last executing test programs: 8m19.063049259s ago: executing program 2 (id=3): r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x2, @loopback}, 0x2, 0x0, 0x4}}, 0x2e) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000006000000140008"], 0x28}}, 0x8000) 8m18.4326877s ago: executing program 2 (id=7): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) move_mount(r0, &(0x7f00000003c0)='./file0/file0\x00', r0, &(0x7f0000000300)='./file0/../file0\x00', 0x0) 8m17.216328937s ago: executing program 2 (id=11): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)={0x24, 0x1a, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str=':*^${\x00'}, @nested={0x8, 0x1e, 0x0, 0x1, [@typed={0x4}]}]}, 0x24}], 0x1}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b707000008000000850000006900000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$ITER_CREATE(0xb, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x20080, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_SET_CLOCK(r4, 0x4030ae7b, &(0x7f0000002140)={0xc5a4, 0x4, 0xb, 0xfffffffffffffff8, 0x6}) syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0) 8m15.736858393s ago: executing program 2 (id=17): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @random="1553ff41cf11", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dda00", 0x14, 0x6, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x54, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e21}, @IFLA_GRE_REMOTE={0x8, 0x7, @local}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x54}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x60, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x20, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x19, 0xf}}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}, @IFLA_VLAN_ID={0x6, 0x1, 0x3}]}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x60}}, 0x8000) 8m14.463817979s ago: executing program 32 (id=17): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @random="1553ff41cf11", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dda00", 0x14, 0x6, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x54, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e21}, @IFLA_GRE_REMOTE={0x8, 0x7, @local}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x54}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x60, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x20, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x19, 0xf}}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}, @IFLA_VLAN_ID={0x6, 0x1, 0x3}]}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x60}}, 0x8000) 2m52.324411699s ago: executing program 3 (id=813): ioperm(0x0, 0x7, 0x40000000000006) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0x408c5333, &(0x7f0000000280)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x820000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet(0xa, 0x801, 0x84) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r3, 0x8) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt(r4, 0x84, 0x80, &(0x7f00000003c0)="1a00000002000100", 0x8) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r4, 0x84, 0x5, &(0x7f0000000540)={0x0, @in6={{0xa, 0x4e22, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10}}}, 0x84) ioctl$KVM_HYPERV_EVENTFD(r2, 0xc048aec8, &(0x7f0000000000)={0x5, 0xffffffffffffffff, 0xfffffffe}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000080)={0xb, 0x7, 0x9, 0xa3, 0x7, 0x4}) 2m50.038509337s ago: executing program 3 (id=819): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) io_uring_setup(0xaab, 0x0) r4 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 2m48.322962994s ago: executing program 3 (id=822): syz_emit_ethernet(0x2a, 0x0, 0x0) quotactl$Q_GETQUOTA(0xffffffff80000702, &(0x7f0000000240)=@nbd={'/dev/nbd', 0x0}, 0x0, &(0x7f00000004c0)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet(0x2, 0x2, 0x1) bind$inet(r3, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10) sendmsg$inet(r3, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2}, 0x0) 2m46.18585716s ago: executing program 3 (id=825): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20) pipe2$9p(&(0x7f0000000240), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r3) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000000000000001"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) 2m44.664735586s ago: executing program 3 (id=829): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000720000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r1}, 0x18) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x1013a, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={0x0, r0}, 0x18) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:De', 0x0) 2m40.1929988s ago: executing program 3 (id=835): r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) recvmmsg(r0, &(0x7f0000007880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) creat(&(0x7f0000000240)='./file0\x00', 0x148) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',cache=mmap']) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r5 = open$dir(&(0x7f0000000180)='./file0\x00', 0x1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) ftruncate(r6, 0x2000009) sendfile(r5, r6, 0x0, 0x7ffff000) utime(&(0x7f0000003000)='./file0\x00', 0x0) 2m24.865493339s ago: executing program 33 (id=835): r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) recvmmsg(r0, &(0x7f0000007880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) creat(&(0x7f0000000240)='./file0\x00', 0x148) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',cache=mmap']) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r5 = open$dir(&(0x7f0000000180)='./file0\x00', 0x1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) ftruncate(r6, 0x2000009) sendfile(r5, r6, 0x0, 0x7ffff000) utime(&(0x7f0000003000)='./file0\x00', 0x0) 16.057654197s ago: executing program 4 (id=1178): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$igmp6(0xa, 0x3, 0x2) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 14.851052078s ago: executing program 4 (id=1181): openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0xf17c6ff0a457fbf4) r0 = fanotify_init(0x200, 0x0) fanotify_mark(r0, 0x71, 0x40000009, 0xffffffffffffffff, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r1, 0x7005) r2 = epoll_create(0x10000e9) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f0000000080)={0x2025}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x400000000, 0x4, 0x7fffffff}, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) 14.628565892s ago: executing program 4 (id=1183): sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f00000009c0)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) setsockopt$inet6_int(r3, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r3, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 9.713153029s ago: executing program 6 (id=1192): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 9.05782328s ago: executing program 0 (id=1194): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet6(r0, &(0x7f0000003940)={&(0x7f00000024c0)={0xa, 0x4e20, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7fff}, 0x1c, &(0x7f0000003700)=[{&(0x7f0000002500)="84", 0x1}], 0x1}, 0x4040) r1 = socket$inet(0xa, 0x801, 0x84) r2 = socket$inet(0xa, 0x801, 0x84) listen(r2, 0x98df) listen(r1, 0x8) r3 = socket$inet(0xa, 0x801, 0x84) listen(r3, 0x8) r4 = socket$inet(0xa, 0x801, 0x84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) listen(r5, 0x100) listen(r4, 0x8) listen(0xffffffffffffffff, 0x1) r6 = socket$netlink(0x10, 0x3, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r6) writev(r6, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) 7.156361627s ago: executing program 1 (id=1196): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x2, 0x0) r2 = getpid() prlimit64(r2, 0xe, &(0x7f00000000c0)={0x9, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x10) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) 7.155776962s ago: executing program 6 (id=1197): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) io_uring_setup(0xaab, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 7.134283409s ago: executing program 0 (id=1198): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r3], 0x50}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000211400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000000000008000500", @ANYRES32=r7], 0x50}}, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x3, {0x0, 0x0, 0x74, r8, {}, {0x0, 0x3}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x41}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) read$FUSE(r9, 0x0, 0x0) write$FUSE_INIT(r9, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012, 0xffff}}, 0x50) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) 6.162968797s ago: executing program 6 (id=1199): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000200)=""/151) msgctl$IPC_STAT(0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x0, 0x0) preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/140, 0x8c}], 0x1, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYRES16=0x0], 0x1c}, 0x1, 0x0, 0x0, 0x44011}, 0x22008010) 5.811029321s ago: executing program 5 (id=1201): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x2, {0x1, @win={{}, 0x0, 0x9, 0x0, 0x0, 0x0}}}) connect$inet6(r1, 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) mlockall(0x0) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000100)={{0x3, 0x3}, 'syz0\x00', 0x7}) ioctl$UI_DEV_CREATE(r3, 0x5501) 5.182713888s ago: executing program 1 (id=1202): socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@getqdisc={0x24, 0x26, 0x705, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xfff1}, {0x10, 0x8}, {0x4, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c88b}, 0x0) 4.035308942s ago: executing program 1 (id=1203): prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0xe}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) fcntl$setsig(r1, 0xa, 0x12) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00) ppoll(&(0x7f0000000100)=[{r2}], 0x1, 0x0, 0x0, 0x0) dup2(r1, r2) fcntl$setown(r2, 0x8, r0) tkill(r0, 0x13) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x2, 0x1, 0x2, 0x0, 0x0, 0x10) 4.020222409s ago: executing program 6 (id=1204): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xb, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2000004, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_io_uring_setup(0x10d, &(0x7f00000003c0), &(0x7f00000000c0)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, &(0x7f0000000940)=0xffffffffffffffff) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r5, 0x7c80, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x74}}, 0x0) 4.019738854s ago: executing program 4 (id=1205): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000580)=ANY=[], 0x20e) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) 3.954446137s ago: executing program 5 (id=1206): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0xf17c6ff0a457fbf4) fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r0, 0x0) fanotify_mark(0xffffffffffffffff, 0x71, 0x40000009, 0xffffffffffffffff, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r1, 0x7005) r2 = epoll_create(0x10000e9) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f0000000080)={0x2025}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x400000000, 0x4, 0x7fffffff}, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) 3.596125212s ago: executing program 0 (id=1207): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000600)=""/81}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000900)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000540)={0x1, 0x0, [{0x0, 0x80, &(0x7f0000000680)=""/128}]}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 3.132400586s ago: executing program 5 (id=1208): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 2.687855822s ago: executing program 6 (id=1209): socket$nl_sock_diag(0x10, 0x3, 0x4) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$inet6(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x840) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0xc000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x40d, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, 0x10}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 2.606401199s ago: executing program 1 (id=1210): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/34, @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000020301"], 0x1c}}, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000007000000"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.602779814s ago: executing program 4 (id=1211): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000600)=""/81}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000900)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000140)={0x1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000540)={0x1, 0x0, [{0x0, 0x80, &(0x7f0000000680)=""/128}]}) 2.428507291s ago: executing program 0 (id=1212): r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) creat(0x0, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1f, 0x2, 0x1}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002200)=ANY=[@ANYBLOB="5c00000010000305000000000004000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000003c0012800e00010069703665727370616e00000028000280060002003000000005001600020000"], 0x5c}, 0x1, 0x0, 0x0, 0x41}, 0x0) 2.368008817s ago: executing program 4 (id=1213): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r1, 0x1, 0x70bd27, 0x4, {0x5}, [@L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000041}, 0x40040a4) sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f0000000600)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, r1, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0xb}]}, 0x1c}}, 0x4000) syz_usb_connect(0x2, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x4d, 0xcf, 0xf4, 0x8, 0x572, 0xd811, 0x94e2, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x1e, 0x0, 0x0, 0xb3, 0x5b, 0x1e}}]}}]}}, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007292bd404020305582a80000000109021b0001000000000904", @ANYBLOB="868f54"], 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0xf46, 0x4}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000140)={r3, @in6={{0xa, 0x4e23, 0x6, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x8}}}, &(0x7f00000003c0)=0x84) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x800000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000d40)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d08428353b1c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000013887ad6d2d440fedce51a3aa57b00ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b44925129677b7b3d2f8e7792c7827862eae80134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498d357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea59195dbc72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3fc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac36f8859c7d5444c12bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee751ec294584d23d9008bdf046f55c030ab941a0b8723412127efb3eac0ccf68133c76770d5e7dabcc48d4768540c540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1722ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7d544de2523b6ce8aaeb94bfba75079f7455204ccca02bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff31dcd82474b51498f65e0601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c25625ab7a351a68977177e27a1bf112114eb10250c2b9dca234f8967f0439696a2345e747b5f1d8c4bec86d8e8f2eb121ea0159615e7d475d45837921c2c0c3f9e683ac8000214a657c9f0a000000000000009e0b1a8c8f55f30e7c25275ed49b71828b375be03ef903cc8244b1269376d01b674cff9cb82eef0fe55c8b751053004ca6cef28d9a52c3771e9c73d03fdf74f48306560fb6cd86658afa895efa47f3a43e686df5b727ba4ec99620270334fce56c9f86b8a2c8aaede5a48a29b75734fbe1f59e43dc5a39b083848b0ebb14d845df7606e4d58f1a03f2dd337c3a10f3b15d388e43059aa88b42d26d4ccda6d60f996ed444d7f40e0cdbf69e11252a6c0e2d882d93b4f22dc95a191b1e6ff59d7880b4ce587f7ef05c46088268805cf089c4b3cd60cd3fc0c6d81fb2f9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000880), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) modify_ldt$write(0x1, &(0x7f0000000140)={0x1, 0x20000000, 0x1000, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f00000002c0)=0x5, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r4, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x8, 0x0, 0x0}}, 0x10) r6 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={r5}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r6, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffe4, 0xfffffffffffffda0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x4) 1.509888086s ago: executing program 5 (id=1214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d8200000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4) setsockopt$sock_attach_bpf(r5, 0x1, 0x34, &(0x7f0000000040)=r4, 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="b7000000ecffffff0c0000000000000095000000000000005e0c83dfb64a3eb1cdfa541cd3957aa8a96b9fa4591c1eb556e38defc504b011face5a06294c2115a9ad943bac350e8d7961537181f79ead9176dc7c3ed2d45004deb987fa0d"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r7 = dup2(r6, r4) setsockopt$sock_attach_bpf(r5, 0x1, 0x34, &(0x7f00000000c0)=r7, 0x4) 1.444432403s ago: executing program 1 (id=1215): socket$inet6(0xa, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$netlink(0x10, 0x3, 0x0) memfd_secret(0x80000) socket$inet(0x2, 0x4000000000000001, 0x0) mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1901) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000001a00010000000000000000000a008000", @ANYRES32=0x0, @ANYBLOB="0000000008000200000000001400", @ANYRES64=r2], 0x38}}, 0x0) 668.760112ms ago: executing program 0 (id=1216): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x80041285, 0x0) io_uring_enter(0xffffffffffffffff, 0x6252, 0xc09b, 0x0, 0x0, 0x0) r3 = socket$inet6_icmp(0xa, 0x2, 0x3a) listen(r3, 0x8) poll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x4224}], 0x1, 0x4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x31}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000000c0)=ANY=[@ANYBLOB="49b40600000000675bb90fec0e113a00060000000000000002000008b700000000000000ba8c034afb3aa39f48950000000000000000000000155cfb907325d17082ce26fba4f4172e"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 667.060988ms ago: executing program 6 (id=1217): prlimit64(0x0, 0xe, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpid() mount$bpf(0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x13, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x6}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x6}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x4}}, [@snprintf={{0x7, 0x0, 0x8, 0x6}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x6}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x6}, {}, {}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x4}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 307.975339ms ago: executing program 5 (id=1218): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0xf17c6ff0a457fbf4) fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r0, 0x0) fanotify_mark(0xffffffffffffffff, 0x71, 0x40000009, 0xffffffffffffffff, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r1, 0x7005) r2 = epoll_create(0x10000e9) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f0000000080)={0x2025}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x400000000, 0x4, 0x7fffffff}, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) 144.409017ms ago: executing program 0 (id=1219): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000000ffffffff0000"], &(0x7f0000000100)='GPL\x00', 0x7f, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x1009) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) sendmmsg$inet6(r3, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="613697", 0x3}], 0x1}}], 0x1, 0x40000) 143.581434ms ago: executing program 1 (id=1220): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x26, &(0x7f0000000440)={@multicast2, @multicast2, @empty}, 0xc) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}], 0x0, 0x0, 0x0, 0x0, 0x2}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89b0, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)="aa", 0x1, 0x20000000, &(0x7f0000000100)={0xa, 0x0, 0x4, @local, 0x4}, 0x1c) mknod$loop(&(0x7f00000017c0)='./file0\x00', 0x2480, 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b904021d080211000000040000a118000200e000000e00000e1208000f0100810401a80016ea1f000840032e5f54c92011148ed08734843c8802033d0803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) 0s ago: executing program 5 (id=1221): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1, 0x70bd2a}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0cc5640, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5c, 0x80, 0x0, 0x89}, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3) sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r4, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0) kernel console output (not intermixed with test programs): ce will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.220496][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.241977][ T5843] Bluetooth: hci1: command tx timeout [ 88.263602][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.272322][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.302277][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.313979][ T5843] Bluetooth: hci4: command tx timeout [ 88.313988][ T5834] Bluetooth: hci3: command tx timeout [ 88.320721][ T5843] Bluetooth: hci2: command tx timeout [ 88.326611][ T54] Bluetooth: hci0: command tx timeout [ 88.426170][ T5836] team0: Port device team_slave_0 added [ 88.437709][ T5836] team0: Port device team_slave_1 added [ 88.445527][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.455998][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.483674][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.500029][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.508478][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.540655][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.605161][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.612892][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.641978][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.654270][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.662802][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.691229][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.706589][ T5825] hsr_slave_0: entered promiscuous mode [ 88.714696][ T5825] hsr_slave_1: entered promiscuous mode [ 88.729214][ T5831] hsr_slave_0: entered promiscuous mode [ 88.736974][ T5831] hsr_slave_1: entered promiscuous mode [ 88.744525][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.752795][ T5831] Cannot create hsr debugfs directory [ 88.759251][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.766427][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.795840][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.841904][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.850918][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.878730][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.953718][ T5821] hsr_slave_0: entered promiscuous mode [ 88.964947][ T5821] hsr_slave_1: entered promiscuous mode [ 88.972421][ T5821] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.981002][ T5821] Cannot create hsr debugfs directory [ 89.024505][ T5829] hsr_slave_0: entered promiscuous mode [ 89.048668][ T5829] hsr_slave_1: entered promiscuous mode [ 89.056438][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.066721][ T5829] Cannot create hsr debugfs directory [ 89.106770][ T5836] hsr_slave_0: entered promiscuous mode [ 89.115161][ T5836] hsr_slave_1: entered promiscuous mode [ 89.122002][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.130641][ T5836] Cannot create hsr debugfs directory [ 89.543799][ T5825] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.561148][ T5825] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.584171][ T5825] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.604650][ T5825] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.665736][ T5831] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.683114][ T5831] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.695488][ T5831] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.733614][ T5831] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.783847][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.804699][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.828476][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.847869][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.956978][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.986109][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.003337][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.014774][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.081022][ T5829] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.112723][ T5829] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.144703][ T5829] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.154656][ T5829] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.187599][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.267513][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.281200][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.308590][ T54] Bluetooth: hci1: command tx timeout [ 90.329606][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.339219][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.350768][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.358881][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.388358][ T5834] Bluetooth: hci2: command tx timeout [ 90.389028][ T5843] Bluetooth: hci4: command tx timeout [ 90.396799][ T54] Bluetooth: hci0: command tx timeout [ 90.400335][ T5828] Bluetooth: hci3: command tx timeout [ 90.446277][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.487824][ T4219] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.495091][ T4219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.517342][ T4219] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.525613][ T4219] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.557085][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.592219][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.652574][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.680649][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.694076][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.724957][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.732276][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.745464][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.752694][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.767793][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.782868][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.813616][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.821594][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.852137][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.860020][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.875223][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.885046][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.946297][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.953671][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.079053][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.201425][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.301810][ T5825] veth0_vlan: entered promiscuous mode [ 91.347199][ T5825] veth1_vlan: entered promiscuous mode [ 91.465535][ T5825] veth0_macvtap: entered promiscuous mode [ 91.492606][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.542193][ T5825] veth1_macvtap: entered promiscuous mode [ 91.625784][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.640088][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.666316][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.699253][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.732514][ T5836] veth0_vlan: entered promiscuous mode [ 91.751185][ T5825] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.762091][ T5825] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.773061][ T5825] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.783431][ T5825] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.817513][ T5836] veth1_vlan: entered promiscuous mode [ 91.931769][ T5829] veth0_vlan: entered promiscuous mode [ 91.949976][ T5821] veth0_vlan: entered promiscuous mode [ 91.957425][ T5831] veth0_vlan: entered promiscuous mode [ 91.984598][ T5829] veth1_vlan: entered promiscuous mode [ 92.015834][ T5836] veth0_macvtap: entered promiscuous mode [ 92.030407][ T5821] veth1_vlan: entered promiscuous mode [ 92.042771][ T5831] veth1_vlan: entered promiscuous mode [ 92.056250][ T5836] veth1_macvtap: entered promiscuous mode [ 92.105565][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.116721][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.186421][ T5829] veth0_macvtap: entered promiscuous mode [ 92.203068][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.215833][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.229418][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.238257][ T4219] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.246204][ T4219] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.256075][ T5829] veth1_macvtap: entered promiscuous mode [ 92.279501][ T5831] veth0_macvtap: entered promiscuous mode [ 92.288044][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.303506][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.316428][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.333006][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.353019][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.364295][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.374262][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.388919][ T5828] Bluetooth: hci1: command tx timeout [ 92.411902][ T5831] veth1_macvtap: entered promiscuous mode [ 92.424969][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.447645][ T5821] veth0_macvtap: entered promiscuous mode [ 92.468856][ T5828] Bluetooth: hci3: command tx timeout [ 92.469585][ T5821] veth1_macvtap: entered promiscuous mode [ 92.474868][ T5828] Bluetooth: hci4: command tx timeout [ 92.483307][ T54] Bluetooth: hci0: command tx timeout [ 92.487518][ T5843] Bluetooth: hci2: command tx timeout [ 92.577728][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.597027][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.611734][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.629704][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.643018][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.660653][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.674729][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.689772][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.702242][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.717198][ T977] cfg80211: failed to load regulatory.db [ 92.739370][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.774649][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.789635][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.801672][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.813277][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.824595][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.836730][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.849951][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.863403][ T5829] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.874609][ T5829] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.884693][ T5829] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.893844][ T5829] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.124601][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.154199][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.173743][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.187710][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.209466][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.227463][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.246164][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.261079][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.276038][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.319009][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.339146][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.349618][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.360901][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.385961][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.403294][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.417072][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.459179][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.469857][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.491979][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.506127][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.517703][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.529870][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.544045][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.556819][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.573367][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.621607][ T5831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.634179][ T5831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.644183][ T5831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.659009][ T5831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.708641][ T5821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.728312][ T5821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.747946][ T5821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.765626][ T5821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.824985][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.865386][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.940131][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.954909][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.555431][ T5843] Bluetooth: hci1: command tx timeout [ 94.561353][ T5843] Bluetooth: hci0: command tx timeout [ 94.566936][ T5843] Bluetooth: hci3: command tx timeout [ 94.572654][ T5843] Bluetooth: hci2: command tx timeout [ 94.578400][ T5843] Bluetooth: hci4: command tx timeout [ 94.680348][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.730826][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.809099][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.837754][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.080837][ T4219] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.137178][ T4219] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.220766][ T5922] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.283363][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.311462][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.323993][ T3494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.354362][ T3494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.660612][ T4219] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.736142][ T4219] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.061788][ T5928] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 96.072387][ T5930] ======================================================= [ 96.072387][ T5930] WARNING: The mand mount option has been deprecated and [ 96.072387][ T5930] and is ignored by this kernel. Remove the mand [ 96.072387][ T5930] option from the mount to silence this warning. [ 96.072387][ T5930] ======================================================= [ 96.118786][ T5928] overlayfs: failed to set xattr on upper [ 96.141414][ T5928] overlayfs: ...falling back to redirect_dir=nofollow. [ 96.187160][ T5928] overlayfs: ...falling back to index=off. [ 96.207476][ T5928] overlayfs: ...falling back to uuid=null. [ 96.305218][ T5940] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.875847][ T5956] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 97.885117][ T5956] UDF-fs: Scanning with blocksize 512 failed [ 97.894885][ T5956] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 98.038158][ T5956] UDF-fs: Scanning with blocksize 1024 failed [ 98.048739][ T5956] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 98.057497][ T5956] UDF-fs: Scanning with blocksize 2048 failed [ 98.065470][ T5956] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 98.075391][ T5956] UDF-fs: Scanning with blocksize 4096 failed [ 98.513273][ T5962] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.543749][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 99.394566][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.619909][ T5965] netlink: 'syz.3.16': attribute type 12 has an invalid length. [ 99.764826][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.051805][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.086466][ T5975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.20'. [ 101.405181][ T5975] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.425424][ T5975] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 101.460466][ T5975] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.474892][ T5975] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.663788][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 101.677420][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 101.692582][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 101.731142][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.744450][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 101.758234][ T5843] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 101.766944][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 101.891430][ T5997] kvm: requested 30171 ns i8254 timer period limited to 200000 ns [ 101.901199][ T5997] kvm: requested 31847 ns i8254 timer period limited to 200000 ns [ 101.910403][ T5997] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 101.919689][ T5997] kvm: requested 128228 ns i8254 timer period limited to 200000 ns [ 101.930178][ T5997] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 101.938550][ T5997] kvm: requested 116495 ns i8254 timer period limited to 200000 ns [ 101.947937][ T5997] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 101.956618][ T5997] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 102.099522][ T11] bridge_slave_1: left allmulticast mode [ 102.116332][ T11] bridge_slave_1: left promiscuous mode [ 102.127201][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.213972][ T11] bridge_slave_0: left allmulticast mode [ 102.220317][ T11] bridge_slave_0: left promiscuous mode [ 102.240652][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.637207][ T6006] netlink: 'syz.1.28': attribute type 1 has an invalid length. [ 102.648750][ T6006] netlink: 224 bytes leftover after parsing attributes in process `syz.1.28'. [ 102.844559][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.947941][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.515380][ T5826] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 103.796199][ T5826] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 103.832055][ T5828] Bluetooth: hci2: command tx timeout [ 103.982468][ T5826] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 104.259730][ T5826] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 104.288345][ T5826] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 104.297233][ T5826] usb 4-1: SerialNumber: syz [ 104.595151][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.614243][ T5826] usb 4-1: 0:2 : does not exist [ 104.685311][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.731464][ T11] bond0 (unregistering): Released all slaves [ 104.809031][ T5826] usb 4-1: USB disconnect, device number 2 [ 105.878560][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.909488][ T5828] Bluetooth: hci2: command tx timeout [ 106.026299][ T5876] udevd[5876]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 106.462196][ T6050] netlink: 'syz.0.38': attribute type 4 has an invalid length. [ 107.548510][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.569623][ T5990] chnl_net:caif_netlink_parms(): no params data found [ 107.648680][ T5881] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 107.882999][ T5881] usb 5-1: Using ep0 maxpacket: 16 [ 107.935284][ T5881] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 107.988535][ T5828] Bluetooth: hci2: command tx timeout [ 108.010567][ T5881] usb 5-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.40 [ 108.029788][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.049597][ T5881] usb 5-1: Product: syz [ 108.056108][ T5881] usb 5-1: Manufacturer: syz [ 108.068499][ T5881] usb 5-1: SerialNumber: syz [ 108.960421][ T5881] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input5 [ 109.159992][ T5990] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.189288][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.198645][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 109.208407][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.216926][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.225431][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.283606][ T5990] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.572112][ T5990] bridge_slave_0: entered allmulticast mode [ 109.603918][ T5990] bridge_slave_0: entered promiscuous mode [ 109.612063][ T977] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 109.920462][ T5990] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.952806][ T5990] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.964912][ T5990] bridge_slave_1: entered allmulticast mode [ 109.973799][ T5990] bridge_slave_1: entered promiscuous mode [ 110.050337][ T11] hsr_slave_0: left promiscuous mode [ 110.057572][ T11] hsr_slave_1: left promiscuous mode [ 110.068645][ T5828] Bluetooth: hci2: command tx timeout [ 110.080613][ T977] usb 1-1: config 0 has no interfaces? [ 110.086322][ T977] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 110.103541][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.134947][ T977] usb 1-1: config 0 descriptor?? [ 110.144959][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.948518][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 111.063209][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.083688][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.115207][ T5179] bcm5974 5-1:1.0: could not read from device [ 111.145445][ T5179] bcm5974 5-1:1.0: could not read from device [ 111.165616][ T5881] usb 5-1: USB disconnect, device number 2 [ 111.167125][ T5179] bcm5974 5-1:1.0: could not read from device [ 111.183486][ T6098] netlink: 24 bytes leftover after parsing attributes in process `syz.1.49'. [ 111.200205][ T11] veth1_macvtap: left promiscuous mode [ 111.206367][ T11] veth0_macvtap: left promiscuous mode [ 111.230310][ T11] veth1_vlan: left promiscuous mode [ 111.236263][ T11] veth0_vlan: left promiscuous mode [ 112.726662][ T5826] usb 1-1: USB disconnect, device number 2 [ 113.726936][ T11] team0 (unregistering): Port device team_slave_1 removed [ 113.796576][ T6124] netlink: 'syz.1.55': attribute type 27 has an invalid length. [ 113.807868][ T11] team0 (unregistering): Port device team_slave_0 removed [ 114.230211][ T5990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.247391][ T5990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.421661][ T6124] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.430848][ T6124] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.597594][ T6124] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.607888][ T6124] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.624007][ T6124] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.634645][ T6124] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.765433][ T6125] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.777021][ T6125] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.804539][ T6125] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 114.905213][ T5990] team0: Port device team_slave_0 added [ 114.930593][ T6135] tipc: Started in network mode [ 114.960137][ T6135] tipc: Node identity deab65d85332, cluster identity 4711 [ 114.971001][ T6135] tipc: Enabled bearer , priority 0 [ 114.985988][ T6136] syzkaller0: entered promiscuous mode [ 115.005120][ T6136] syzkaller0: entered allmulticast mode [ 115.022826][ T6140] tipc: Resetting bearer [ 115.035281][ T5990] team0: Port device team_slave_1 added [ 115.069269][ T6129] tipc: Resetting bearer [ 115.075547][ T6145] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 115.119108][ T6129] tipc: Disabling bearer [ 115.200177][ T5990] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.208073][ T5990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.240815][ C1] vkms_vblank_simulate: vblank timer overrun [ 115.288161][ T5990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.361079][ T5990] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.634480][ T5990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.660914][ C1] vkms_vblank_simulate: vblank timer overrun [ 117.134600][ T6153] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 118.394963][ T5990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.069662][ T29] audit: type=1804 audit(1737407845.563:2): pid=6172 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.66" name="/newroot/14/file1" dev="fuse" ino=1 res=1 errno=0 [ 121.101536][ T5990] hsr_slave_0: entered promiscuous mode [ 121.148325][ T29] audit: type=1800 audit(1737407845.563:3): pid=6172 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.66" name="/" dev="fuse" ino=1 res=0 errno=0 [ 121.179024][ T5990] hsr_slave_1: entered promiscuous mode [ 121.223130][ T29] audit: type=1804 audit(1737407845.563:4): pid=6172 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.66" name="/newroot/14/file1" dev="fuse" ino=1 res=1 errno=0 [ 121.246346][ T5990] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 121.270800][ T5990] Cannot create hsr debugfs directory [ 121.318633][ T29] audit: type=1804 audit(1737407845.573:5): pid=6172 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.66" name="/newroot/14/file1" dev="fuse" ino=1 res=1 errno=0 [ 121.362600][ T29] audit: type=1800 audit(1737407845.573:6): pid=6172 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.66" name="/" dev="fuse" ino=1 res=0 errno=0 [ 121.697618][ T6191] syz.4.70 uses obsolete (PF_INET,SOCK_PACKET) [ 121.775865][ T6195] xt_bpf: check failed: parse error [ 121.841328][ T5990] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 121.880479][ T5990] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 121.924801][ T5990] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 121.992758][ T5990] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 122.084021][ T29] audit: type=1800 audit(1737407846.583:7): pid=6204 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.73" name="bus" dev="overlay" ino=108 res=0 errno=0 [ 122.243325][ T5990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.292777][ T5990] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.446100][ T4219] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.453433][ T4219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.545267][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.552488][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.643294][ T6220] ebtables: ebtables: counters copy to user failed while replacing table [ 124.045124][ T6242] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 126.244774][ T6256] delete_channel: no stack [ 126.377298][ T6247] delete_channel: no stack [ 126.477918][ T5990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.622017][ T6261] netlink: 'syz.4.83': attribute type 3 has an invalid length. [ 126.657772][ T6261] netlink: 224 bytes leftover after parsing attributes in process `syz.4.83'. [ 127.742507][ T5990] veth0_vlan: entered promiscuous mode [ 127.936401][ T5990] veth1_vlan: entered promiscuous mode [ 128.070137][ T6293] warning: `syz.3.89' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 128.134856][ T5990] veth0_macvtap: entered promiscuous mode [ 128.151185][ T5990] veth1_macvtap: entered promiscuous mode [ 128.171207][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.190852][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.213309][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.232606][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.246999][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.262281][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.277921][ T5990] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.293230][ T6293] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.393403][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.404249][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.488323][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.522737][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.676849][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.693338][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.639453][ T6303] netlink: 32 bytes leftover after parsing attributes in process `syz.1.92'. [ 130.672841][ T5990] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 130.688837][ T6303] netlink: 32 bytes leftover after parsing attributes in process `syz.1.92'. [ 130.827622][ T5990] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.846359][ T5990] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.868611][ T5990] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.895595][ T5990] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.877264][ T4219] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.911404][ T4219] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.743517][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.753806][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.013304][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.028458][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.276361][ T6341] syz.3.99[6341] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.276927][ T6341] syz.3.99[6341] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.290047][ T6341] syz.3.99[6341] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.982573][ T6336] 9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff [ 136.342238][ T6356] ref_ctr increment failed for inode: 0xad offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802aff4280 [ 136.357661][ T6353] uprobe: syz.4.102:6353 failed to unregister, leaking uprobe [ 136.568993][ T29] audit: type=1804 audit(1737407861.063:8): pid=6363 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.105" name="/newroot/21/bus/file1" dev="overlay" ino=134 res=1 errno=0 [ 138.609495][ T46] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 138.710793][ T6405] syz.1.110[6405] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.711429][ T6405] syz.1.110[6405] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.723716][ T6405] syz.1.110[6405] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.283915][ T46] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 139.404767][ T46] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.419746][ T46] usb 6-1: Product: syz [ 139.424607][ T46] usb 6-1: Manufacturer: syz [ 139.430535][ T46] usb 6-1: SerialNumber: syz [ 139.437484][ T46] usb 6-1: config 0 descriptor?? [ 142.898338][ T5881] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 143.354944][ T5881] usb 5-1: Using ep0 maxpacket: 8 [ 143.414230][ T5881] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 143.491001][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.574688][ T5881] usb 5-1: Product: syz [ 143.621016][ T5881] usb 5-1: Manufacturer: syz [ 143.632503][ T5881] usb 5-1: SerialNumber: syz [ 143.656063][ T5881] usb 5-1: config 0 descriptor?? [ 143.708702][ T46] usb-storage 6-1:0.0: USB Mass Storage device detected [ 143.715898][ T5881] usb 5-1: can't set config #0, error -71 [ 143.758698][ T5881] usb 5-1: USB disconnect, device number 3 [ 145.690407][ T46] usb 6-1: USB disconnect, device number 2 [ 145.740140][ T29] audit: type=1326 audit(1737407870.233:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6438 comm="syz.0.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 146.019986][ T29] audit: type=1326 audit(1737407870.233:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6438 comm="syz.0.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 146.020027][ T29] audit: type=1326 audit(1737407870.233:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6438 comm="syz.0.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 146.020057][ T29] audit: type=1326 audit(1737407870.233:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6438 comm="syz.0.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 146.020086][ T29] audit: type=1326 audit(1737407870.233:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6438 comm="syz.0.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 146.020119][ T29] audit: type=1326 audit(1737407870.373:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47b385d29 code=0x7ffc0000 [ 146.020148][ T29] audit: type=1326 audit(1737407870.373:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff47b385d29 code=0x7ffc0000 [ 146.020176][ T29] audit: type=1326 audit(1737407870.373:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47b385d29 code=0x7ffc0000 [ 146.020204][ T29] audit: type=1326 audit(1737407870.373:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47b385d29 code=0x7ffc0000 [ 146.020232][ T29] audit: type=1326 audit(1737407870.403:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff47b385d29 code=0x7ffc0000 [ 148.071284][ T6476] kAFS: unable to lookup cell '/yz1' [ 150.055096][ T6496] netlink: 16 bytes leftover after parsing attributes in process `syz.5.132'. [ 152.702264][ T6530] syzkaller0: entered allmulticast mode [ 158.439624][ T6578] xt_cgroup: invalid path, errno=-2 [ 161.478263][ T5920] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 161.718200][ T5920] usb 4-1: Using ep0 maxpacket: 8 [ 161.729435][ T5920] usb 4-1: config 0 has no interfaces? [ 162.378933][ T5920] usb 4-1: New USB device found, idVendor=03f0, idProduct=0207, bcdDevice= 0.01 [ 162.388650][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.396798][ T5920] usb 4-1: Product: syz [ 162.410770][ T5920] usb 4-1: Manufacturer: syz [ 162.415570][ T5920] usb 4-1: SerialNumber: syz [ 162.429635][ T5920] usb 4-1: config 0 descriptor?? [ 162.701094][ T5826] usb 4-1: USB disconnect, device number 3 [ 162.792202][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 162.792220][ T29] audit: type=1326 audit(1737407887.293:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d03385d29 code=0x7ffc0000 [ 162.869462][ T29] audit: type=1326 audit(1737407887.323:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d03385d29 code=0x7ffc0000 [ 162.926337][ T29] audit: type=1326 audit(1737407887.323:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d03385d29 code=0x7ffc0000 [ 162.986926][ T29] audit: type=1326 audit(1737407887.323:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d03385d29 code=0x7ffc0000 [ 163.023391][ T29] audit: type=1326 audit(1737407887.323:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d03385d29 code=0x7ffc0000 [ 163.050474][ T29] audit: type=1326 audit(1737407887.323:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d03385d29 code=0x7ffc0000 [ 163.076154][ T29] audit: type=1326 audit(1737407887.323:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d03385d29 code=0x7ffc0000 [ 163.098773][ T5920] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 163.107725][ T29] audit: type=1326 audit(1737407887.333:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f3d03385d29 code=0x7ffc0000 [ 163.186580][ T29] audit: type=1326 audit(1737407887.333:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d03385d29 code=0x7ffc0000 [ 163.221236][ T29] audit: type=1326 audit(1737407887.333:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3d03385d29 code=0x7ffc0000 [ 163.256335][ T5920] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 163.266457][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.278318][ T5920] usb 2-1: Product: syz [ 163.283051][ T5920] usb 2-1: Manufacturer: syz [ 163.289061][ T5920] usb 2-1: SerialNumber: syz [ 163.324991][ T5920] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 163.954704][ T5910] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 165.108426][ T5910] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 165.121567][ T5910] ath9k_htc: Failed to initialize the device [ 165.911818][ T5910] usb 2-1: ath9k_htc: USB layer deinitialized [ 166.092753][ T5826] usb 2-1: USB disconnect, device number 2 [ 166.168972][ T6656] syzkaller0: entered promiscuous mode [ 166.174768][ T6656] syzkaller0: entered allmulticast mode [ 166.259183][ T6661] netlink: 56 bytes leftover after parsing attributes in process `syz.0.165'. [ 166.272223][ T6661] netlink: 8 bytes leftover after parsing attributes in process `syz.0.165'. [ 167.854129][ T6684] netlink: 32 bytes leftover after parsing attributes in process `syz.1.170'. [ 169.949207][ T6697] netlink: 24 bytes leftover after parsing attributes in process `syz.0.173'. [ 170.215740][ T6706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.173'. [ 176.316718][ T6763] NILFS (loop3): device size too small [ 177.468280][ T5879] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 177.672822][ T5879] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 177.738651][ T5879] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 177.781087][ T5879] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 178.515080][ T5879] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 178.584658][ T5879] usb 2-1: SerialNumber: syz [ 178.894443][ T5879] usb 2-1: 0:2 : does not exist [ 178.924968][ T5879] usb 2-1: unit 5: unexpected type 0x0d [ 179.819165][ T5879] usb 2-1: USB disconnect, device number 3 [ 180.131368][ T6459] udevd[6459]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 180.213011][ T6804] netlink: 16 bytes leftover after parsing attributes in process `syz.5.197'. [ 181.211696][ T6807] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 182.293610][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.4.201'. [ 182.465792][ T6827] netlink: 4 bytes leftover after parsing attributes in process `syz.4.201'. [ 182.581384][ T6827] netlink: 'syz.4.201': attribute type 1 has an invalid length. [ 182.600422][ T6827] netlink: 10 bytes leftover after parsing attributes in process `syz.4.201'. [ 183.725143][ T5828] block nbd0: Receive control failed (result -107) [ 185.580979][ T6867] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 186.308318][ T29] kauditd_printk_skb: 67 callbacks suppressed [ 186.308338][ T29] audit: type=1800 audit(1737407910.793:100): pid=6865 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.208" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 186.450367][ T5828] Bluetooth: hci4: Unknown advertising packet type: 0x18 [ 186.450445][ T5828] Bluetooth: hci4: Unknown advertising packet type: 0x1e [ 186.458295][ T5828] Bluetooth: hci4: Unknown advertising packet type: 0x30 [ 186.465961][ T5828] Bluetooth: hci4: Malformed LE Event: 0x0d [ 186.466905][ T6877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.213'. [ 186.488736][ T6878] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 186.503664][ T6878] batman_adv: batadv0: Adding interface: ip6gretap1 [ 186.511031][ T6878] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.537190][ T6878] batman_adv: batadv0: Interface activated: ip6gretap1 [ 186.537359][ T6872] delete_channel: no stack [ 186.582901][ T6878] netlink: 4 bytes leftover after parsing attributes in process `syz.3.214'. [ 186.628371][ T6878] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 186.646494][ T6878] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 186.703724][ T6878] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 186.722448][ T6878] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 186.787794][ T6878] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 186.979782][ T6878] batman_adv: batadv0: Removing interface: ip6gretap1 [ 189.189727][ T6910] netlink: 12 bytes leftover after parsing attributes in process `syz.1.220'. [ 189.233142][ T6910] xt_connbytes: Forcing CT accounting to be enabled [ 189.240679][ T6910] Cannot find del_set index 1 as target [ 190.008906][ T6914] process 'syz.1.222' launched './file1' with NULL argv: empty string added [ 190.261265][ T6927] netlink: 'syz.4.225': attribute type 29 has an invalid length. [ 190.292550][ T6927] netlink: 'syz.4.225': attribute type 29 has an invalid length. [ 190.316711][ T6927] netlink: 'syz.4.225': attribute type 29 has an invalid length. [ 190.327759][ T6927] netlink: 'syz.4.225': attribute type 29 has an invalid length. [ 190.347077][ T6927] netlink: 'syz.4.225': attribute type 29 has an invalid length. [ 190.362111][ T6927] netlink: 'syz.4.225': attribute type 29 has an invalid length. [ 190.372154][ T6927] netlink: 'syz.4.225': attribute type 29 has an invalid length. [ 190.436209][ T6918] kvm: emulating exchange as write [ 190.448259][ T5920] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 190.637940][ T5920] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 190.951534][ T5920] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 191.233213][ T5920] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 191.242730][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.302002][ T5920] usb 4-1: Product: syz [ 191.306493][ T5920] usb 4-1: Manufacturer: syz [ 191.311263][ T5920] usb 4-1: SerialNumber: syz [ 191.329073][ T5920] usb 4-1: config 0 descriptor?? [ 191.334763][ T6922] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 191.362466][ T6922] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 191.746750][ T6922] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 191.773246][ T6922] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 192.702175][ T5920] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 193.046661][ T6922] netlink: 28 bytes leftover after parsing attributes in process `syz.3.224'. [ 193.976835][ T5920] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 194.439678][ T5920] usb 4-1: USB disconnect, device number 4 [ 195.114481][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.124472][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.669107][ T6982] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.677713][ T6982] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.143539][ T6982] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 197.259802][ T6982] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.113503][ T6982] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.125418][ T6982] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.135612][ T6982] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.148283][ T6982] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.259948][ T7009] team_slave_0: entered promiscuous mode [ 198.266023][ T7009] team_slave_1: entered promiscuous mode [ 198.296966][ T7009] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 198.309950][ T7009] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 198.355669][ T7010] bond0: entered promiscuous mode [ 198.371220][ T7010] bond_slave_0: entered promiscuous mode [ 198.398987][ T7010] bond_slave_1: entered promiscuous mode [ 198.420441][ T7010] macvlan2: entered promiscuous mode [ 198.461031][ T7010] team0: entered promiscuous mode [ 198.490639][ T5825] syz-executor (5825) used greatest stack depth: 18512 bytes left [ 198.522218][ T7014] bridge_slave_1: left allmulticast mode [ 198.554074][ T7014] bridge_slave_1: left promiscuous mode [ 198.734843][ T7014] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.751721][ T7021] netlink: 12 bytes leftover after parsing attributes in process `syz.4.246'. [ 199.232599][ T7024] netlink: 188 bytes leftover after parsing attributes in process `syz.4.246'. [ 199.301986][ T7024] netlink: 'syz.4.246': attribute type 1 has an invalid length. [ 199.316599][ T7019] bridge_slave_0: left allmulticast mode [ 199.351313][ T7019] bridge_slave_0: left promiscuous mode [ 199.381971][ T7019] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.165092][ T7045] Cannot find set identified by id 0 to match [ 201.052388][ T5920] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 201.127313][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 201.137716][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 201.147718][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 201.171969][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 201.228247][ T5920] usb 2-1: Using ep0 maxpacket: 16 [ 201.254202][ T5920] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 201.288236][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 201.313276][ T5920] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 201.323880][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.334151][ T5920] usb 2-1: Product: syz [ 201.339298][ T5920] usb 2-1: Manufacturer: syz [ 201.344925][ T5920] usb 2-1: SerialNumber: syz [ 201.406927][ T5843] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 201.418508][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 201.759370][ T5920] usb 2-1: config 0 descriptor?? [ 201.772647][ T5920] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 201.782017][ T5920] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 202.394479][ T7055] chnl_net:caif_netlink_parms(): no params data found [ 202.401626][ T5920] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 202.429350][ T5920] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 202.498972][ T29] audit: type=1326 audit(1737407926.993:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7080 comm="syz.5.257" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3847b85d29 code=0x0 [ 202.657922][ T7055] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.682305][ T7055] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.702475][ T7055] bridge_slave_0: entered allmulticast mode [ 202.731675][ T7055] bridge_slave_0: entered promiscuous mode [ 202.752169][ T7055] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.772439][ T7055] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.775317][ T5882] IPVS: starting estimator thread 0... [ 202.780196][ T7091] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 202.798407][ T7055] bridge_slave_1: entered allmulticast mode [ 202.841062][ T7055] bridge_slave_1: entered promiscuous mode [ 202.898367][ T7096] IPVS: using max 26 ests per chain, 62400 per kthread [ 202.927217][ T7055] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.944502][ T7055] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.089528][ T5920] em28xx 2-1:0.0: Unknown AC97 audio processor detected! [ 203.122606][ T5920] em28xx 2-1:0.0: couldn't setup AC97 register 2 [ 203.160148][ T5920] em28xx 2-1:0.0: couldn't setup AC97 register 4 [ 203.172100][ T7055] team0: Port device team_slave_0 added [ 203.185628][ T7055] team0: Port device team_slave_1 added [ 203.599591][ T5843] Bluetooth: hci1: command tx timeout [ 204.030734][ T7055] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.080196][ T7055] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.364817][ T5920] em28xx 2-1:0.0: couldn't setup AC97 register 54 [ 204.375566][ T7055] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.519194][ T5920] em28xx 2-1:0.0: couldn't setup AC97 register 56 [ 204.531626][ T7055] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.545939][ T5920] usb 2-1: USB disconnect, device number 4 [ 204.553973][ T7055] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.581440][ T7055] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.672006][ T5843] Bluetooth: hci1: command tx timeout [ 205.699474][ T7055] hsr_slave_0: entered promiscuous mode [ 205.752879][ T7055] hsr_slave_1: entered promiscuous mode [ 205.793333][ T7055] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 205.816561][ T7055] Cannot create hsr debugfs directory [ 207.758326][ T5843] Bluetooth: hci1: command tx timeout [ 207.776789][ T7055] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.488806][ T7055] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.661708][ T7055] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.772830][ T7055] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.039383][ T7170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.272'. [ 209.113075][ T7055] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 209.152888][ T7055] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 209.193983][ T7055] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 209.241413][ T7055] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 209.829167][ T5843] Bluetooth: hci1: command tx timeout [ 210.073715][ T7055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.114893][ T7055] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.224384][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.232500][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.286766][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.294127][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.715808][ T7055] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.514484][ T7055] veth0_vlan: entered promiscuous mode [ 212.556536][ T7055] veth1_vlan: entered promiscuous mode [ 212.837632][ T5823] Bluetooth: hci4: command 0x0406 tx timeout [ 212.845261][ T5823] Bluetooth: hci0: command 0x0406 tx timeout [ 212.863735][ T5823] Bluetooth: hci3: command 0x0406 tx timeout [ 214.542835][ T7219] Zero length message leads to an empty skb [ 214.633987][ T7055] veth0_macvtap: entered promiscuous mode [ 214.646293][ T7055] veth1_macvtap: entered promiscuous mode [ 214.665082][ T7055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 214.677665][ T7055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.690095][ T7055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 214.702244][ T7055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.715149][ T7055] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.726449][ T7055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 214.737795][ T7055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.748387][ T7055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 214.794996][ T7055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.850061][ T7055] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.900319][ T7055] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.937734][ T7055] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.988290][ T7055] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.997131][ T7055] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.529701][ T4219] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.563789][ T4219] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.620597][ T4219] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.640010][ T4219] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.906704][ T7251] cifs: Unknown parameter 'no'‘a£Nð[G¶zob,erèèµ;%j¸¼ [ 217.906704][ T7251] ‡üzæ,€@q¬Ú÷ôÐåéJ#³"ŽÚh/.W1ȱ¨nNCº"†CÙ׈¡E)Ð8+€î¶á÷' [ 220.246094][ T7270] netlink: 'syz.0.298': attribute type 10 has an invalid length. [ 220.346918][ T7276] netlink: 596 bytes leftover after parsing attributes in process `syz.4.300'. [ 220.416081][ T7275] netlink: 48 bytes leftover after parsing attributes in process `syz.0.298'. [ 220.458352][ T5826] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 220.660415][ T5826] usb 2-1: Using ep0 maxpacket: 8 [ 220.693484][ T5826] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 220.778326][ T5826] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 220.826048][ T5826] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 220.845258][ T5826] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 221.840985][ T5826] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 222.297604][ T5826] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.367279][ T7295] netlink: 32 bytes leftover after parsing attributes in process `syz.0.305'. [ 222.408512][ T7295] netlink: 32 bytes leftover after parsing attributes in process `syz.0.305'. [ 222.840057][ T5826] usb 2-1: GET_CAPABILITIES returned 0 [ 222.957188][ T5826] usbtmc 2-1:16.0: can't read capabilities [ 223.008806][ T5826] usb 2-1: USB disconnect, device number 5 [ 225.853376][ T7324] ipvlan2: entered promiscuous mode [ 225.900381][ T7324] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 225.931751][ T7324] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 226.318517][ T29] audit: type=1326 audit(1737407950.813:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7325 comm="syz.5.315" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3847b85d29 code=0x0 [ 227.908266][ T5828] Bluetooth: hci2: command 0x0406 tx timeout [ 228.782659][ T29] audit: type=1804 audit(1737407953.283:103): pid=7344 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.318" name="/newroot/43/bus/file1" dev="overlay" ino=253 res=1 errno=0 [ 228.844520][ T7346] netlink: 36 bytes leftover after parsing attributes in process `syz.3.319'. [ 228.868244][ T7346] netlink: 16 bytes leftover after parsing attributes in process `syz.3.319'. [ 228.887611][ T7346] netlink: 36 bytes leftover after parsing attributes in process `syz.3.319'. [ 228.909134][ T7346] netlink: 36 bytes leftover after parsing attributes in process `syz.3.319'. [ 230.390503][ T7367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.325'. [ 230.961960][ T7364] netlink: 8 bytes leftover after parsing attributes in process `syz.1.325'. [ 230.991959][ T7375] netlink: 16 bytes leftover after parsing attributes in process `syz.4.328'. [ 231.010394][ T7375] bridge0: entered promiscuous mode [ 231.042017][ T7375] bridge0: left promiscuous mode [ 231.206090][ T7382] netlink: 12 bytes leftover after parsing attributes in process `syz.3.329'. [ 234.165324][ T7400] binder_alloc: 7399: binder_alloc_buf, no vma [ 236.367553][ T7416] netlink: 20 bytes leftover after parsing attributes in process `syz.0.341'. [ 236.503001][ T7416] Driver unsupported XDP return value 0 on prog (id 76) dev N/A, expect packet loss! [ 236.548352][ T5879] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 237.638242][ T5879] usb 5-1: Using ep0 maxpacket: 32 [ 237.785273][ T5879] usb 5-1: config 0 has an invalid interface number: 88 but max is 0 [ 237.835997][ T5879] usb 5-1: config 0 has no interface number 0 [ 237.973785][ T5879] usb 5-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=7d.12 [ 238.195227][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.350540][ T5879] usb 5-1: Product: syz [ 238.411577][ T5879] usb 5-1: Manufacturer: syz [ 238.448466][ T5879] usb 5-1: SerialNumber: syz [ 238.489877][ T5879] usb 5-1: config 0 descriptor?? [ 238.794807][ T5879] f81534a_ctrl 5-1:0.88: failed to set register 0x116: -5 [ 238.828262][ T5879] f81534a_ctrl 5-1:0.88: failed to enable ports: -5 [ 238.858280][ T5879] f81534a_ctrl 5-1:0.88: probe with driver f81534a_ctrl failed with error -5 [ 238.955640][ T5879] usb 5-1: USB disconnect, device number 4 [ 240.758473][ T7453] ipt_rpfilter: unknown options [ 243.866758][ T7455] kvm: faulting far call emulation tainted memory [ 244.111211][ T7472] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 244.950980][ T7472] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 245.057018][ T7472] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 245.077091][ T7472] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 245.155475][ T7472] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 245.208505][ T7472] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 245.235085][ T7472] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 245.685878][ T7472] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 245.790244][ T7472] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 245.796623][ T7472] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 245.820737][ T7472] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 245.938272][ T7491] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 245.981766][ T7485] kvm: pic: single mode not supported [ 245.982149][ T7485] kvm: pic: non byte read [ 245.998631][ T7485] kvm: pic: level sensitive irq not supported [ 245.998758][ T7485] kvm: pic: non byte read [ 246.077055][ T7493] netlink: 'syz.0.359': attribute type 1 has an invalid length. [ 246.117282][ T7493] bond1: entered promiscuous mode [ 246.122986][ T7493] 8021q: adding VLAN 0 to HW filter on device bond1 [ 246.150308][ T7493] 8021q: adding VLAN 0 to HW filter on device bond1 [ 246.158814][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 246.169572][ T7493] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 246.190536][ T7493] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 246.203253][ T7493] bond1: (slave ip6gre1): making interface the new active one [ 246.212036][ T7493] ip6gre1: entered promiscuous mode [ 246.229673][ T7498] netlink: 4 bytes leftover after parsing attributes in process `syz.0.359'. [ 246.241891][ T7493] bond1: (slave ip6gre1): Enslaving as an active interface with an up link [ 246.513442][ T7503] capability: warning: `syz.4.362' uses deprecated v2 capabilities in a way that may be insecure [ 246.896524][ T7498] bond1 (unregistering): (slave ip6gre1): Releasing backup interface [ 246.917215][ T7498] ip6gre1: left promiscuous mode [ 246.934573][ T7498] bond1 (unregistering): Released all slaves [ 247.004707][ T7515] netlink: 24 bytes leftover after parsing attributes in process `syz.5.367'. [ 247.138618][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 247.200672][ T54] Bluetooth: hci4: command 0x0406 tx timeout [ 247.268476][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 247.685465][ T7524] netlink: 4 bytes leftover after parsing attributes in process `syz.5.367'. [ 247.839010][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 248.238776][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 248.825341][ T7536] netlink: 'syz.5.370': attribute type 10 has an invalid length. [ 248.879006][ T7536] team0: Port device netdevsim0 added [ 249.198253][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 249.268303][ T54] Bluetooth: hci4: command 0x0406 tx timeout [ 249.348863][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 249.927499][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 250.478238][ T7545] syz.3.375: attempt to access beyond end of device [ 250.478238][ T7545] loop7: rw=0, sector=0, nr_sectors = 1 limit=0 [ 250.496839][ T7545] FAT-fs (loop7): unable to read boot sector [ 250.837690][ T7564] netlink: 24 bytes leftover after parsing attributes in process `syz.1.381'. [ 251.597642][ T7574] netlink: 4 bytes leftover after parsing attributes in process `syz.1.381'. [ 251.989148][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 257.336000][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 257.342816][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.391876][ T7622] uprobe: syz.0.395:7622 failed to unregister, leaking uprobe [ 258.081807][ T7632] netlink: 36 bytes leftover after parsing attributes in process `syz.0.399'. [ 258.149405][ T7632] netlink: 16 bytes leftover after parsing attributes in process `syz.0.399'. [ 258.166242][ T7632] netlink: 36 bytes leftover after parsing attributes in process `syz.0.399'. [ 258.186043][ T7632] netlink: 36 bytes leftover after parsing attributes in process `syz.0.399'. [ 258.282009][ T7641] netlink: 'syz.3.400': attribute type 4 has an invalid length. [ 258.435649][ T7639] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 258.473148][ T7647] netlink: 24 bytes leftover after parsing attributes in process `syz.0.403'. [ 261.799888][ T54] Bluetooth: hci3: unexpected event for opcode 0x041b [ 263.902925][ T7676] netlink: 8 bytes leftover after parsing attributes in process `syz.0.411'. [ 263.918068][ T5882] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 263.932376][ T7676] bond1: entered promiscuous mode [ 263.937618][ T7676] 8021q: adding VLAN 0 to HW filter on device bond1 [ 264.000742][ T29] audit: type=1800 audit(1737407988.494:104): pid=7680 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.412" name="bus" dev="overlay" ino=175 res=0 errno=0 [ 264.020026][ T7676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.411'. [ 264.041655][ T7680] evm: overlay not supported [ 264.097596][ T7685] set match dimension is over the limit! [ 264.183306][ T5882] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 264.203321][ T5882] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.222722][ T5882] usb 6-1: Product: syz [ 264.235231][ T5882] usb 6-1: Manufacturer: syz [ 264.241031][ T5882] usb 6-1: SerialNumber: syz [ 264.268226][ T5882] r8152-cfgselector 6-1: Unknown version 0x0000 [ 264.274566][ T5882] r8152-cfgselector 6-1: config 0 descriptor?? [ 264.633070][ T5920] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 264.752311][ T5881] r8152-cfgselector 6-1: USB disconnect, device number 3 [ 264.797849][ T5920] usb 4-1: Using ep0 maxpacket: 16 [ 264.805409][ T5920] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 264.816762][ T5920] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 264.827040][ T5920] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 264.836600][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.838872][ T7676] bond1 (unregistering): Released all slaves [ 264.879504][ T5920] usb 4-1: config 0 descriptor?? [ 264.971337][ T25] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 265.129248][ T25] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 265.140473][ T25] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 265.152089][ T25] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 265.161368][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.173517][ T7699] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 265.185668][ T25] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 267.746148][ T25] usb 4-1: USB disconnect, device number 5 [ 267.827733][ T5881] usb 2-1: USB disconnect, device number 6 [ 267.888856][ T7717] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 268.003466][ T7730] Bluetooth: MGMT ver 1.23 [ 273.605726][ T29] audit: type=1804 audit(1737407998.104:105): pid=7765 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.437" name="/newroot/95/bus/file0" dev="overlay" ino=540 res=1 errno=0 [ 273.738917][ T7770] ebt_limit: overflow, try lower: 570423552/2483027968 [ 284.462984][ T7859] tipc: Started in network mode [ 284.526766][ T7859] tipc: Node identity 6, cluster identity 4711 [ 284.606945][ T7859] tipc: Node number set to 6 [ 285.019151][ T7867] netlink: 112 bytes leftover after parsing attributes in process `syz.0.461'. [ 285.326070][ T7866] hsr0: entered promiscuous mode [ 290.915918][ T7922] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 291.877784][ T7932] netlink: 8 bytes leftover after parsing attributes in process `syz.4.475'. [ 293.026025][ T7946] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 294.500917][ T7954] sctp: [Deprecated]: syz.4.481 (pid 7954) Use of int in max_burst socket option. [ 294.500917][ T7954] Use struct sctp_assoc_value instead [ 295.305720][ T7966] futex_wake_op: syz.0.485 tries to shift op by -1; fix this program [ 296.922520][ T54] Bluetooth: hci1: unexpected event for opcode 0x2006 [ 299.043085][ T8010] vlan2: entered promiscuous mode [ 300.198300][ T8026] befs: (nbd1): No write support. Marking filesystem read-only [ 300.206859][ T8026] syz.1.497: attempt to access beyond end of device [ 300.206859][ T8026] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 304.982870][ T977] IPVS: starting estimator thread 0... [ 306.089251][ T8076] netlink: 'syz.5.507': attribute type 4 has an invalid length. [ 306.493234][ T8073] IPVS: using max 23 ests per chain, 55200 per kthread [ 310.222318][ T8127] netlink: 28 bytes leftover after parsing attributes in process `syz.0.519'. [ 310.275702][ T8127] tipc: Cannot configure node identity twice [ 312.239420][ T8128] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 312.248633][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 312.730793][ T8147] netlink: 'syz.0.523': attribute type 4 has an invalid length. [ 313.352417][ T8156] kvm: kvm [8155]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x5500000800 [ 314.100913][ T8156] kvm: kvm [8155]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x7100000800 [ 314.123591][ T8156] kvm: kvm [8155]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xa600000000 [ 318.262582][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.275092][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.374696][ T8206] netlink: 'syz.0.536': attribute type 10 has an invalid length. [ 318.454374][ T8206] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 318.486198][ T8206] team0: Failed to send options change via netlink (err -105) [ 318.507439][ T8206] team0: Port device netdevsim0 added [ 318.577381][ T8211] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 318.586842][ T8211] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 318.595763][ T8211] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 318.605061][ T8211] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 318.707175][ T8211] team0: Port device vxlan0 added [ 319.173928][ T8230] trusted_key: syz.5.541 sent an empty control message without MSG_MORE. [ 320.235286][ T8240] xt_NFQUEUE: number of total queues is 0 [ 320.756352][ T8235] syz.4.544: attempt to access beyond end of device [ 320.756352][ T8235] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 320.769458][ T8235] (syz.4.544,8235,1):ocfs2_get_sector:1769 ERROR: status = -5 [ 320.777425][ T8235] (syz.4.544,8235,1):ocfs2_sb_probe:749 ERROR: status = -5 [ 320.784686][ T8235] (syz.4.544,8235,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 320.793326][ T8235] (syz.4.544,8235,1):ocfs2_fill_super:1178 ERROR: status = -5 [ 321.522138][ T5826] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 322.794716][ T5826] usb 6-1: Using ep0 maxpacket: 8 [ 322.852427][ T5826] usb 6-1: unable to get BOS descriptor or descriptor too short [ 322.885466][ T5826] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 322.905942][ T5826] usb 6-1: can't read configurations, error -71 [ 322.953191][ T8271] Bluetooth: MGMT ver 1.23 [ 323.000610][ T8272] netlink: 4 bytes leftover after parsing attributes in process `syz.4.553'. [ 323.571130][ T8286] 9pnet: bogus RWRITE count (512 > 32) [ 328.874472][ T8350] netlink: 36 bytes leftover after parsing attributes in process `syz.3.570'. [ 328.883408][ T8350] netlink: 16 bytes leftover after parsing attributes in process `syz.3.570'. [ 328.944414][ T8350] netlink: 36 bytes leftover after parsing attributes in process `syz.3.570'. [ 328.957905][ T8350] netlink: 36 bytes leftover after parsing attributes in process `syz.3.570'. [ 329.485184][ T8358] tmpfs: Bad value for 'mpol' [ 329.657448][ T8355] »»»»»»: renamed from lo (while UP) [ 329.719461][ T8354] »»»»»» speed is unknown, defaulting to 1000 [ 329.773891][ T8354] »»»»»» speed is unknown, defaulting to 1000 [ 329.806264][ T8354] »»»»»» speed is unknown, defaulting to 1000 [ 330.577339][ T8354] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 330.978445][ T8354] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 331.329761][ T8354] »»»»»» speed is unknown, defaulting to 1000 [ 331.367116][ T8354] »»»»»» speed is unknown, defaulting to 1000 [ 331.393652][ T8354] »»»»»» speed is unknown, defaulting to 1000 [ 331.441387][ T8354] »»»»»» speed is unknown, defaulting to 1000 [ 331.461721][ T8354] »»»»»» speed is unknown, defaulting to 1000 [ 331.497648][ T8354] »»»»»» speed is unknown, defaulting to 1000 [ 332.521160][ T977] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 332.980029][ T977] usb 4-1: Using ep0 maxpacket: 16 [ 332.987683][ T977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 332.999268][ T977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.015418][ T977] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 333.028817][ T977] usb 4-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.00 [ 333.066503][ T977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.388059][ T977] usb 4-1: config 0 descriptor?? [ 334.645535][ T977] apple 0003:05AC:0242.0001: report_id 0 is invalid [ 334.655055][ T977] apple 0003:05AC:0242.0001: item 0 1 1 8 parsing failed [ 334.662859][ T977] apple 0003:05AC:0242.0001: parse failed [ 334.710121][ T977] apple 0003:05AC:0242.0001: probe with driver apple failed with error -22 [ 334.758227][ T977] usb 4-1: USB disconnect, device number 6 [ 339.074304][ T8451] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 339.225168][ T8451] kvm: pic: non byte read [ 339.298865][ T8451] kvm: pic: level sensitive irq not supported [ 339.298939][ T8451] kvm: pic: non byte read [ 339.403994][ T8451] kvm: pic: level sensitive irq not supported [ 339.404336][ T8451] kvm: pic: non byte read [ 339.435502][ T8451] kvm: pic: level sensitive irq not supported [ 339.435587][ T8451] kvm: pic: non byte read [ 340.930338][ T8490] xt_TPROXY: Can be used only with -p tcp or -p udp [ 343.572567][ T8524] kernel read not supported for file / œÏüÔ¢W)ëS“§Ç-ë (pid: 8524 comm: syz.5.612) [ 343.964007][ T29] audit: type=1800 audit(1737408068.438:106): pid=8524 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.612" name=20019CCFFCD4A25729EB5393A7C72DEB dev="mqueue" ino=20085 res=0 errno=0 [ 345.400049][ T8536] netlink: 156 bytes leftover after parsing attributes in process `syz.3.616'. [ 345.528767][ T8539] netlink: 28 bytes leftover after parsing attributes in process `syz.4.617'. [ 345.563638][ T8539] netlink: 28 bytes leftover after parsing attributes in process `syz.4.617'. [ 346.289297][ T8539] dummy0: entered promiscuous mode [ 346.361070][ T8539] bond0: entered promiscuous mode [ 346.525523][ T8539] bond_slave_0: entered promiscuous mode [ 346.544547][ T8539] bond_slave_1: entered promiscuous mode [ 348.637373][ T8556] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 348.677171][ T8556] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 349.754515][ T8567] »»»»»» speed is unknown, defaulting to 1000 [ 351.049879][ T54] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 351.203279][ T977] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 352.534567][ T977] usb 6-1: config 0 has no interfaces? [ 352.540431][ T977] usb 6-1: New USB device found, idVendor=046d, idProduct=005c, bcdDevice= 0.00 [ 352.554275][ T977] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.578013][ T977] usb 6-1: config 0 descriptor?? [ 352.895044][ T977] usb 6-1: USB disconnect, device number 6 [ 352.925417][ T8598] fuse: Bad value for 'fd' [ 352.945920][ T8598] netlink: 20 bytes leftover after parsing attributes in process `syz.4.635'. [ 352.955833][ T8592] kvm: kvm [8591]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xfe00000000 [ 352.972106][ T8592] kvm: kvm [8591]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x27e00000080 [ 352.987222][ T8592] kvm: kvm [8591]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x3ef00000000 [ 353.413293][ T8603] netlink: 4 bytes leftover after parsing attributes in process `syz.4.637'. [ 353.733089][ T8609] netlink: 4 bytes leftover after parsing attributes in process `syz.0.640'. [ 354.663311][ T8609] bond0: (slave bond_slave_0): Releasing backup interface [ 354.743809][ T8609] bond_slave_0 (unregistering): left promiscuous mode [ 355.486028][ T8624] geneve1: entered promiscuous mode [ 355.501145][ T8624] team0: Device macvlan2 is up. Set it down before adding it as a team port [ 355.570083][ T8624] geneve1: left promiscuous mode [ 358.039359][ T8650] netlink: 16 bytes leftover after parsing attributes in process `syz.1.648'. [ 359.089597][ T8660] syz.5.652 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 361.067022][ T8678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.657'. [ 361.111672][ T8678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.657'. [ 365.433954][ T8725] netlink: 'syz.5.672': attribute type 10 has an invalid length. [ 367.439352][ T8748] Process accounting resumed [ 369.399404][ T29] audit: type=1326 audit(1737408093.900:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8753 comm="syz.1.682" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d03385d29 code=0x0 [ 370.096646][ T5990] cgroup: fork rejected by pids controller in /syz5 [ 371.012624][ T8682] syz.0.659 (8682): drop_caches: 2 [ 371.111264][ T8773] netlink: 'syz.4.688': attribute type 1 has an invalid length. [ 371.162151][ T5826] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 371.289581][ T8777] netlink: 36 bytes leftover after parsing attributes in process `syz.0.689'. [ 371.307597][ T8777] netlink: 16 bytes leftover after parsing attributes in process `syz.0.689'. [ 371.319148][ T8777] netlink: 36 bytes leftover after parsing attributes in process `syz.0.689'. [ 371.333983][ T8777] netlink: 36 bytes leftover after parsing attributes in process `syz.0.689'. [ 371.355656][ T5826] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 371.368872][ T5826] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 371.382527][ T5826] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.404461][ T5826] usb 2-1: config 0 descriptor?? [ 371.439217][ T5826] pwc: Askey VC010 type 2 USB webcam detected. [ 372.298207][ T148] team0: Port device netdevsim0 removed [ 372.496307][ T5826] pwc: send_video_command error -71 [ 372.501643][ T5826] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 372.511670][ T5826] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 372.533699][ T5826] usb 2-1: USB disconnect, device number 7 [ 373.742863][ T5826] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 373.861837][ T148] bridge_slave_1: left allmulticast mode [ 373.875340][ T148] bridge_slave_1: left promiscuous mode [ 373.882805][ T148] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.959086][ T5826] usb 2-1: device descriptor read/all, error -71 [ 374.019629][ T5828] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 374.033602][ T5828] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 374.051878][ T5828] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 374.060125][ T5828] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 374.070902][ T5828] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 374.080564][ T5828] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 374.151172][ T148] bridge_slave_0: left allmulticast mode [ 375.118603][ T148] bridge_slave_0: left promiscuous mode [ 375.141158][ T148] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.645255][ T5828] Bluetooth: hci2: command tx timeout [ 376.774036][ T29] audit: type=1326 audit(1737408101.270:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8830 comm="syz.0.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 376.945543][ T29] audit: type=1326 audit(1737408101.400:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8830 comm="syz.0.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 377.022153][ T29] audit: type=1326 audit(1737408101.400:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8830 comm="syz.0.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 377.111630][ T29] audit: type=1326 audit(1737408101.400:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8830 comm="syz.0.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 377.168517][ T29] audit: type=1326 audit(1737408101.400:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8830 comm="syz.0.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 377.203604][ T29] audit: type=1326 audit(1737408101.400:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8830 comm="syz.0.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 377.244928][ T29] audit: type=1326 audit(1737408101.400:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8830 comm="syz.0.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 377.297874][ T29] audit: type=1326 audit(1737408101.410:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8830 comm="syz.0.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 377.322138][ T8845] netlink: 8 bytes leftover after parsing attributes in process `syz.4.708'. [ 377.350047][ T29] audit: type=1326 audit(1737408101.410:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8830 comm="syz.0.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 377.400108][ T29] audit: type=1326 audit(1737408101.410:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8830 comm="syz.0.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7cf185d29 code=0x7ffc0000 [ 377.759473][ T148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 377.769815][ T148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 377.779756][ T148] bond0 (unregistering): Released all slaves [ 377.803648][ T8820] bridge0: port 3(vlan2) entered blocking state [ 377.810482][ T8820] bridge0: port 3(vlan2) entered disabled state [ 377.823170][ T8820] vlan2: entered allmulticast mode [ 377.829253][ T8820] dummy0: entered allmulticast mode [ 377.843520][ T8820] vlan2: entered promiscuous mode [ 377.848674][ T8820] dummy0: entered promiscuous mode [ 377.878389][ T8820] bridge0: port 3(vlan2) entered blocking state [ 377.885985][ T8820] bridge0: port 3(vlan2) entered forwarding state [ 377.901830][ T5920] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 377.931173][ T148] tipc: Left network mode [ 378.076198][ T8806] »»»»»» speed is unknown, defaulting to 1000 [ 378.311740][ T5920] usb 2-1: config 0 has an invalid interface number: 217 but max is 0 [ 378.320015][ T5920] usb 2-1: config 0 has no interface number 0 [ 379.001692][ T5828] Bluetooth: hci2: command tx timeout [ 379.036794][ T5920] usb 2-1: New USB device found, idVendor=a168, idProduct=0618, bcdDevice=e3.a4 [ 379.291507][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.299572][ T5920] usb 2-1: Product: syz [ 379.356403][ T5920] usb 2-1: Manufacturer: syz [ 379.394875][ T5920] usb 2-1: SerialNumber: syz [ 379.427255][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.435067][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.583792][ T5920] usb 2-1: config 0 descriptor?? [ 379.601785][ T148] hsr_slave_0: left promiscuous mode [ 379.616572][ T5920] gspca_main: gspca_sn9c20x-2.14.0 probing a168:0618 [ 379.709127][ T148] hsr_slave_1: left promiscuous mode [ 379.823654][ T148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 379.920162][ T148] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 380.173748][ T5920] gspca_sn9c20x: Write register 1001 failed -71 [ 380.194437][ T5920] gspca_sn9c20x: Device initialization failed [ 380.267764][ T5920] gspca_sn9c20x 2-1:0.217: probe with driver gspca_sn9c20x failed with error -71 [ 380.320979][ T5920] usb 2-1: USB disconnect, device number 10 [ 380.615304][ T8883] binder: BINDER_SET_CONTEXT_MGR already set [ 380.621980][ T8883] binder: 8882:8883 ioctl 4018620d 20000040 returned -16 [ 381.021370][ T54] Bluetooth: hci2: command tx timeout [ 383.101411][ T54] Bluetooth: hci2: command tx timeout [ 384.195492][ T148] team0 (unregistering): Port device team_slave_1 removed [ 384.520289][ T148] team0 (unregistering): Port device team_slave_0 removed [ 389.839824][ T977] IPVS: starting estimator thread 0... [ 389.941016][ T8964] IPVS: using max 19 ests per chain, 45600 per kthread [ 392.604518][ T8806] chnl_net:caif_netlink_parms(): no params data found [ 393.504380][ T8806] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.591061][ T8806] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.767315][ T8806] bridge_slave_0: entered allmulticast mode [ 393.815908][ T8806] bridge_slave_0: entered promiscuous mode [ 393.832025][ T8806] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.886264][ T8806] bridge0: port 2(bridge_slave_1) entered disabled state [ 393.903270][ T8806] bridge_slave_1: entered allmulticast mode [ 393.946462][ T8806] bridge_slave_1: entered promiscuous mode [ 394.562766][ T8806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 394.620747][ T8806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.678189][ T8806] team0: Port device team_slave_0 added [ 395.932489][ T8806] team0: Port device team_slave_1 added [ 397.025790][ T54] Bluetooth: hci1: unexpected event for opcode 0x2031 [ 397.054023][ T9068] [U] [ 397.057035][ T9068] [U] [ 397.059736][ T9068] [U] [ 397.062441][ T9068] [U] [ 397.065209][ T9068] [U] [ 397.067920][ T9068] [U] [ 397.070612][ T9068] [U] [ 397.073290][ T9068] [U] [ 397.903562][ T9068] [U] [ 397.906422][ T9068] [U] [ 397.909146][ T9068] [U] [ 398.478298][ T8806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 398.918095][ T54] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 399.993137][ T8806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.148698][ T9068] [U] [ 400.178556][ T8806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 400.218396][ T8806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 400.246849][ T8806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.310265][ T8806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 400.498130][ T9089] vlan2: entered promiscuous mode [ 401.104573][ T54] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 401.113933][ T54] Bluetooth: hci1: Injecting HCI hardware error event [ 401.133248][ T5828] Bluetooth: hci1: hardware error 0x00 [ 401.290954][ T9089] dummy0: entered promiscuous mode [ 401.478736][ T9089] team0: Port device vlan2 added [ 403.160961][ T8806] hsr_slave_0: entered promiscuous mode [ 403.180197][ T5828] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 403.187250][ T8806] hsr_slave_1: entered promiscuous mode [ 403.229624][ T8806] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 403.272232][ T8806] Cannot create hsr debugfs directory [ 407.766942][ T9153] »»»»»» speed is unknown, defaulting to 1000 [ 410.902064][ T9194] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 410.911409][ T9194] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 410.920531][ T9194] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 411.351660][ T9193] overlayfs: failed to clone upperpath [ 411.815893][ T9204] xt_CT: You must specify a L4 protocol and not use inversions on it [ 412.546309][ T8806] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 412.621727][ T8806] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 412.665386][ T8806] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 413.696610][ T8806] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 415.091115][ T8806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 415.494998][ T8806] 8021q: adding VLAN 0 to HW filter on device team0 [ 415.672284][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.679524][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 415.720189][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.727626][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 415.799793][ T9240] ax25_connect(): syz.1.796 uses autobind, please contact jreuter@yaina.de [ 415.883380][ T9241] netlink: 28 bytes leftover after parsing attributes in process `syz.1.796'. [ 415.895942][ T9241] netlink: 8 bytes leftover after parsing attributes in process `syz.1.796'. [ 415.905280][ T9241] netlink: 12 bytes leftover after parsing attributes in process `syz.1.796'. [ 416.590149][ T5881] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 416.760074][ T5881] usb 4-1: Using ep0 maxpacket: 8 [ 416.803935][ T8806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 416.832514][ T5881] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=1b.21 [ 416.862474][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.888077][ T5881] usb 4-1: Product: syz [ 416.908415][ T5881] usb 4-1: Manufacturer: syz [ 416.934660][ T5881] usb 4-1: SerialNumber: syz [ 416.971912][ T5881] usb 4-1: config 0 descriptor?? [ 416.998286][ T5881] usb_ehset_test 4-1:0.0: probe with driver usb_ehset_test failed with error -32 [ 417.235473][ T9273] netlink: 28 bytes leftover after parsing attributes in process `syz.4.802'. [ 417.248832][ T5881] usb 4-1: USB disconnect, device number 7 [ 417.328348][ T9278] lo speed is unknown, defaulting to 1000 [ 417.348088][ T9278] lo speed is unknown, defaulting to 1000 [ 417.357329][ T9278] lo speed is unknown, defaulting to 1000 [ 417.976495][ T9278] infiniband sz1: set down [ 417.981850][ T9278] infiniband sz1: added lo [ 418.056337][ T9278] RDS/IB: sz1: added [ 418.061912][ T9278] smc: adding ib device sz1 with port count 1 [ 418.068527][ T9278] smc: ib device sz1 port 1 has pnetid [ 418.091015][ T9273] netlink: 8 bytes leftover after parsing attributes in process `syz.4.802'. [ 418.102762][ T25] lo speed is unknown, defaulting to 1000 [ 418.134384][ T9278] lo speed is unknown, defaulting to 1000 [ 418.178246][ T9273] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.187676][ T9273] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.237710][ T25] lo speed is unknown, defaulting to 1000 [ 418.275306][ T9278] lo speed is unknown, defaulting to 1000 [ 418.382783][ T9278] lo speed is unknown, defaulting to 1000 [ 418.489517][ T9278] lo speed is unknown, defaulting to 1000 [ 418.592594][ T9278] lo speed is unknown, defaulting to 1000 [ 418.709710][ T9278] lo speed is unknown, defaulting to 1000 [ 418.771616][ T8806] veth0_vlan: entered promiscuous mode [ 418.838740][ T8806] veth1_vlan: entered promiscuous mode [ 418.871846][ T9292] Invalid source name [ 418.906640][ T9292] UBIFS error (pid: 9292): cannot open "./file0", error -22 [ 418.972561][ T8806] veth0_macvtap: entered promiscuous mode [ 419.008233][ T8806] veth1_macvtap: entered promiscuous mode [ 419.128484][ T9300] overlayfs: failed to clone upperpath [ 419.333013][ T9298] bridge1: entered promiscuous mode [ 419.421984][ T9298] bridge1: entered allmulticast mode [ 419.580655][ T9301] netlink: 'syz.1.805': attribute type 4 has an invalid length. [ 419.729928][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.766723][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.766821][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.766839][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.826072][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.826098][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.827825][ T8806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 419.836202][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.836227][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.836238][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.836251][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.836265][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.836278][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.837564][ T8806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 419.848499][ T8806] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.848578][ T8806] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.848604][ T8806] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.848628][ T8806] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.529312][ T5881] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 420.560292][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 420.745114][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 420.769647][ T5881] usb 4-1: unable to get BOS descriptor or descriptor too short [ 420.802430][ T5881] usb 4-1: no configurations [ 420.807139][ T5881] usb 4-1: can't read configurations, error -22 [ 420.817528][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 420.837864][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.879612][ T9341] netlink: 16 bytes leftover after parsing attributes in process `syz.5.687'. [ 422.465219][ T9345] Invalid source name [ 424.384706][ T9371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.816'. [ 424.394047][ T9371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.816'. [ 424.404112][ T9371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.816'. [ 431.797557][ T5828] Bluetooth: hci2: command tx timeout [ 436.099178][ T9469] x_tables: unsorted underflow at hook 3 [ 436.109280][ T9469] netlink: 16 bytes leftover after parsing attributes in process `syz.0.839'. [ 438.288756][ T9496] netlink: 100 bytes leftover after parsing attributes in process `syz.0.841'. [ 438.809556][ T9511] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22 [ 438.819281][ T9511] netdevsim netdevsim5: Direct firmware load for . failed with error -22 [ 438.828581][ T9511] netdevsim netdevsim5: Falling back to sysfs fallback for: . [ 440.547337][ T9519] ebtables: ebtables: counters copy to user failed while replacing table [ 440.929057][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.935609][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.734002][ T9322] libceph: connect (1)[c::]:6789 error -101 [ 441.745812][ T9322] libceph: mon0 (1)[c::]:6789 connect error [ 441.759826][ T9322] libceph: connect (1)[c::]:6789 error -101 [ 441.770584][ T9322] libceph: mon0 (1)[c::]:6789 connect error [ 441.790373][ T9545] ceph: No mds server is up or the cluster is laggy [ 442.690641][ T9322] libceph: connect (1)[c::]:6789 error -101 [ 442.696757][ T9322] libceph: mon0 (1)[c::]:6789 connect error [ 443.335807][ T9322] libceph: connect (1)[c::]:6789 error -101 [ 443.342494][ T9322] libceph: mon0 (1)[c::]:6789 connect error [ 445.374585][ T9580] overlayfs: failed to clone upperpath [ 446.097198][ T9322] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 447.314197][ T9322] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 447.448161][ T9322] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 447.683772][ T9322] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 447.693072][ T9322] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 447.701976][ T9322] usb 2-1: SerialNumber: syz [ 447.929152][ T9322] usb 2-1: 0:2 : does not exist [ 448.005168][ T9322] usb 2-1: USB disconnect, device number 11 [ 449.039671][ T9601] rdma_rxe: rxe_newlink: failed to add lo [ 449.220389][ T9396] udevd[9396]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 449.537901][ T9617] overlayfs: missing 'lowerdir' [ 449.822514][ T46] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 450.409995][ T46] usb 6-1: config 0 has an invalid interface number: 30 but max is 0 [ 450.424292][ T46] usb 6-1: config 0 has no interface number 0 [ 450.606810][ T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 450.624834][ T46] usb 6-1: New USB device found, idVendor=0572, idProduct=d811, bcdDevice=94.e2 [ 450.639127][ T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 450.648963][ T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 450.776852][ T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 450.789201][ T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 450.799340][ T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 451.088369][ T46] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.409591][ T46] usb 6-1: config 0 descriptor?? [ 452.309514][ T9643] netlink: 8 bytes leftover after parsing attributes in process `syz.0.876'. [ 452.330696][ T9643] ipvlan2: entered promiscuous mode [ 452.338034][ T9616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 452.378370][ T46] dvb-usb: found a 'Mygica D689 DMB-TH' in warm state. [ 452.381634][ T9628] »»»»»» speed is unknown, defaulting to 1000 [ 452.385325][ T46] usb 6-1: setting power ON [ 452.396823][ T46] dvb-usb: bulk message failed: -22 (2/0) [ 452.416385][ T9616] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 452.468430][ T9628] lo speed is unknown, defaulting to 1000 [ 452.645720][ T46] dvb-usb: bulk message failed: -22 (1/0) [ 452.948854][ T54] Bluetooth: hci5: command tx timeout [ 453.151328][ T46] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 453.242020][ T46] dvb-usb: Mygica D689 DMB-TH error while loading driver (-19) [ 453.332249][ T46] dvb_usb_cxusb 6-1:0.30: probe with driver dvb_usb_cxusb failed with error -22 [ 455.047353][ T54] Bluetooth: hci5: command tx timeout [ 455.351392][ T9658] netlink: 'syz.4.880': attribute type 21 has an invalid length. [ 455.576211][ T46] usb 6-1: USB disconnect, device number 7 [ 456.986679][ T9666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.881'. [ 457.457657][ T54] Bluetooth: hci5: command tx timeout [ 459.223862][ T9628] chnl_net:caif_netlink_parms(): no params data found [ 459.503996][ T54] Bluetooth: hci5: command tx timeout [ 460.477614][ T9703] xt_bpf: check failed: parse error [ 460.498352][ T9628] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.645910][ T9628] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.657988][ T9628] bridge_slave_0: entered allmulticast mode [ 460.665447][ T9628] bridge_slave_0: entered promiscuous mode [ 460.684022][ T9703] syz.5.891: attempt to access beyond end of device [ 460.684022][ T9703] nbd5: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 460.688050][ T9628] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.712867][ T9628] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.723515][ T9628] bridge_slave_1: entered allmulticast mode [ 460.743804][ T9628] bridge_slave_1: entered promiscuous mode [ 461.030111][ T9628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 461.049367][ T9628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.124832][ T54] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 462.918983][ T9628] team0: Port device team_slave_0 added [ 463.038456][ T9727] overlayfs: failed to clone upperpath [ 463.058076][ T9628] team0: Port device team_slave_1 added [ 463.290422][ T9628] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 463.346980][ T9628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.390685][ T9628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 463.407307][ T9628] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.414329][ T9628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.441001][ T9628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 463.739439][ T9628] hsr_slave_0: entered promiscuous mode [ 463.781290][ T9628] hsr_slave_1: entered promiscuous mode [ 463.789205][ T9628] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 463.816953][ T9628] Cannot create hsr debugfs directory [ 464.008630][ T9722] xt_l2tp: v2 doesn't support IP mode [ 467.975200][ T9628] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 468.000241][ T9628] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 468.436927][ T9771] netlink: 20 bytes leftover after parsing attributes in process `syz.1.909'. [ 469.838925][ T9628] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 469.987700][ T9628] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 471.839720][ T9628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 472.552884][ T9628] 8021q: adding VLAN 0 to HW filter on device team0 [ 473.075499][ T6406] bridge0: port 1(bridge_slave_0) entered blocking state [ 473.082738][ T6406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 473.187350][ T6406] bridge0: port 2(bridge_slave_1) entered blocking state [ 473.194556][ T6406] bridge0: port 2(bridge_slave_1) entered forwarding state [ 475.405321][ T9628] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 475.426021][ T9628] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 475.703207][ T9820] kvm: kvm [9818]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000 [ 475.715167][ T9820] kvm: kvm [9818]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111 [ 478.619915][ T9851] vlan2: entered promiscuous mode [ 478.625266][ T9851] vlan2: entered allmulticast mode [ 478.686809][ T9851] hsr_slave_1: entered allmulticast mode [ 478.795377][ T9856] netlink: 8 bytes leftover after parsing attributes in process `syz.5.930'. [ 479.394660][ T9628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 479.413121][ T9851] netlink: 4 bytes leftover after parsing attributes in process `syz.4.929'. [ 481.059570][ T9851] hsr_slave_1 (unregistering): left allmulticast mode [ 481.208856][ T9851] hsr_slave_1 (unregistering): left promiscuous mode [ 482.343819][ T9628] veth0_vlan: entered promiscuous mode [ 482.449914][ T9628] veth1_vlan: entered promiscuous mode [ 483.232163][ T9628] veth0_macvtap: entered promiscuous mode [ 483.284479][ T9628] veth1_macvtap: entered promiscuous mode [ 483.301334][ T9628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.312263][ T9628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.328688][ T9628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.355031][ T9628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.407800][ T9628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.435695][ T9628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.468586][ T9628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.495696][ T9628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.658293][ T9628] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 483.668270][ T9628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.679206][ T9628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.689131][ T9628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.699983][ T9628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.711650][ T9628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.722219][ T9628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.736409][ T9628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.510670][ T9628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.571020][ T9628] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 485.622350][ T9900] veth0_to_team: entered promiscuous mode [ 485.652858][ T9900] veth0_to_team: entered allmulticast mode [ 485.754300][ T9628] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.779257][ T9628] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.792404][ T9628] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.838642][ T9628] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.872541][ T9908] kvm: kvm [9907]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 485.912971][ T9908] kvm: kvm [9907]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 485.961878][ T9908] kvm: kvm [9907]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000 [ 486.037825][ T9908] kvm: kvm [9907]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111 [ 486.898178][ T9908] kvm: kvm [9907]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000 [ 487.048534][ T4219] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.070935][ T4219] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.130728][ T6090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.147197][ T6090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 491.646565][ T9958] netlink: 'syz.4.947': attribute type 2 has an invalid length. [ 491.784522][ T9965] vlan2: entered promiscuous mode [ 491.790413][ T9965] vlan2: entered allmulticast mode [ 491.797068][ T9965] hsr_slave_1: entered allmulticast mode [ 494.257680][ T9984] usb usb4: usbfs: process 9984 (syz.6.964) did not claim interface 0 before use [ 494.330465][ T9998] overlayfs: failed to resolve './file0': -2 [ 499.845003][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 502.378611][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 503.005041][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 504.507663][T10075] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 504.534747][T10075] CIFS: Unable to determine destination address [ 507.847960][T10117] netlink: 'syz.0.1000': attribute type 39 has an invalid length. [ 508.694833][T10125] vlan2: entered promiscuous mode [ 508.734366][T10125] team0: entered promiscuous mode [ 508.751779][T10125] team_slave_0: entered promiscuous mode [ 508.764693][T10125] team_slave_1: entered promiscuous mode [ 508.772490][T10125] team0: Device vlan2 is already an upper device of the team interface [ 508.833841][T10125] team0: left promiscuous mode [ 508.839645][T10125] team_slave_0: left promiscuous mode [ 508.854378][T10125] team_slave_1: left promiscuous mode [ 511.161143][T10162] xt_connbytes: Forcing CT accounting to be enabled [ 511.179906][T10162] set match dimension is over the limit! [ 511.234895][T10166] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1012'. [ 511.304921][T10166] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1012'. [ 511.338328][T10162] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1011'. [ 511.401740][T10162] xfrm1: entered promiscuous mode [ 511.408776][T10162] xfrm1: entered allmulticast mode [ 511.699191][T10179] syz.5.1018 (10179) used obsolete PPPIOCDETACH ioctl [ 511.799760][T10175] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1015'. [ 511.809908][T10175] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1015'. [ 512.034355][ T9322] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 512.613268][T10178] xt_TPROXY: Can be used only with -p tcp or -p udp [ 512.758213][ T9322] usb 6-1: Using ep0 maxpacket: 32 [ 512.784953][T10186] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 544 [ 512.786426][ T9322] usb 6-1: config 0 has an invalid interface number: 140 but max is 0 [ 512.822536][ T9322] usb 6-1: config 0 has no interface number 0 [ 512.854853][ T9322] usb 6-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice=71.01 [ 512.879303][ T9322] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.899975][T10188] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1020'. [ 512.941451][ T9322] usb 6-1: Product: syz [ 512.963005][ T9322] usb 6-1: Manufacturer: syz [ 512.986763][ T9322] usb 6-1: SerialNumber: syz [ 513.172899][ T9322] usb 6-1: config 0 descriptor?? [ 513.256624][T10195] set match dimension is over the limit! [ 514.180620][ T9322] as10x_usb: device has been detected [ 514.192595][ T9322] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 514.434667][ T9322] usb 6-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 514.567007][ T9322] as10x_usb: error during firmware upload part1 [ 514.574957][ T9322] Registered device Elgato EyeTV DTT Deluxe [ 514.594526][ T9322] usb 6-1: USB disconnect, device number 8 [ 514.735346][T10203] overlayfs: failed to clone upperpath [ 515.583176][ T9322] Unregistered device Elgato EyeTV DTT Deluxe [ 515.609935][ T9322] as10x_usb: device has been disconnected [ 518.194825][T10230] xt_l2tp: invalid flags combination: c [ 520.351539][T10245] overlayfs: failed to clone upperpath [ 522.494352][T10271] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1048'. [ 531.128091][T10331] hsr_slave_0: left promiscuous mode [ 531.141386][T10331] hsr_slave_1: left promiscuous mode [ 532.482921][ T9322] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 532.764643][ T9322] usb 7-1: Using ep0 maxpacket: 32 [ 532.775228][ T9322] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 533.753465][ T9322] usb 7-1: config 0 has no interfaces? [ 533.759001][ T9322] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 533.768271][ T9322] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.558362][ T9322] usb 7-1: config 0 descriptor?? [ 534.642846][ T9322] usb 7-1: can't set config #0, error -71 [ 534.692420][ T9322] usb 7-1: USB disconnect, device number 2 [ 535.661941][T10379] overlayfs: failed to clone upperpath [ 541.012966][T10437] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1090'. [ 541.040622][T10437] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1090'. [ 542.993738][T10449] xt_nat: multiple ranges no longer supported [ 544.215249][T10468] xt_TCPMSS: Only works on TCP SYN packets [ 560.116735][T10619] ebt_among: src integrity fail: 300 [ 562.391308][T10637] overlayfs: failed to clone lowerpath [ 564.712369][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 564.756140][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 566.863886][T10667] xt_l2tp: v2 doesn't support IP mode [ 575.681669][ T29] audit: type=1326 audit(1737408300.051:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10729 comm="syz.6.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb92c585d29 code=0x7ffc0000 [ 575.971251][ T29] audit: type=1326 audit(1737408300.051:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10729 comm="syz.6.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb92c585d29 code=0x7ffc0000 [ 576.033920][ T29] audit: type=1326 audit(1737408300.061:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10729 comm="syz.6.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb92c585d29 code=0x7ffc0000 [ 576.111067][T10719] Bluetooth: hci5: command 0x0406 tx timeout [ 576.200366][ T29] audit: type=1326 audit(1737408300.071:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10729 comm="syz.6.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb92c585d29 code=0x7ffc0000 [ 576.303644][ T29] audit: type=1326 audit(1737408300.071:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10729 comm="syz.6.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb92c585d29 code=0x7ffc0000 [ 576.331882][ T29] audit: type=1326 audit(1737408300.081:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10729 comm="syz.6.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb92c585d29 code=0x7ffc0000 [ 576.381070][ T29] audit: type=1326 audit(1737408300.081:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10729 comm="syz.6.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb92c585d29 code=0x7ffc0000 [ 576.428575][ T29] audit: type=1326 audit(1737408300.091:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10729 comm="syz.6.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb92c585d29 code=0x7ffc0000 [ 576.557541][ T29] audit: type=1326 audit(1737408300.091:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10729 comm="syz.6.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb92c585d29 code=0x7ffc0000 [ 576.630394][ T29] audit: type=1326 audit(1737408300.111:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10729 comm="syz.6.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb92c585d29 code=0x7ffc0000 [ 579.410333][ T5881] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 579.602991][ T5881] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 579.640009][ T5881] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 579.669831][ T5881] usb 7-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 579.697175][ T5881] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.731510][ T5881] usb 7-1: config 0 descriptor?? [ 580.472395][T10772] bridge0: entered promiscuous mode [ 580.477741][T10772] bridge0: entered allmulticast mode [ 581.548529][ T5881] usbhid 7-1:0.0: can't add hid device: -71 [ 581.560294][ T5881] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 581.606111][ T5881] usb 7-1: USB disconnect, device number 3 [ 582.576816][T10790] overlayfs: failed to resolve './file1': -2 [ 588.102773][T10816] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'. [ 588.651334][T10816] hsr_slave_1 (unregistering): left allmulticast mode [ 588.658563][T10832] input: syz0 as /devices/virtual/input/input7 [ 590.057042][T10816] hsr_slave_1 (unregistering): left promiscuous mode [ 591.709841][T10856] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1209'. [ 591.757461][T10856] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1209'. [ 591.850377][T10862] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.857964][T10862] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.790304][T10871] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1212'. [ 594.750409][ T30] INFO: task kworker/u8:11:8664 blocked for more than 144 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 595.348215][ T30] Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 595.408437][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 595.456929][ T30] task:kworker/u8:11 state:D stack:23072 pid:8664 tgid:8664 ppid:2 flags:0x00004000 [ 595.885898][ T30] Workqueue: events_unbound netfs_write_collection_worker [ 595.893326][ T30] Call Trace: [ 595.896948][ T30] [ 595.920398][T10888] netlink: 'syz.1.1220': attribute type 2 has an invalid length. [ 595.928180][T10888] netlink: 'syz.1.1220': attribute type 8 has an invalid length. [ 595.936050][T10888] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1220'. [ 595.971911][ T30] __schedule+0x17fb/0x4be0 [ 595.976528][ T30] ? __pfx___schedule+0x10/0x10 [ 596.066039][ T30] ? __pfx_lock_release+0x10/0x10 [ 596.128006][ T30] ? schedule+0x90/0x320 [ 596.202024][ T30] ? wq_worker_sleeping+0x66/0x240 [ 596.207225][ T30] ? schedule+0x90/0x320 [ 596.775186][ T30] schedule+0x14b/0x320 [ 596.819211][ T30] bit_wait+0x12/0xd0 [ 596.823284][ T30] __wait_on_bit+0xb0/0x2f0 [ 596.827814][ T30] ? __pfx_bit_wait+0x10/0x10 [ 596.873584][ T30] out_of_line_wait_on_bit+0x1d5/0x260 [ 596.879228][ T30] ? __pfx_bit_wait+0x10/0x10 [ 596.883948][ T30] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 596.890084][ T30] ? __pfx_wake_bit_function+0x10/0x10 [ 596.895631][ T30] ? __pfx_validate_chain+0x10/0x10 [ 596.909200][ T30] netfs_retry_writes+0x16e/0x19b0 [ 596.914405][ T30] ? __pfx_validate_chain+0x10/0x10 [ 596.920733][ T30] ? mark_lock+0x9a/0x360 [ 596.925108][ T30] ? __lock_acquire+0x1397/0x2100 [ 596.930411][ T30] ? __pfx_netfs_retry_writes+0x10/0x10 [ 596.935989][ T30] ? look_up_lock_class+0x77/0x170 [ 596.941728][ T30] ? register_lock_class+0x102/0x980 [ 596.947075][ T30] ? __pfx_register_lock_class+0x10/0x10 [ 596.953207][ T30] netfs_write_collection_worker+0x2f90/0x3bb0 [ 596.959981][ T30] ? process_scheduled_works+0x976/0x1840 [ 596.965759][ T30] process_scheduled_works+0xa66/0x1840 [ 596.971814][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 596.978295][ T30] ? assign_work+0x364/0x3d0 [ 596.983420][ T30] worker_thread+0x870/0xd30 [ 596.988066][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 596.994535][ T30] ? __kthread_parkme+0x169/0x1d0 [ 596.999964][ T30] ? __pfx_worker_thread+0x10/0x10 [ 597.005209][ T30] kthread+0x2f0/0x390 [ 597.010536][ T30] ? __pfx_worker_thread+0x10/0x10 [ 597.015693][ T30] ? __pfx_kthread+0x10/0x10 [ 597.020789][ T30] ret_from_fork+0x4b/0x80 [ 597.025243][ T30] ? __pfx_kthread+0x10/0x10 [ 597.030371][ T30] ret_from_fork_asm+0x1a/0x30 [ 597.035194][ T30] [ 597.038425][ T30] INFO: task syz.3.835:9447 blocked for more than 146 seconds. [ 597.050248][ T30] Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 597.057566][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 597.066882][ T30] task:syz.3.835 state:D stack:22512 pid:9447 tgid:9446 ppid:7055 flags:0x00004006 [ 597.077680][ T30] Call Trace: [ 597.081437][ T30] [ 597.084428][ T30] __schedule+0x17fb/0x4be0 [ 597.088980][ T30] ? __pfx___schedule+0x10/0x10 [ 597.098768][ T30] ? __pfx_lock_release+0x10/0x10 [ 597.103938][ T30] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 597.111437][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 597.117375][ T30] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 597.124009][ T30] ? schedule+0x90/0x320 [ 597.128281][ T30] schedule+0x14b/0x320 [ 597.132586][ T30] schedule_preempt_disabled+0x13/0x30 [ 597.138068][ T30] __mutex_lock+0x7e7/0xee0 [ 597.142797][ T30] ? __mutex_lock+0x5ef/0xee0 [ 597.147619][ T30] ? netfs_writepages+0x12b/0x9e0 [ 597.152993][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 597.158085][ T30] netfs_writepages+0x12b/0x9e0 [ 597.163281][ T30] ? mark_lock+0x9a/0x360 [ 597.167663][ T30] ? __pfx_lock_release+0x10/0x10 [ 597.173316][ T30] ? __lock_acquire+0x1397/0x2100 [ 597.178349][ T30] ? __pfx_netfs_writepages+0x10/0x10 [ 597.185902][ T30] ? __pfx_netfs_writepages+0x10/0x10 [ 597.191634][ T30] do_writepages+0x35f/0x880 [ 597.196358][ T30] ? __pfx_do_writepages+0x10/0x10 [ 597.201731][ T30] ? filemap_fdatawrite+0x1e8/0x2a0 [ 597.207058][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 597.213277][ T30] ? __pfx_lock_release+0x10/0x10 [ 597.218840][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 597.224169][ T30] ? wbc_attach_and_unlock_inode+0x561/0x580 [ 597.230658][ T30] filemap_fdatawrite+0x1f3/0x2a0 [ 597.235828][ T30] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 597.241554][ T30] ? kmem_cache_free+0x30e/0x410 [ 597.246537][ T30] ? __pfx_ima_file_free+0x10/0x10 [ 597.251856][ T30] v9fs_dir_release+0x151/0x560 [ 597.257426][ T30] ? __pfx___might_resched+0x10/0x10 [ 597.262992][ T30] ? __pfx_v9fs_dir_release+0x10/0x10 [ 597.268569][ T30] ? __pfx_call_rcu+0x10/0x10 [ 597.273451][ T30] ? evm_file_release+0x105/0x1e0 [ 597.278506][ T30] ? __pfx_v9fs_dir_release+0x10/0x10 [ 597.284122][ T30] __fput+0x23c/0xa50 [ 597.288129][ T30] task_work_run+0x24f/0x310 [ 597.292986][ T30] ? __phys_addr+0xba/0x170 [ 597.297626][ T30] ? __pfx_task_work_run+0x10/0x10 [ 597.303007][ T30] ? task_work_add+0x321/0x490 [ 597.307833][ T30] get_signal+0x15f7/0x1750 [ 597.312557][ T30] ? fput+0x1fa/0x290 [ 597.317013][ T30] ? __pfx_get_signal+0x10/0x10 [ 597.322079][ T30] arch_do_signal_or_restart+0x96/0x860 [ 597.327687][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 597.334109][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 597.340209][ T30] ? syscall_exit_to_user_mode+0xa3/0x340 [ 597.345980][ T30] syscall_exit_to_user_mode+0xce/0x340 [ 597.351811][ T30] do_syscall_64+0x100/0x230 [ 597.356440][ T30] ? clear_bhb_loop+0x35/0x90 [ 597.361331][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.367272][ T30] RIP: 0033:0x7fc2ff585d29 [ 597.371843][ T30] RSP: 002b:00007fc300325038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 597.380371][ T30] RAX: 0000000000190000 RBX: 00007fc2ff775fa0 RCX: 00007fc2ff585d29 [ 597.388356][ T30] RDX: 0000000000000000 RSI: 000000000000000b RDI: 000000000000000a [ 597.396523][ T30] RBP: 00007fc2ff601b08 R08: 0000000000000000 R09: 0000000000000000 [ 597.404899][ T30] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000000 [ 597.413203][ T30] R13: 0000000000000000 R14: 00007fc2ff775fa0 R15: 00007ffd00f662b8 [ 597.421912][ T30] [ 597.590886][ T30] [ 597.590886][ T30] Showing all locks held in the system: [ 597.598702][ T30] 1 lock held by khungtaskd/30: [ 597.669163][ T30] #0: ffffffff8e937da0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 [ 597.699198][ T30] 2 locks held by getty/5582: [ 597.703935][ T30] #0: ffff88814dfd00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 597.769191][ T30] #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00 [ 597.819035][ T30] 1 lock held by syz-executor/5831: [ 597.824432][ T30] 2 locks held by kworker/0:6/5882: [ 597.846759][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 597.866873][ T30] #1: ffffc9000448fd00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 597.877790][ T30] 2 locks held by kworker/u8:11/8664: [ 597.883430][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 597.895877][ T30] #1: ffffc9000e64fd00 ((work_completion)(&rreq->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 597.907790][ T30] 1 lock held by syz.1.769/9115: [ 597.912807][ T30] 1 lock held by syz.3.835/9447: [ 597.917759][ T30] #0: ffff88805a608500 (&ctx->wb_lock){+.+.}-{4:4}, at: netfs_writepages+0x12b/0x9e0 [ 597.927531][ T30] 3 locks held by syz.3.835/9449: [ 597.933743][ T30] #0: ffff88807c424420 (sb_writers#20){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 597.943143][ T30] #1: ffff88805a608148 (&sb->s_type->i_mutex_key#28){++++}-{4:4}, at: vfs_utimes+0x44d/0x770 [ 597.953652][ T30] #2: ffff88805a608500 (&ctx->wb_lock){+.+.}-{4:4}, at: netfs_writepages+0xcf/0x9e0 [ 597.963396][ T30] 2 locks held by syz.6.959/9972: [ 597.968474][ T30] #0: ffffffff8fca7ec8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 [ 597.977742][ T30] #1: ffffffff8e93d2b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830 [ 597.988793][ T30] 3 locks held by syz.5.1221/10894: [ 597.999154][ T30] #0: ffff88807afb4d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x203/0x510 [ 598.009292][ T30] #1: ffff88807afb4078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x5c8/0x11c0 [ 598.019079][ T30] #2: ffffffff8e93d2b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830 [ 598.030357][ T30] [ 598.033711][ T30] ============================================= [ 598.033711][ T30] [ 598.043369][ T30] NMI backtrace for cpu 1 [ 598.047845][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 598.058021][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 598.068112][ T30] Call Trace: [ 598.071427][ T30] [ 598.074374][ T30] dump_stack_lvl+0x241/0x360 [ 598.079605][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 598.084850][ T30] ? __pfx__printk+0x10/0x10 [ 598.089457][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 598.094848][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 598.100421][ T30] ? _printk+0xd5/0x120 [ 598.104704][ T30] ? __pfx__printk+0x10/0x10 [ 598.109311][ T30] ? __wake_up_klogd+0xcc/0x110 [ 598.114176][ T30] ? __pfx__printk+0x10/0x10 [ 598.118937][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 598.123985][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 598.129995][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 598.136092][ T30] watchdog+0xff6/0x1040 [ 598.140389][ T30] ? watchdog+0x1ea/0x1040 [ 598.144886][ T30] ? __pfx_watchdog+0x10/0x10 [ 598.149592][ T30] kthread+0x2f0/0x390 [ 598.153685][ T30] ? __pfx_watchdog+0x10/0x10 [ 598.158355][ T30] ? __pfx_kthread+0x10/0x10 [ 598.162951][ T30] ret_from_fork+0x4b/0x80 [ 598.167379][ T30] ? __pfx_kthread+0x10/0x10 [ 598.172053][ T30] ret_from_fork_asm+0x1a/0x30 [ 598.176819][ T30] [ 598.180781][ T30] Sending NMI from CPU 1 to CPUs 0: [ 598.186060][ C0] NMI backtrace for cpu 0 [ 598.186074][ C0] CPU: 0 UID: 0 PID: 6090 Comm: kworker/u8:9 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 598.186091][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 598.186102][ C0] Workqueue: bat_events batadv_nc_worker [ 598.186127][ C0] RIP: 0010:kasan_check_range+0x1b8/0x290 [ 598.186152][ C0] Code: 4d 01 fb 48 8d 5d 07 48 85 ed 48 0f 49 dd 48 83 e3 f8 48 29 dd 74 12 41 80 3b 00 0f 85 a6 00 00 00 49 ff c3 48 ff cd 75 ee 5b <41> 5c 41 5e 41 5f 5d c3 cc cc cc cc 40 84 ed 75 5f f7 c5 00 ff 00 [ 598.186164][ C0] RSP: 0018:ffffc9000b6a7828 EFLAGS: 00000056 [ 598.186176][ C0] RAX: 0000000000000001 RBX: 0000000000000751 RCX: ffffffff817ab442 [ 598.186186][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff94280968 [ 598.186195][ C0] RBP: 0000000000000000 R08: ffffffff9428096f R09: 1ffffffff285012d [ 598.186205][ C0] R10: dffffc0000000000 R11: fffffbfff285012e R12: 0000000000000000 [ 598.186215][ C0] R13: ffff88802c90e500 R14: dffffc0000000001 R15: fffffbfff285012e [ 598.186226][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 598.186239][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 598.186249][ C0] CR2: 000000110c2974ff CR3: 000000003584e000 CR4: 00000000003526f0 [ 598.186263][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 598.186271][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 598.186280][ C0] Call Trace: [ 598.186286][ C0] [ 598.186292][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 598.186313][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 598.186330][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 598.186357][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 598.186377][ C0] ? nmi_handle+0x14f/0x5a0 [ 598.186394][ C0] ? nmi_handle+0x2a/0x5a0 [ 598.186410][ C0] ? kasan_check_range+0x1b8/0x290 [ 598.186429][ C0] ? default_do_nmi+0x63/0x160 [ 598.186450][ C0] ? exc_nmi+0x123/0x1f0 [ 598.186468][ C0] ? end_repeat_nmi+0xf/0x53 [ 598.186489][ C0] ? __lock_acquire+0x8a2/0x2100 [ 598.186505][ C0] ? kasan_check_range+0x1b8/0x290 [ 598.186524][ C0] ? kasan_check_range+0x1b8/0x290 [ 598.186544][ C0] ? kasan_check_range+0x1b8/0x290 [ 598.186570][ C0] [ 598.186575][ C0] [ 598.186581][ C0] __lock_acquire+0x8a2/0x2100 [ 598.186602][ C0] lock_acquire+0x1ed/0x550 [ 598.186616][ C0] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 598.186639][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 598.186654][ C0] ? __local_bh_disable_ip+0x187/0x220 [ 598.186674][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 598.186689][ C0] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 598.186708][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 598.186726][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 598.186745][ C0] ? batadv_nc_purge_paths+0x312/0x3b0 [ 598.186764][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 598.186783][ C0] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 598.186803][ C0] _raw_spin_lock_bh+0x35/0x50 [ 598.186817][ C0] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 598.186835][ C0] ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10 [ 598.186856][ C0] batadv_nc_purge_paths+0xe8/0x3b0 [ 598.186880][ C0] batadv_nc_worker+0x365/0x610 [ 598.186901][ C0] ? process_scheduled_works+0x976/0x1840 [ 598.186921][ C0] process_scheduled_works+0xa66/0x1840 [ 598.186952][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 598.186975][ C0] ? assign_work+0x364/0x3d0 [ 598.186996][ C0] worker_thread+0x870/0xd30 [ 598.187013][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 598.187029][ C0] ? __kthread_parkme+0x169/0x1d0 [ 598.187044][ C0] ? __pfx_worker_thread+0x10/0x10 [ 598.187057][ C0] kthread+0x2f0/0x390 [ 598.187072][ C0] ? __pfx_worker_thread+0x10/0x10 [ 598.187085][ C0] ? __pfx_kthread+0x10/0x10 [ 598.187100][ C0] ret_from_fork+0x4b/0x80 [ 598.187114][ C0] ? __pfx_kthread+0x10/0x10 [ 598.187129][ C0] ret_from_fork_asm+0x1a/0x30 [ 598.187154][ C0] [ 598.204174][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 598.204194][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 598.204214][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 598.204225][ T30] Call Trace: [ 598.204233][ T30] [ 598.204241][ T30] dump_stack_lvl+0x241/0x360 [ 598.204270][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 598.204320][ T30] ? __pfx__printk+0x10/0x10 [ 598.204339][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 598.204365][ T30] ? vscnprintf+0x5d/0x90 [ 598.204391][ T30] panic+0x349/0x880 [ 598.204412][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 598.204439][ T30] ? __pfx_panic+0x10/0x10 [ 598.204462][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 598.204481][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 598.204505][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 598.204531][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 598.204558][ T30] watchdog+0x1035/0x1040 [ 598.204578][ T30] ? watchdog+0x1ea/0x1040 [ 598.204602][ T30] ? __pfx_watchdog+0x10/0x10 [ 598.204620][ T30] kthread+0x2f0/0x390 [ 598.204639][ T30] ? __pfx_watchdog+0x10/0x10 [ 598.204657][ T30] ? __pfx_kthread+0x10/0x10 [ 598.204676][ T30] ret_from_fork+0x4b/0x80 [ 598.204692][ T30] ? __pfx_kthread+0x10/0x10 [ 598.204711][ T30] ret_from_fork_asm+0x1a/0x30 [ 598.204745][ T30] [ 598.725614][ T30] Kernel Offset: disabled [ 598.729967][ T30] Rebooting in 86400 seconds..