384][ T8166] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 462.008719][ T8166] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 462.038371][ T8166] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 462.062482][ T8166] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 462.091058][ T8166] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 462.107640][ T8166] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 462.172214][ T8166] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 462.239421][ T8186] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1124'. [ 462.406022][ T8190] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1123'. [ 462.752576][ T4257] Bluetooth: hci0: command 0x0c1a tx timeout [ 463.223446][ T8198] Cannot find add_set index 0 as target [ 463.472237][ T4257] Bluetooth: hci1: command 0x0c1a tx timeout [ 463.713434][ T4249] Bluetooth: hci2: command 0x0c1a tx timeout [ 463.898800][ T8198] tipc: Started in network mode [ 463.903730][ T8198] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 463.910978][ T8198] tipc: Enabled bearer , priority 0 [ 464.033305][ T4257] Bluetooth: hci3: command 0x0c1a tx timeout [ 464.202154][ T4257] Bluetooth: hci4: command 0x0c1a tx timeout [ 464.383662][ T8206] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1128'. [ 464.716244][ T4291] usb 3-1: new low-speed USB device number 11 using dummy_hcd [ 464.860500][ T4249] Bluetooth: hci0: command 0x0406 tx timeout [ 466.006742][ T4346] tipc: Node number set to 8432298 [ 466.155311][ T4257] Bluetooth: hci1: command 0x0406 tx timeout [ 466.161556][ T4249] Bluetooth: hci2: command 0x0406 tx timeout [ 466.161570][ T4258] Bluetooth: hci3: command 0x0406 tx timeout [ 466.263703][ T4291] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 466.272168][ T4258] Bluetooth: hci4: command 0x0406 tx timeout [ 466.430167][ T4291] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 466.439601][ T4291] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 466.590492][ T4291] usb 3-1: string descriptor 0 read error: -22 [ 466.597947][ T4291] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 466.607692][ T4291] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.872528][ T26] audit: type=1326 audit(1741592676.368:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8225 comm="syz.4.1134" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90b38d169 code=0x0 [ 467.404148][ T4291] usb 3-1: 0:2 : does not exist [ 467.460725][ T4291] usb 3-1: USB disconnect, device number 11 [ 467.504716][ T4548] udevd[4548]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 468.169791][ T8251] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1140'. [ 470.372560][ T4257] Bluetooth: hci5: command 0x1003 tx timeout [ 470.381464][ T4258] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 470.874306][ T8273] netlink: 'syz.0.1146': attribute type 6 has an invalid length. [ 471.342351][ T26] audit: type=1326 audit(1741592680.878:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8274 comm="syz.4.1147" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90b38d169 code=0x0 [ 472.327294][ T8294] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1149'. [ 473.365213][ T4293] usb 1-1: new low-speed USB device number 7 using dummy_hcd [ 473.416431][ T8300] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1152'. [ 473.579330][ T4293] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 473.633276][ T4293] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 473.662154][ T4293] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 473.734736][ T4293] usb 1-1: string descriptor 0 read error: -22 [ 473.761089][ T4293] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 473.808882][ T4293] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.922715][ T4293] usb 1-1: 0:2 : does not exist [ 474.191974][ T8310] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1155'. [ 474.468537][ T8312] siw: device registration error -23 [ 475.192476][ T4293] usb 1-1: USB disconnect, device number 7 [ 475.824680][ T26] audit: type=1326 audit(1741592685.288:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8326 comm="syz.0.1161" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 476.833957][ T4249] Bluetooth: hci5: command 0x1003 tx timeout [ 476.902186][ T4258] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 477.245884][ T8344] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1165'. [ 479.664686][ T26] audit: type=1326 audit(1741592688.748:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8366 comm="syz.3.1173" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 481.065501][ T8387] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1178'. [ 483.382217][ T4258] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 483.383979][ T4249] Bluetooth: hci5: command 0x1003 tx timeout [ 483.523351][ T8407] netlink: 'syz.2.1184': attribute type 6 has an invalid length. [ 484.656218][ T8424] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1191'. [ 484.680508][ T8425] netlink: 'syz.2.1190': attribute type 29 has an invalid length. [ 485.128628][ T8425] netlink: 'syz.2.1190': attribute type 29 has an invalid length. [ 485.165141][ T8429] netlink: 'syz.2.1190': attribute type 29 has an invalid length. [ 485.175645][ T8426] netlink: 'syz.2.1190': attribute type 29 has an invalid length. [ 485.193838][ T8425] netlink: 'syz.2.1190': attribute type 29 has an invalid length. [ 486.048334][ T8437] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1193'. [ 486.069132][ T8437] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1193'. [ 486.083719][ T8433] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1193'. [ 486.113843][ T8437] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1193'. [ 488.554528][ T11] Bluetooth: hci5: Frame reassembly failed (-84) [ 490.592288][ T4258] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 494.605361][ T8530] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1223'. [ 494.981906][ T8539] netlink: 'syz.0.1223': attribute type 8 has an invalid length. [ 498.906613][ T8575] syz.0.1234 (8575): drop_caches: 2 [ 498.912220][ T4249] Bluetooth: hci5: command 0x1003 tx timeout [ 498.912485][ T4258] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 498.971820][ T8579] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1238'. [ 501.266857][ T8579] netlink: 'syz.4.1238': attribute type 8 has an invalid length. [ 501.472625][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.479005][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.564596][ T8596] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1241'. [ 507.548687][ T8655] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1261'. [ 509.873529][ T4249] Bluetooth: hci5: sending frame failed (-49) [ 509.880706][ T4258] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 510.176250][ T8680] netlink: 'syz.3.1265': attribute type 32 has an invalid length. [ 511.624113][ T8698] netlink: 'syz.1.1274': attribute type 3 has an invalid length. [ 511.659417][ T8698] netlink: 'syz.1.1274': attribute type 1 has an invalid length. [ 511.679543][ T8698] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.1274'. [ 512.555715][ T8709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1276'. [ 517.148789][ T8753] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1289'. [ 517.392232][ T8758] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1291'. [ 517.457785][ T8759] netlink: 'syz.4.1291': attribute type 8 has an invalid length. [ 517.931717][ T8762] netlink: 'syz.2.1290': attribute type 32 has an invalid length. [ 519.574919][ T26] audit: type=1326 audit(1741592729.128:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8775 comm="syz.1.1296" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 522.490692][ T8800] device syzkaller0 entered promiscuous mode [ 522.510684][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1302'. [ 525.060656][ T26] audit: type=1326 audit(1741592734.608:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.4.1310" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90b38d169 code=0x0 [ 527.054740][ T8856] netlink: 'syz.4.1315': attribute type 32 has an invalid length. [ 529.152426][ T26] audit: type=1326 audit(1741592738.618:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.4.1318" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90b38d169 code=0x0 [ 530.301625][ T8881] xt_bpf: check failed: parse error [ 532.724628][ T26] audit: type=1326 audit(1741592742.138:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8897 comm="syz.0.1329" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 536.480022][ T8938] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1343'. [ 536.800123][ T26] audit: type=1326 audit(1741592746.348:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8934 comm="syz.1.1341" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 537.332770][ T8947] netlink: 'syz.4.1343': attribute type 8 has an invalid length. [ 537.676225][ T8949] siw: device registration error -23 [ 539.502477][ T8971] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1350'. [ 540.358938][ T8974] device syzkaller0 entered promiscuous mode [ 540.812318][ T26] audit: type=1326 audit(1741592750.328:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8977 comm="syz.2.1354" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 544.096681][ T9009] netlink: 'syz.0.1362': attribute type 32 has an invalid length. [ 547.970882][ T26] audit: type=1326 audit(1741592757.508:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9019 comm="syz.3.1366" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 548.319070][ T9045] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1373'. [ 548.922446][ T26] audit: type=1326 audit(1741592758.458:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9022 comm="syz.2.1367" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 555.836931][ T9073] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 555.844151][ T9073] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 555.850155][ T9073] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 555.866564][ T9073] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 555.877354][ T9073] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 555.887058][ T9073] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 555.898885][ T9073] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 555.923310][ T9073] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 555.949724][ T9073] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 555.967879][ T9073] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 555.979732][ T9073] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 555.993348][ T9073] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 556.000592][ T9073] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 556.007509][ T9073] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 556.013987][ T9073] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 556.323754][ T26] audit: type=1326 audit(1741592765.838:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9090 comm="syz.1.1386" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 556.423560][ T22] usb 3-1: new low-speed USB device number 12 using dummy_hcd [ 556.666071][ T22] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 556.942426][ T22] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 556.951364][ T22] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 556.985815][ T22] usb 3-1: string descriptor 0 read error: -71 [ 557.179972][ T22] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 558.249848][ T4249] Bluetooth: hci2: command 0x0c1a tx timeout [ 558.256680][ T4258] Bluetooth: hci1: command 0x0c1a tx timeout [ 558.256699][ T4257] Bluetooth: hci0: command 0x0c1a tx timeout [ 558.262786][ T4258] Bluetooth: hci4: command 0x0c1a tx timeout [ 558.262817][ T4258] Bluetooth: hci3: command 0x0c1a tx timeout [ 558.285160][ T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.352741][ T22] usb 3-1: can't set config #1, error -71 [ 558.463680][ T22] usb 3-1: USB disconnect, device number 12 [ 558.818411][ T26] audit: type=1326 audit(1741592768.368:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9111 comm="syz.0.1392" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 560.274901][ T48] Bluetooth: hci2: command 0x0406 tx timeout [ 560.280965][ T48] Bluetooth: hci3: command 0x0406 tx timeout [ 560.288200][ T4257] Bluetooth: hci4: command 0x0406 tx timeout [ 560.288244][ T4258] Bluetooth: hci1: command 0x0406 tx timeout [ 560.353216][ T4249] Bluetooth: hci0: command 0x0406 tx timeout [ 562.817997][ T9145] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 562.826699][ T9145] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 562.837356][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.843708][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.874984][ T9145] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 562.899480][ T9145] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 562.916904][ T9145] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 563.038407][ T9145] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 563.046263][ T9145] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 563.053593][ T9145] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 563.059576][ T9145] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 563.071654][ T9145] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 563.078272][ T9145] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 563.090334][ T9145] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 563.097924][ T9145] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 563.274275][ T9145] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 564.315372][ T26] audit: type=1326 audit(1741592773.118:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9163 comm="syz.3.1408" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 564.610315][ T9145] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 564.833240][ T4258] Bluetooth: hci0: command 0x0c1a tx timeout [ 565.004233][ T4258] Bluetooth: hci1: command 0x0c1a tx timeout [ 565.083426][ T4258] Bluetooth: hci2: command 0x0c1a tx timeout [ 565.312126][ T4258] Bluetooth: hci4: command 0x0c1a tx timeout [ 565.318330][ T4249] Bluetooth: hci3: command 0x0c1a tx timeout [ 567.006789][ T4249] Bluetooth: hci0: command 0x0406 tx timeout [ 567.141459][ T9195] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1418'. [ 567.331735][ T4249] Bluetooth: hci1: command 0x0406 tx timeout [ 567.337831][ T4249] Bluetooth: hci2: command 0x0406 tx timeout [ 567.542665][ T4258] Bluetooth: hci3: command 0x0406 tx timeout [ 567.548777][ T4249] Bluetooth: hci4: command 0x0406 tx timeout [ 567.578775][ T9205] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1420'. [ 569.166964][ T26] audit: type=1326 audit(1741592778.338:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9196 comm="syz.1.1419" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 569.266793][ T9212] siw: device registration error -23 [ 571.606080][ T9220] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 571.616268][ T9220] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 571.629103][ T9220] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 571.649631][ T9220] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 571.665767][ T9220] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 571.678454][ T9220] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 571.702546][ T9220] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 571.711783][ T9220] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 571.791984][ T9220] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 571.803326][ T9220] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 571.822634][ T9220] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 571.829092][ T9220] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 571.837566][ T9220] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 571.845072][ T9220] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 571.851937][ T9220] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 573.318001][ T9253] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1432'. [ 573.328820][ T4258] Bluetooth: hci0: command 0x0c1a tx timeout [ 573.366798][ T9255] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1435'. [ 573.713530][ T4249] Bluetooth: hci1: command 0x0c1a tx timeout [ 573.713571][ T4258] Bluetooth: hci2: command 0x0c1a tx timeout [ 573.873407][ T9255] siw: device registration error -23 [ 573.882411][ T4249] Bluetooth: hci4: command 0x0c1a tx timeout [ 573.888552][ T4249] Bluetooth: hci3: command 0x0c1a tx timeout [ 574.038285][ T9258] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.1436'. [ 574.067646][ T9258] netlink: zone id is out of range [ 574.580303][ T26] audit: type=1326 audit(1741592783.748:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9245 comm="syz.2.1433" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 574.580620][ T4327] usb 4-1: new low-speed USB device number 12 using dummy_hcd [ 574.673514][ T9258] netlink: zone id is out of range [ 574.833332][ T4327] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 574.966312][ T4327] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 574.972958][ T9258] netlink: del zone limit has 4 unknown bytes [ 575.072130][ T4327] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 575.221367][ T4327] usb 4-1: string descriptor 0 read error: -22 [ 575.228078][ T4327] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 575.239466][ T4327] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 575.993748][ T4258] Bluetooth: hci0: command 0x0406 tx timeout [ 576.000421][ T4258] Bluetooth: hci1: command 0x0406 tx timeout [ 576.007134][ T4258] Bluetooth: hci2: command 0x0406 tx timeout [ 576.065148][ T4258] Bluetooth: hci3: command 0x0406 tx timeout [ 576.065979][ T4249] Bluetooth: hci4: command 0x0406 tx timeout [ 576.084570][ T4327] usb 4-1: can't set config #1, error -71 [ 576.092828][ T4327] usb 4-1: USB disconnect, device number 12 [ 576.869595][ T9281] device syzkaller0 entered promiscuous mode [ 576.877138][ T9292] Driver unsupported XDP return value 0 on prog (id 391) dev N/A, expect packet loss! [ 576.883888][ T9288] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1448'. [ 577.730304][ T9296] Cannot find add_set index 0 as target [ 578.459251][ T9307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1451'. [ 578.792393][ T4291] usb 4-1: new low-speed USB device number 13 using dummy_hcd [ 579.018981][ T4291] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 579.030740][ T4291] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 579.060948][ T4291] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 579.099992][ T4291] usb 4-1: string descriptor 0 read error: -22 [ 579.127270][ T4291] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 579.137307][ T4291] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.163419][ T4291] usb 4-1: 0:2 : does not exist [ 579.348515][ T9311] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1453'. [ 581.261038][ T9298] tipc: Enabling of bearer rejected, already enabled [ 581.269927][ T4327] usb 4-1: USB disconnect, device number 13 [ 582.637234][ T9323] wlan0 speed is unknown, defaulting to 1000 [ 582.719034][ T9323] lo speed is unknown, defaulting to 1000 [ 583.277770][ T9349] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1465'. [ 584.129958][ T4293] usb 2-1: new low-speed USB device number 15 using dummy_hcd [ 584.833602][ T9361] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1468'. [ 584.904087][ T4293] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 584.949836][ T4293] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 585.003414][ T9363] siw: device registration error -23 [ 585.009525][ T4293] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 585.265839][ T4293] usb 2-1: string descriptor 0 read error: -22 [ 585.445576][ T4293] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 585.476391][ T4293] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.703577][ T4293] usb 2-1: 0:2 : does not exist [ 587.662927][ T4291] usb 2-1: USB disconnect, device number 15 [ 587.862509][ T4293] usb 1-1: new low-speed USB device number 9 using dummy_hcd [ 587.968188][ T9391] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1478'. [ 588.664787][ T4293] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 588.690116][ T4293] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 588.709982][ T4293] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 588.846391][ T4293] usb 1-1: string descriptor 0 read error: -22 [ 588.855674][ T4293] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 588.866456][ T4293] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.896098][ T4293] usb 1-1: 0:2 : does not exist [ 589.144920][ T4346] usb 1-1: USB disconnect, device number 9 [ 589.852748][ T9418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1484'. [ 591.018874][ T9425] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1486'. [ 591.221040][ T9425] siw: device registration error -23 [ 591.453608][ T4293] usb 2-1: new low-speed USB device number 16 using dummy_hcd [ 591.655618][ T4293] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 591.717350][ T4293] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 591.745246][ T4293] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 591.951854][ T4293] usb 2-1: string descriptor 0 read error: -22 [ 591.959079][ T4293] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 591.976480][ T4293] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.075738][ T4293] usb 2-1: can't set config #1, error -71 [ 593.085268][ T4293] usb 2-1: USB disconnect, device number 16 [ 593.105021][ T26] audit: type=1326 audit(1741592802.658:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9431 comm="syz.0.1490" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 593.269960][ T9448] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1494'. [ 593.621735][ T9459] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1498'. [ 593.848207][ T9459] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1498'. [ 593.968107][ T9461] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1498'. [ 594.023994][ T9463] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1498'. [ 595.676136][ T9487] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1508'. [ 595.832703][ T9491] siw: device registration error -23 [ 603.941285][ T9563] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1533'. [ 604.038998][ T4258] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 604.423070][ T9553] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 604.444399][ T9553] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 604.451065][ T9553] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 604.458509][ T9553] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 604.464638][ T9553] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 604.470850][ T9553] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 604.488040][ T9553] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 604.494780][ T9553] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 604.501061][ T9573] netlink: 'syz.4.1533': attribute type 8 has an invalid length. [ 604.501171][ T9553] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 604.523612][ T9553] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 604.682364][ T9553] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 604.692522][ T9553] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 604.774319][ T9553] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 604.797283][ T9553] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 604.850221][ T9553] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 605.654164][ T9583] netlink: 'syz.0.1540': attribute type 10 has an invalid length. [ 605.667137][ T9583] device netdevsim2 left promiscuous mode [ 605.675677][ T9583] bridge0: port 3(netdevsim2) entered disabled state [ 605.695904][ T9583] device bridge_slave_0 left promiscuous mode [ 605.709020][ T9583] bridge0: port 1(bridge_slave_0) entered disabled state [ 605.944906][ T9586] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1542'. [ 606.032377][ T4258] Bluetooth: hci0: command 0x0c1a tx timeout [ 606.513375][ T4258] Bluetooth: hci2: command 0x0c1a tx timeout [ 606.513799][ T4249] Bluetooth: hci1: command 0x0c1a tx timeout [ 606.615646][ T4249] Bluetooth: hci3: command 0x0c1a tx timeout [ 606.804557][ T9604] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 606.832311][ T4249] Bluetooth: hci4: command 0x0c1a tx timeout [ 606.833443][ T9604] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 606.852223][ T9604] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 607.081660][ T9604] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 607.264990][ T9604] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 607.399847][ T9604] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 607.512443][ T9604] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 607.518429][ T9604] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 607.524472][ T9604] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 607.531670][ T9604] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 607.593539][ T9604] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 607.600803][ T9604] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 607.608882][ T9604] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 607.622466][ T9604] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 607.628445][ T9604] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 608.380574][ T26] audit: type=1326 audit(1741592817.928:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9622 comm="syz.0.1558" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 609.420834][ T4249] Bluetooth: hci0: command 0x0c1a tx timeout [ 609.427128][ T48] Bluetooth: hci1: command 0x0c1a tx timeout [ 609.815589][ T4258] Bluetooth: hci2: command 0x0c1a tx timeout [ 609.856618][ T4249] Bluetooth: hci4: command 0x0c1a tx timeout [ 610.052699][ T48] Bluetooth: hci3: command 0x0c1a tx timeout [ 610.425848][ T9652] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1566'. [ 610.531689][ T9654] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1563'. [ 611.300436][ T9656] siw: device registration error -23 [ 611.474833][ T4249] Bluetooth: hci1: command 0x0406 tx timeout [ 611.474841][ T48] Bluetooth: hci0: command 0x0406 tx timeout [ 612.033392][ T4249] Bluetooth: hci2: command 0x0406 tx timeout [ 612.573259][ T4257] Bluetooth: hci4: command 0x0406 tx timeout [ 612.579315][ T4257] Bluetooth: hci3: command 0x0406 tx timeout [ 619.449742][ T4257] Bluetooth: Wrong link type (-71) [ 622.641037][ T9751] loop4: detected capacity change from 0 to 1024 [ 622.777143][ T9758] loop1: detected capacity change from 0 to 128 [ 622.875459][ T9758] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 622.886318][ T9751] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 623.106894][ T9758] ext4 filesystem being mounted at /324/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 623.573501][ T9758] fscrypt (loop1, inode 12): Mutually exclusive encryption flags (0x19) [ 623.725292][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 623.999736][ T4252] EXT4-fs (loop1): unmounting filesystem. [ 624.275570][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.282816][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.085615][ T9789] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1607'. [ 626.977928][ T9795] siw: device registration error -23 [ 627.819244][ T9812] loop1: detected capacity change from 0 to 1024 [ 627.887604][ T26] audit: type=1326 audit(1741592837.438:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9805 comm="syz.3.1612" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 627.944544][ T9812] EXT4-fs (loop1): Test dummy encryption mode enabled [ 627.952797][ T9812] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 628.149933][ T9812] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 630.579964][ T4252] EXT4-fs (loop1): unmounting filesystem. [ 631.510612][ T9860] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1626'. [ 631.932452][ T9861] siw: device registration error -23 [ 632.807926][ T26] audit: type=1326 audit(1741592842.358:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9869 comm="syz.1.1630" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 634.877034][ T9897] netlink: 'syz.2.1636': attribute type 32 has an invalid length. [ 636.680012][ T4293] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 637.281591][ T4293] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 637.393894][ T4293] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 637.416303][ T9911] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1642'. [ 637.425987][ T4293] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 637.439040][ T4293] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 637.452164][ T4293] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.508161][ T4293] usb 5-1: config 0 descriptor?? [ 638.013507][ T4293] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 638.096816][ T4293] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 639.443770][ T9932] Cannot find add_set index 0 as target [ 639.662390][ T9932] tipc: Enabling of bearer rejected, already enabled [ 640.100844][ T9947] netlink: 'syz.0.1650': attribute type 32 has an invalid length. [ 640.867099][ T6713] usb 5-1: USB disconnect, device number 10 [ 643.448567][ T9980] binfmt_misc: register: failed to install interpreter file ./file1 [ 648.080249][T10020] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1675'. [ 648.162609][T10021] loop4: detected capacity change from 0 to 512 [ 648.193825][T10021] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 648.562530][T10021] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 649.366390][T10026] loop3: detected capacity change from 0 to 8192 [ 649.481362][T10021] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec02c, mo2=0002] [ 649.489534][T10021] System zones: 0-2, 18-18, 34-34 [ 649.525271][T10021] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 649.543271][T10021] EXT4-fs (loop4): 1 truncate cleaned up [ 649.548944][T10021] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 649.713839][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 651.872674][T10056] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1685'. [ 652.133504][T10056] netlink: 'syz.0.1685': attribute type 8 has an invalid length. [ 655.338833][T10091] loop1: detected capacity change from 0 to 164 [ 655.803832][T10100] loop0: detected capacity change from 0 to 2048 [ 655.931395][T10100] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 657.239459][ T4247] EXT4-fs (loop0): unmounting filesystem. [ 658.345771][T10148] netlink: 'syz.2.1713': attribute type 32 has an invalid length. [ 659.091378][T10153] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1716'. [ 659.962182][T10155] siw: device registration error -23 [ 662.335803][T10190] loop1: detected capacity change from 0 to 256 [ 664.382187][ T26] audit: type=1326 audit(1741592873.928:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.2.1731" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 664.577358][T10217] loop4: detected capacity change from 0 to 1024 [ 664.778800][T10217] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 664.847906][T10224] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1737'. [ 665.069040][T10225] loop4: detected capacity change from 1024 to 64 [ 665.524160][T10217] syz.4.1734: attempt to access beyond end of device [ 665.524160][T10217] loop4: rw=14337, sector=290, nr_sectors = 2 limit=64 [ 665.579532][T10217] Buffer I/O error on dev loop4, logical block 145, lost sync page write [ 665.619353][T10217] EXT4-fs error (device loop4): ext4_ext_insert_extent:2182: inode #18: block 145: comm syz.4.1734: IO error syncing itable block [ 665.694405][T10217] EXT4-fs error (device loop4): ext4_check_bdev_write_error:218: comm syz.4.1734: Error while async write back metadata [ 665.759872][T10217] syz.4.1734: attempt to access beyond end of device [ 665.759872][T10217] loop4: rw=14337, sector=290, nr_sectors = 2 limit=64 [ 665.787249][T10217] Buffer I/O error on dev loop4, logical block 145, lost sync page write [ 665.798544][T10217] EXT4-fs error (device loop4): ext4_ext_rm_leaf:2727: inode #18: block 145: comm syz.4.1734: IO error syncing itable block [ 665.831576][T10217] EXT4-fs error (device loop4): ext4_check_bdev_write_error:218: comm syz.4.1734: Error while async write back metadata [ 665.855243][T10217] syz.4.1734: attempt to access beyond end of device [ 665.855243][T10217] loop4: rw=2049, sector=226, nr_sectors = 2 limit=64 [ 665.857848][T10238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1735'. [ 665.931420][T10217] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 113) [ 666.502136][T10217] Buffer I/O error on device loop4, logical block 113 [ 666.574991][T10217] syz.4.1734: attempt to access beyond end of device [ 666.574991][T10217] loop4: rw=2049, sector=226, nr_sectors = 30 limit=64 [ 666.622142][T10217] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 113) [ 666.662279][T10217] Buffer I/O error on device loop4, logical block 113 [ 666.669102][T10217] Buffer I/O error on device loop4, logical block 114 [ 666.675872][T10217] Buffer I/O error on device loop4, logical block 115 [ 666.721587][T10217] Buffer I/O error on device loop4, logical block 116 [ 666.728424][T10217] Buffer I/O error on device loop4, logical block 117 [ 666.735201][T10217] Buffer I/O error on device loop4, logical block 118 [ 666.741981][T10217] Buffer I/O error on device loop4, logical block 119 [ 666.762255][T10217] Buffer I/O error on device loop4, logical block 120 [ 666.769079][T10217] Buffer I/O error on device loop4, logical block 121 [ 666.784808][T10217] syz.4.1734: attempt to access beyond end of device [ 666.784808][T10217] loop4: rw=2049, sector=258, nr_sectors = 2 limit=64 [ 666.788872][T10243] loop3: detected capacity change from 0 to 256 [ 666.803403][T10217] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 129) [ 667.079682][T10217] syz.4.1734: attempt to access beyond end of device [ 667.079682][T10217] loop4: rw=2049, sector=258, nr_sectors = 30 limit=64 [ 667.104902][T10217] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 129) [ 667.112203][T10243] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 667.127216][T10243] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 667.142621][T10217] syz.4.1734: attempt to access beyond end of device [ 667.142621][T10217] loop4: rw=2049, sector=322, nr_sectors = 2 limit=64 [ 667.156584][T10217] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 161) [ 667.170696][T10217] syz.4.1734: attempt to access beyond end of device [ 667.170696][T10217] loop4: rw=2049, sector=322, nr_sectors = 30 limit=64 [ 667.187995][T10243] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 667.215303][T10217] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 161) [ 667.247635][T10217] syz.4.1734: attempt to access beyond end of device [ 667.247635][T10217] loop4: rw=2049, sector=354, nr_sectors = 2 limit=64 [ 667.309081][T10217] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 177) [ 667.398029][T10217] syz.4.1734: attempt to access beyond end of device [ 667.398029][T10217] loop4: rw=2049, sector=354, nr_sectors = 30 limit=64 [ 667.437307][T10217] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 177) [ 667.492633][T10217] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 193) [ 667.520658][T10217] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 193) [ 669.100783][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 669.169914][T10219] Buffer I/O error on dev loop4, logical block 64, lost sync page write [ 669.849881][ T62] Bluetooth: hci3: Frame reassembly failed (-84) [ 669.969454][ T62] Bluetooth: hci3: Frame reassembly failed (-84) [ 670.019708][T10277] netlink: 'syz.2.1754': attribute type 32 has an invalid length. [ 671.134638][ T48] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 671.147276][ T48] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 671.156177][ T48] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 671.165752][ T4258] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 671.173316][ T4258] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 671.180675][ T4258] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 671.334959][T10285] wlan0 speed is unknown, defaulting to 1000 [ 671.366325][T10285] lo speed is unknown, defaulting to 1000 [ 671.881362][ T4257] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 672.662572][T10299] loop3: detected capacity change from 0 to 512 [ 672.719945][T10299] ext4: Unknown parameter 'smackfsroot' [ 672.782938][T10285] chnl_net:caif_netlink_parms(): no params data found [ 673.253459][ T4249] Bluetooth: hci5: command 0x0409 tx timeout [ 674.067741][T10285] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.078404][T10285] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.088005][T10285] device bridge_slave_0 entered promiscuous mode [ 674.097144][T10285] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.104670][T10285] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.113285][T10285] device bridge_slave_1 entered promiscuous mode [ 674.151571][T10285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 674.195281][T10285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 674.222935][T10316] netlink: 'syz.1.1764': attribute type 32 has an invalid length. [ 674.373492][T10321] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1760'. [ 674.519473][T10285] team0: Port device team_slave_0 added [ 674.556015][T10285] team0: Port device team_slave_1 added [ 675.312193][ T4257] Bluetooth: hci5: command 0x041b tx timeout [ 675.341450][T10285] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 675.377296][T10285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.474893][T10285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 675.522666][T10285] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 675.539860][T10285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.611423][T10285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 675.713693][T10337] device syzkaller0 entered promiscuous mode [ 677.005460][T10348] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1772'. [ 677.392700][ T4257] Bluetooth: hci5: command 0x040f tx timeout [ 677.492231][T10345] slcan: can't register candev [ 677.511789][T10345] Falling back ldisc for ptm0. [ 679.131250][T10363] Cannot find add_set index 0 as target [ 679.495434][ T4257] Bluetooth: hci5: command 0x0419 tx timeout [ 681.303999][T10379] netlink: 'syz.1.1783': attribute type 32 has an invalid length. [ 682.938528][T10285] device hsr_slave_0 entered promiscuous mode [ 682.950895][T10285] device hsr_slave_1 entered promiscuous mode [ 682.960041][T10285] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 682.976959][T10285] Cannot create hsr debugfs directory [ 683.611839][T10285] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 683.629356][T10285] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 683.828317][T10285] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 684.318848][T10285] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 685.577406][T10285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 685.649676][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 685.682995][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 685.703959][T10285] 8021q: adding VLAN 0 to HW filter on device team0 [ 685.715950][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.722317][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.814710][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 685.832650][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 685.857468][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.864678][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 685.925769][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 685.964275][ T26] audit: type=1326 audit(1741592895.518:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10435 comm="syz.1.1803" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 685.999315][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 686.026337][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.033544][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 686.083773][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 686.120918][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 686.131428][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 686.177673][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 686.189362][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 686.233060][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 686.254227][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 686.318862][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 686.359439][T10285] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 686.386418][T10285] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 686.428530][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 686.466760][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 686.720577][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 686.751488][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 687.403062][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 688.742710][T10464] netlink: 'syz.0.1810': attribute type 32 has an invalid length. [ 689.584677][T10472] wlan0 speed is unknown, defaulting to 1000 [ 689.624255][T10472] lo speed is unknown, defaulting to 1000 [ 689.689620][ T4631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 689.724957][ T4631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 689.745856][T10285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 691.304603][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 691.318950][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 691.394203][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 691.415184][ T26] audit: type=1326 audit(1741592900.968:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.2.1820" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 691.442543][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 691.502989][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 691.532718][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 691.542884][T10285] device veth0_vlan entered promiscuous mode [ 691.589885][T10285] device veth1_vlan entered promiscuous mode [ 691.688637][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 691.717510][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 691.747841][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 691.799238][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 691.825303][T10285] device veth0_macvtap entered promiscuous mode [ 691.890746][T10285] device veth1_macvtap entered promiscuous mode [ 691.975528][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.028901][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.287093][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.473291][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.654123][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.800345][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.810440][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.852392][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.929846][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.984570][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.006832][T10285] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 693.044940][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 693.093775][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.723738][ T4257] Bluetooth: Wrong link type (-22) [ 693.729336][ T4257] Bluetooth: hci4: link tx timeout [ 693.734931][ T4257] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 693.743295][ T4257] Bluetooth: hci4: link tx timeout [ 693.748429][ T4257] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 693.828303][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 693.888325][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.913873][T10524] loop1: detected capacity change from 0 to 1024 [ 693.939221][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 693.980565][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.994058][T10524] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 694.047900][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.077146][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.102359][T10524] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800e12d, mo2=0002] [ 694.111366][T10524] System zones: 0-1, 2-3, 4-36, 98-101, 102-102 [ 694.159357][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.170451][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.209724][T10285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 694.225158][T10524] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 694.244137][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 694.260345][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 694.290783][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 694.321840][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 694.352406][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 694.374204][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 694.412860][T10285] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.439160][T10285] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.467647][T10285] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.490038][T10285] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.829096][ T9084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 694.857523][ T9084] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 694.910080][ T5229] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 694.971154][ T9084] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.000244][ T9084] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.541820][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 695.794281][ T4257] Bluetooth: hci4: command 0x0406 tx timeout [ 697.303253][ T4252] EXT4-fs (loop1): unmounting filesystem. [ 697.952070][T10563] netlink: 'syz.1.1835': attribute type 32 has an invalid length. [ 699.283512][T10582] loop3: detected capacity change from 0 to 512 [ 699.377160][T10582] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 699.661955][T10582] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 699.855677][T10582] EXT4-fs (loop3): 1 truncate cleaned up [ 699.991665][T10582] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 700.239256][T10582] EXT4-fs error (device loop3): ext4_append:79: inode #2: comm syz.3.1844: Logical block already allocated [ 700.420649][T10582] EXT4-fs (loop3): Remounting filesystem read-only [ 700.995211][ T4245] EXT4-fs (loop3): unmounting filesystem. [ 703.033751][ T9] Bluetooth: hci3: Frame reassembly failed (-84) [ 703.045083][ T26] audit: type=1326 audit(1741592912.598:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.2.1856" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 703.170376][ T4300] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 703.344822][ T4300] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 703.446697][ T4300] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 703.615504][ T4300] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 704.333537][ T4300] tipc: Disabling bearer [ 704.374319][ T4300] tipc: Left network mode [ 705.083662][ T4249] Bluetooth: hci3: command 0x1003 tx timeout [ 705.090085][ T4257] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 705.287042][T10648] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1863'. [ 708.509167][T10696] loop5: detected capacity change from 0 to 512 [ 708.530489][T10696] EXT4-fs: Ignoring removed oldalloc option [ 708.561588][T10696] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 708.583393][T10696] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 709.026294][T10710] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1878'. [ 709.440014][T10696] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2809: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 709.838220][T10696] EXT4-fs (loop5): 1 truncate cleaned up [ 709.887050][T10696] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 711.984429][T10285] EXT4-fs (loop5): unmounting filesystem. [ 715.582217][T10754] netlink: 'syz.3.1890': attribute type 32 has an invalid length. [ 716.537384][T10767] loop0: detected capacity change from 0 to 512 [ 717.153244][ T26] audit: type=1326 audit(1741592926.708:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10763 comm="syz.1.1894" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 717.352262][T10767] EXT4-fs (loop0): 1 orphan inode deleted [ 717.358191][T10767] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 717.380446][T10768] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1891'. [ 717.380531][T10767] ext4 filesystem being mounted at /391/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 717.521585][ T11] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 718.089982][ T11] EXT4-fs error (device loop0): ext4_release_dquot:6818: comm kworker/u4:1: Failed to release dquot type 1 [ 718.150443][T10790] loop3: detected capacity change from 0 to 16 [ 718.265412][T10790] erofs: (device loop3): mounted with root inode @ nid 36. [ 719.514167][T10799] loop5: detected capacity change from 0 to 8 [ 719.611933][T10799] SQUASHFS error: Unknown LZ4 version [ 719.654399][T10799] squashfs image failed sanity check [ 720.338417][T10815] netlink: 'syz.1.1903': attribute type 32 has an invalid length. [ 720.426080][ T4300] device hsr_slave_0 left promiscuous mode [ 720.593038][ T4300] device hsr_slave_1 left promiscuous mode [ 721.195327][ T4300] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 721.208070][ T4300] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 721.231264][ T4300] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 721.858736][ T4300] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 722.106091][ T4300] device bridge_slave_1 left promiscuous mode [ 722.123412][ T4300] bridge0: port 2(bridge_slave_1) entered disabled state [ 722.171300][ T4300] device bridge_slave_0 left promiscuous mode [ 722.191956][ T4300] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.141357][ T4300] device veth1_macvtap left promiscuous mode [ 723.148798][ T4300] device veth0_macvtap left promiscuous mode [ 723.158466][ T4300] device veth1_vlan left promiscuous mode [ 723.188773][ T4300] device veth0_vlan left promiscuous mode [ 723.403439][ T26] audit: type=1326 audit(1741592932.958:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10838 comm="syz.1.1911" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca358d169 code=0x0 [ 723.621764][ T4300] infiniband sz1: set down [ 724.261135][ T26] audit: type=1326 audit(1741592933.808:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.2.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x7ffc0000 [ 724.785546][ T26] audit: type=1326 audit(1741592933.818:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.2.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f0314d8d169 code=0x7ffc0000 [ 725.479121][ T26] audit: type=1326 audit(1741592933.818:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.2.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x7ffc0000 [ 725.609072][ T26] audit: type=1326 audit(1741592933.818:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.2.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x7ffc0000 [ 725.711073][ T26] audit: type=1326 audit(1741592933.818:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.2.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f0314d8d169 code=0x7ffc0000 [ 725.739983][ T26] audit: type=1326 audit(1741592933.818:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.2.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x7ffc0000 [ 725.815582][ T26] audit: type=1326 audit(1741592933.818:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.2.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x7ffc0000 [ 725.839426][ T26] audit: type=1326 audit(1741592933.818:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.2.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f0314d8d169 code=0x7ffc0000 [ 725.890368][ T26] audit: type=1326 audit(1741592933.818:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.2.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x7ffc0000 [ 726.208175][ T4300] team0 (unregistering): Port device team_slave_1 removed [ 726.924472][T10871] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1922'. [ 727.091358][ T4300] team0 (unregistering): Port device team_slave_0 removed [ 728.017509][ T4300] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 728.099916][ T4300] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 728.345367][ T4247] EXT4-fs (loop0): unmounting filesystem. [ 728.677108][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 728.677127][ T26] audit: type=1326 audit(1741592938.218:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10884 comm="syz.0.1925" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 728.820841][ T4300] bond0 (unregistering): Released all slaves [ 728.907039][T10714] smc: removing ib device sz1 [ 728.907407][T10826] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1907'. [ 729.041533][ T4290] lo speed is unknown, defaulting to 1000 [ 729.041734][T10875] netlink: 'syz.2.1922': attribute type 8 has an invalid length. [ 731.186031][T10932] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1939'. [ 731.516348][T10950] netlink: 'syz.0.1939': attribute type 8 has an invalid length. [ 733.137213][T10964] loop3: detected capacity change from 0 to 2048 [ 733.245888][T10964] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 739.198794][ T26] audit: type=1326 audit(1741592947.038:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.0.1950" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 739.362254][ T26] audit: type=1326 audit(1741592947.358:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10998 comm="syz.5.1953" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f065a18d169 code=0x0 [ 739.518955][T11018] Cannot find add_set index 0 as target [ 740.423564][T11036] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1958'. [ 740.831216][ T26] audit: type=1326 audit(1741592950.378:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11029 comm="syz.3.1960" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 740.961427][T11028] loop5: detected capacity change from 0 to 1024 [ 741.546207][T11028] EXT4-fs (loop5): can't mount with data=, fs mounted w/o journal [ 742.258496][T11064] loop5: detected capacity change from 0 to 128 [ 742.334109][T11064] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 742.429284][T11064] UDF-fs: warning (device loop5): udf_fill_super: No fileset found [ 742.499328][ T26] audit: type=1326 audit(1741592952.048:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11059 comm="syz.0.1965" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f251d58d169 code=0x0 [ 743.087064][T11072] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1968'. [ 743.668837][T11086] Cannot find add_set index 0 as target [ 744.781320][T11101] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1974'. [ 745.692128][ T4250] usb 2-1: new low-speed USB device number 17 using dummy_hcd [ 745.924892][ T4250] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 745.958374][ T4250] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 746.579216][ T4250] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 746.715817][ T4250] usb 2-1: string descriptor 0 read error: -22 [ 746.734476][ T4250] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 746.745672][ T4250] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 746.790534][ T4250] usb 2-1: 0:2 : does not exist [ 747.179047][ T26] audit: type=1326 audit(1741592956.728:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11120 comm="syz.2.1980" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0314d8d169 code=0x0 [ 747.202915][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.210558][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.954741][T11114] loop5: detected capacity change from 0 to 2048 [ 748.044778][ T4293] usb 2-1: USB disconnect, device number 17 [ 748.090345][T11132] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1979'. [ 748.113241][T11114] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 748.176742][ T26] audit: type=1326 audit(1741592957.728:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11123 comm="syz.3.1979" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e5318d169 code=0x0 [ 748.316830][T11141] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1984'. [ 748.330094][T11142] ------------[ cut here ]------------ [ 748.336048][T11142] WARNING: CPU: 0 PID: 11142 at fs/inode.c:332 drop_nlink+0xbb/0x100 [ 748.345874][T11142] Modules linked in: [ 748.345934][T11142] CPU: 0 PID: 11142 Comm: syz.5.1977 Not tainted 6.1.130-syzkaller #0 [ 748.345959][T11142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 748.345972][T11142] RIP: 0010:drop_nlink+0xbb/0x100 [ 748.346007][T11142] Code: 49 8b 1e 48 8d bb c0 07 00 00 be 08 00 00 00 e8 eb e9 e9 ff f0 48 ff 83 c0 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 a5 85 92 ff <0f> 0b eb 89 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 748.346025][T11142] RSP: 0018:ffffc900039a7650 EFLAGS: 00010283 [ 748.346046][T11142] RAX: ffffffff81f813db RBX: 1ffff1100e2fb1ce RCX: 0000000000080000 [ 748.346062][T11142] RDX: ffffc90016296000 RSI: 000000000001453a RDI: 000000000001453b [ 748.346077][T11142] RBP: 0000000000000000 R08: ffffffff81f8135f R09: fffffbfff2257280 [ 748.346092][T11142] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880717d8e70 [ 748.346105][T11142] R13: 0000000067ce997d R14: ffff8880717d8e28 R15: dffffc0000000000 [ 748.346130][T11142] FS: 00007f065b09a6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 748.346148][T11142] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 748.346163][T11142] CR2: 0000400000000000 CR3: 000000005b7f3000 CR4: 00000000003506f0 [ 748.346181][T11142] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 748.346194][T11142] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 748.346209][T11142] Call Trace: [ 748.346216][T11142] [ 748.346226][T11142] ? __warn+0x15a/0x520 [ 748.490766][T11142] ? drop_nlink+0xbb/0x100 [ 748.495295][T11142] ? report_bug+0x2af/0x500 [ 748.499842][T11142] ? drop_nlink+0xbb/0x100 [ 748.504364][T11142] ? handle_bug+0x3d/0x70 [ 748.508720][T11142] ? exc_invalid_op+0x16/0x40 [ 748.513484][T11142] ? asm_exc_invalid_op+0x16/0x20 [ 748.518542][T11142] ? drop_nlink+0x3f/0x100 [ 748.523043][T11142] ? drop_nlink+0xbb/0x100 [ 748.527498][T11142] ? drop_nlink+0xbb/0x100 [ 748.531947][T11142] udf_rename+0xa46/0xdd0 [ 748.536390][T11142] ? stack_trace_save+0x113/0x1c0 [ 748.541457][T11142] ? lockdep_unlock+0x165/0x300 [ 748.546425][T11142] ? udf_mknod+0x90/0x90 [ 748.550712][T11142] ? lockdep_unlock+0x165/0x300 [ 748.555729][T11142] vfs_rename+0xd32/0x10f0 [ 748.560192][T11142] ? tomoyo_path_link+0xa0/0x170 [ 748.565245][T11142] ? __ia32_sys_link+0x90/0x90 [ 748.570050][T11142] ? security_path_rename+0x17f/0x210 [ 748.575527][T11142] do_renameat2+0xde0/0x1440 [ 748.580182][T11142] ? fsnotify_move+0x4f0/0x4f0 [ 748.585054][T11142] ? __virt_addr_valid+0x17f/0x530 [ 748.590198][T11142] ? __virt_addr_valid+0x17f/0x530 [ 748.595404][T11142] ? __virt_addr_valid+0x45b/0x530 [ 748.600541][T11142] ? __phys_addr_symbol+0x2b/0x70 [ 748.605651][T11142] ? strncpy_from_user+0x1f9/0x360 [ 748.610806][T11142] ? getname_flags+0x1f9/0x4f0 [ 748.615645][T11142] ? lockdep_hardirqs_on+0x94/0x130 [ 748.620877][T11142] __x64_sys_rename+0x82/0x90 [ 748.625661][T11142] do_syscall_64+0x3b/0xb0 [ 748.630098][T11142] ? clear_bhb_loop+0x45/0xa0 [ 748.634872][T11142] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 748.640792][T11142] RIP: 0033:0x7f065a18d169 [ 748.645301][T11142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 748.664979][T11142] RSP: 002b:00007f065b09a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 748.673495][T11142] RAX: ffffffffffffffda RBX: 00007f065a3a6080 RCX: 00007f065a18d169 [ 748.681497][T11142] RDX: 0000000000000000 RSI: 0000400000000240 RDI: 0000400000000040 [ 748.689562][T11142] RBP: 00007f065a20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 748.697618][T11142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 748.705684][T11142] R13: 0000000000000000 R14: 00007f065a3a6080 R15: 00007ffc42d3f698 [ 748.713754][T11142] [ 748.716820][T11142] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 748.724126][T11142] CPU: 0 PID: 11142 Comm: syz.5.1977 Not tainted 6.1.130-syzkaller #0 [ 748.732298][T11142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 748.742372][T11142] Call Trace: [ 748.745669][T11142] [ 748.748618][T11142] dump_stack_lvl+0x1e3/0x2cb [ 748.753327][T11142] ? nf_tcp_handle_invalid+0x647/0x647 [ 748.758817][T11142] ? panic+0x764/0x764 [ 748.762922][T11142] ? vscnprintf+0x59/0x80 [ 748.767283][T11142] panic+0x318/0x764 [ 748.771205][T11142] ? __warn+0x169/0x520 [ 748.775375][T11142] ? memcpy_page_flushcache+0xfc/0xfc [ 748.780759][T11142] __warn+0x348/0x520 [ 748.784741][T11142] ? drop_nlink+0xbb/0x100 [ 748.789164][T11142] report_bug+0x2af/0x500 [ 748.793485][T11142] ? drop_nlink+0xbb/0x100 [ 748.797900][T11142] handle_bug+0x3d/0x70 [ 748.802048][T11142] exc_invalid_op+0x16/0x40 [ 748.806542][T11142] asm_exc_invalid_op+0x16/0x20 [ 748.811383][T11142] RIP: 0010:drop_nlink+0xbb/0x100 [ 748.816401][T11142] Code: 49 8b 1e 48 8d bb c0 07 00 00 be 08 00 00 00 e8 eb e9 e9 ff f0 48 ff 83 c0 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 a5 85 92 ff <0f> 0b eb 89 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 748.835995][T11142] RSP: 0018:ffffc900039a7650 EFLAGS: 00010283 [ 748.842054][T11142] RAX: ffffffff81f813db RBX: 1ffff1100e2fb1ce RCX: 0000000000080000 [ 748.850015][T11142] RDX: ffffc90016296000 RSI: 000000000001453a RDI: 000000000001453b [ 748.857975][T11142] RBP: 0000000000000000 R08: ffffffff81f8135f R09: fffffbfff2257280 [ 748.865935][T11142] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880717d8e70 [ 748.873896][T11142] R13: 0000000067ce997d R14: ffff8880717d8e28 R15: dffffc0000000000 [ 748.881863][T11142] ? drop_nlink+0x3f/0x100 [ 748.886277][T11142] ? drop_nlink+0xbb/0x100 [ 748.890698][T11142] udf_rename+0xa46/0xdd0 [ 748.895029][T11142] ? stack_trace_save+0x113/0x1c0 [ 748.900047][T11142] ? lockdep_unlock+0x165/0x300 [ 748.904892][T11142] ? udf_mknod+0x90/0x90 [ 748.909135][T11142] ? lockdep_unlock+0x165/0x300 [ 748.914043][T11142] vfs_rename+0xd32/0x10f0 [ 748.918463][T11142] ? tomoyo_path_link+0xa0/0x170 [ 748.923397][T11142] ? __ia32_sys_link+0x90/0x90 [ 748.928160][T11142] ? security_path_rename+0x17f/0x210 [ 748.933528][T11142] do_renameat2+0xde0/0x1440 [ 748.938130][T11142] ? fsnotify_move+0x4f0/0x4f0 [ 748.942888][T11142] ? __virt_addr_valid+0x17f/0x530 [ 748.947997][T11142] ? __virt_addr_valid+0x17f/0x530 [ 748.953100][T11142] ? __virt_addr_valid+0x45b/0x530 [ 748.958202][T11142] ? __phys_addr_symbol+0x2b/0x70 [ 748.963222][T11142] ? strncpy_from_user+0x1f9/0x360 [ 748.968330][T11142] ? getname_flags+0x1f9/0x4f0 [ 748.973086][T11142] ? lockdep_hardirqs_on+0x94/0x130 [ 748.978275][T11142] __x64_sys_rename+0x82/0x90 [ 748.982948][T11142] do_syscall_64+0x3b/0xb0 [ 748.987352][T11142] ? clear_bhb_loop+0x45/0xa0 [ 748.992023][T11142] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 748.997911][T11142] RIP: 0033:0x7f065a18d169 [ 749.002315][T11142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 749.021928][T11142] RSP: 002b:00007f065b09a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 749.030342][T11142] RAX: ffffffffffffffda RBX: 00007f065a3a6080 RCX: 00007f065a18d169 [ 749.038309][T11142] RDX: 0000000000000000 RSI: 0000400000000240 RDI: 0000400000000040 [ 749.046273][T11142] RBP: 00007f065a20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 749.054235][T11142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 749.062193][T11142] R13: 0000000000000000 R14: 00007f065a3a6080 R15: 00007ffc42d3f698 [ 749.070167][T11142] [ 749.073397][T11142] Kernel Offset: disabled [ 749.077776][T11142] Rebooting in 86400 seconds..